In short, this article is informing the public about an issue that is overlooked when it comes to apple smartwatches, how “weak” the security on those watches actually is. There are several openings in these apple smartwatches that can be exploited due to their lack of actual security. For example, an apple smartwatch can be easily “bluejacked” a term used to describe a 3rd party gaining access said watch. As a result, the 3rd party can access many parts of the phone and send things like images,sounds, or even viruses to the smartwatch (some of which can take over the phone and listen in on conversations or block out owners control of the phone for however long the hacker chooses). The worst part is, this is not even the worst thing that could happen, when it comes to loopholes in the security of the device. Like all devices that can download apps without restraints, the apple smartwatch is capable of downloading apps which can contain harmful malware that could take on a variety of forms and become difficult to combat. There seems to be a claim that even if the smartwatch is vulnerable to many variations of malware, viruses, and other methods of attack used by hackers, since the smartwatch is tied to apple which is already a target of hackers it does not seem to cause much concern. In fact, since the smartwatch will automatically lock if taken of the users wrist it is presumed to be more safe than a phone if both are left unaccounted for in a public place.
After Edward Snowden released information that the NSA was tapping into private companies servers and getting their information without their knowledge, corporations have made promises to customers and buffed up security on their servers immensely. Higher levels of encryption, no backdoors, and buffing up servers make it much harder for hackers to break into your sensitive information, but it also keeps the government out.
The United States is currently in or contemplating legal battles with large tech companies such as Apple, Google, and Microsoft to compel them to give them information, break encryptions, or leave them a way in to look at the data themselves. Specifically with Microsoft, the company refuses to hand over data to the government without an Irish warrant because the servers the data is stored in are in Dublin. Companies aren’t willing to cooperate with the government on this because of the promises they made to their customers and the huge security breaches it could cause leaving possible holes for hackers to steal or tamper with data.
The UK is facing a similar issue where their MI5 is looking for more power from Parliament to keep up with technological advances, and Andrew Parker, Director General of MI5, recently said in an interview that companies have an ethical responsibility to to turn over the information the government wants to them.
Major corporations remain hesitant to readily give over information to the government for fear of backlash from consumers and the fact that the government has not really been truthful with them in the past. This argument is definitely one that comes down to ethics and we must determine what point we sacrifice too much privacy for the sake of security. We will have to see what the courts or Congress say on the matter.
– Quinn White
TrackingPoint is a company that specializes in applied technology. They’re based in Austin, Texas and are known for building the first Precision Guided Rifle. A Precision Guided Rifle (PGF) is a long range rifle system meant to improve accuracy of shooting targets for long distances. A PGF is able to improve accuracy by using target tracking, HUD Display, and advanced fire-control. The purpose of a PGF is to account for human error such as misaiming, trigger jerk, or a miscalculation when setting up. A TrackingPoint Precision Guided Rifle could allow even a novice to reliably hit targets from over a mile away.
A pair of security researchers Runa Sandvik and Michael Auger bought two of the $13,000 TrackingPoint Rifles spent a year reverse engineering and hacking the rifles’ computer system. They were able to get into the rifle via the Wi-Fi and exploit vulnerabilities in the software. Once they were into the rifles’ system they could make the gun miss the target completely or can change a single number in the software and have the gun shoot to the right or left and hit an entirely different target all while having the HUD display normal readings. They also found that they could lock the gun owner out by becoming root and disabling the firing pin, or they could render the gun useless by deleting important files making the scope unusable. While the attacker can do a lot, the one thing the attacker cannot do is fire the gun randomly, because the TrackingPoint guns are built to only shoot when the trigger is pulled manually.
Sandvik and Auger said they will not release the code for their exploit because they feel that TrackingPoint in their current state would not have the manpower to fix the issue in their software. Sandvik states that the real issue here is that as we and our objects become more interconnected and attached to the internet, companies need to when you start putting technology into devices that have never had it before you need to take precautions and realize there will be security challenges that you did not have before.
TrackingPoint stated that after talking with Sandvik and Auger about the research they did, the company will look into developing a software update to patch the issues with the rifle’s vulnerabilities, and customers who already own it will be sent USB devices that contain the patch.
Math.com, a website that helps people find the perfect “match” has recently been attacked with so-called “malvertising.” Only the United Kingdom version of Match.com so far has been hit with “malvertising.” Senior security researcher at Malwarebytes, Jérôme Segura told Match.com’s advertising about the malware. He told them that their channel was used to host a crimeware toolkit called Angler Exploit Kit (AEK). AEK is used to exploit a person’s PC by finding unpatched flaws on the PC. The Angler Exploit Kit is also known to be linked with Bedep ad fraud Trojan as well as CryptoWall ransomware. The same malvertising attacked another site called Plenty of Fish, which is owned by Match.com. The malvertising works by disguising as a regular ad on Match.com, and when a user clicks the ad, it installs malware onto the user’s PC or mobile device.
After being alerting of these attacks, UK’s Match.com has suspended all advertisements on their site and app until the issue is resolved. A spokeswoman of Match.com said, “We advise all users to protect themselves from this type of cyber-threat by updating their anti-virus/anti-malware software.” The attack did not lose Match.com much money, because the CPM or cost per thousand impressions was only 36 cents. What this means is that for every 1000 computers or other devices shown the ad, the malware ad was only 36 cents.
Many companies are now trying to find and report ransomware like the one that has attacked Match.com. Ransomware can be distributed in many forms such as, phishing emails, exploit kits, spam, and malvertising. Ransomware can lock up an infected computer and steal a users personal information and demand a ransom to get their information back, thus the name. Match.com is yet to fix this issue and is continuing to try to do so.
Author: Matthew J. Schwartz
By: Niccolo Dechicchio
Stingray’s are a device that act like a cell tower and are used to intercept phone and text signals. They are about $400,000 and are useful in helping to solve serious crimes.This article focuses on the use of stingrays in Baltimore. Previously, the FBI forced users of this device to sign a non-disclosure agreement; meaning that if police officers used it, they could not talk of its use. However, recently the FBI has stated that the police can talk about its use; this is a big deal because now all the cases in which stingrays are used are being published. Additionally, it has now come to light that stingrays are being used in petty crime cases such as theft. While the stingrays help facilitate the process of catching someone who has committed such a crime, it also interferes with innocent bystanders’ phones. In doing so, some believe that it is a violation of their rights. The devices do not discriminate when it comes to collecting information so innocent people are concerned for theirs. Some senators are also targeting stingrays by trying to pass a bill that would require warrants before their use. So far, stingrays have been used in over 4,300 cases in Baltimore alone. What does that mean for the rest of the country?
The problem that most people are concerned with is that the stingrays collect information on people who are innocent as well as guilty. This means that everyone who is connected to the stingray will have their information potentially read or used by the police. This is a huge security problem because there are no defenses for us against it currently nor are there laws to protect the citizens. In my opinion, the policies behind the use of stingray’s need reform because right now, people who are directly involved are in danger of having their valuable information exposed.