Smartwatches designed for children have become a target for hackers.

Smartwatches are becoming more and more popular to the general population. However did you know even young children are starting to wear smartwatches. In theory this sounds like not such a bad idea they give the parent a way to see where their young child is and communicate with them if need be. These watches also offer a way for the child to quickly call their parents in case of an emergency. This all sound good until you realize a hacker can get into the watch and do the same things.

The Norwegian Consumer Council tested some of these watches and found that some were transmitting the GPS data without encryption. This allows for hackers with basic tools to get into the watch and track the movements of the child wearing the watch, which is an incredibly dangerous problem. The hacker could also spoof the location and make it look like the child is in a completely different place. They also found that the hacker could communicate with the child and eavesdrop on the conversations the child is having with others on the watch. Thankfully many of the company’s who designed and produce the watches have recalled the watches and started to fix the problems and make them more secure.

-Levi Walker

Sources:

http://www.bbc.com/news/technology-41652742?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story

 

Advertisements

Reaper Botnet Dwarfs Mirai

Mirai-botnet-diagram-1


By this point everyone and their mother has heard of the botnet dubbed ‘Mirai’, an infamous botnet infrastructure from last year that managed to take down a good chunk of the internet by attacking Dyn, a DNS provider. Well as of this September, weak passwords might have become the least of your worries if you’re like 60% of Check Point’s ThreatCloud covered corporations, and have un-patched vulnerabilities on your network.

Dubbed Reaper, or IOTroop by some, a new IoT botnet is propagating, and shows no sign of slowing down. Today, researchers have ruled out the possibility that Mirai and Reaper are connected, at least on a technical level, due to the superiority that Reaper has displayed in its intrusion and propagation techniques. Whereas Mirai was spread through the exploitation of default passwords across IoT devices, Reaper utilizes a specialized strand of malware that exploits well known vulnerabilities (such as those present in many printers and IoT toasters) to gain entry to a device, and further uses that device to spread itself to others connected.

With near exponential growth, Qihoo 360 Netlab witnessed approximately 2 million newly infected devices waiting to be processed by a C&C server, of which there are several that have thus been identified. The best thing that any concerned corporation or user can do at this point in time, would be to ensure that every machine on their network has updated firmware, and software in an attempt to limit the spread of this variable plague infecting IoT networks worldwide.

Currently, it appears as if we all might be witnessing a ‘calm before the storm’, situation, with this botnet ramping up massively in numbers and, according to Check Point, updating its capabilities on a daily basis. What else can I say but stay safe, and brace for impact, as when this thing hits, it’ll make the Dyn attack look like a birthday party.

– Kenneth Nero

Sources: Here, and Here, also Here

Major Accounting Firm Deloitte Hit by Extensive Cybersecurity Data Breach

Similar to Equifax’s data breach, Deloitte with $37B in annual revenues, suffered an extensive cybersecurity data breach that led to a lot of things being compromised. Moreover, Deloitte did not tell anyone similar to Equifax, both of the company’s data had been compromised months ago before reported. Deloitte kept the hack internally secret, only informing “a handful” of senior partners and lawyers, as well as six clients. The company is one of the world’s Big Four accounting firms — which works with large banks, global firms, and government agencies, among others, provides tax and auditing services, operations consulting, merger and acquisition assistance and, ironically cybersecurity advice.

The hackers compromised confidential emails, sensitive attachments, the hackers may have gotten their hands on usernames, passwords, IP addresses, business information and workers’ health records. The Guardian reported that six Deloitte clients have already confirmed that the hack had impacted their data. Deloitte has yet to establish whether a lone wolf, business rivals, or state-sponsored hackers were responsible.

The cause of the data breach was apparently stemmed from an administrator’s account that was protected by a single password and did not have multi-factor authentication setup. The attack was discovered back in March 2017, but the attackers could have gained access as early as October 2016. The emails were stored in Microsoft Azure; some 5 million emails were said to have been stored in the cloud when it was compromised. Compromised email servers are usually filled with very sensitive information that hackers can exploit and even spear phish people with. However, Deloitte told The Guardian that only a fraction were actually at risk. Deloitte’s internal review is still ongoing.

-Matthew Brown

Sources:

https://www.engadget.com/2017/09/25/deloitte-reports-extensive-cybersecurity-breach/

http://www.bbc.com/news/technology-41385951

http://www.techrepublic.com/article/deloitte-hacked-cybersecurity-attack-compromises-client-emails-and-plans/

https://boingboing.net/2017/09/25/uh-oh.html

BlueBorne, a Bluetooth Vulnerability

Armis has identified a new threat to almost every device we own. There are eight vulnerabilities that have been identified, four of which are critical. These vulnerabilities affect over 5 billion Android, Windows, iOS, and Linux devices. This vulnerability is known as BlueBorne.

What makes this vulnerability different than most cyber attacks is that there is no link that a user has to click on or a malicious file that the user has to download to become a victim. The user doesn’t even have to be connected to the internet. Instead, BlueBorne is spread through a devices Bluetooth connection. The attack doesn’t require the targeted device to be paired to the attackers device or even for the targeted device to be set to discoverable mode.

Image result for BlueBorne

This all contributes to BlueBorne being easily spread to devices at a possible unprecedented rate. Bluetooth processes have high privileges on all operating systems which allows this exploit to completely take over the device. Android devices are vulnerable to remote code execution, information leaks, and Man-in-The-Middle attacks. Windows devices are vulnerable to the Man-in-The-Middle attack. Linux devices running BlueZ are affected by the information leak vulnerability, and Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (This includes many smart watches, smart tvs, and smart refrigerators). iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability, but this vulnerability was already patched for users running iOS 10. Even networks that are “air gapped” are at risk of this attack, and includes industrial systems, government agencies, and critical infrastructure.

Examples of attacks:

  • Taking a picture on a phone and sending it to the hacker
  • Listening to a conversation through a wearable device
  • Redirecting a user to a fake login page to steal their login information
  • Cyber espionage
  • Data theft
  • Ransomware
  • Creating large botnets out of IoT devices

Many companies are pushing out updates for their users, but for many it is too late, and for others they have older devices that will not receive the updates.

As of 9/13/17:

  • Apple users with iOS 10 are safe
  • Google has released a patch for this vulnerability for Android Marshmallow and Nougat, but it might be weeks before the patch is available to some Android users
  • Microsoft patched the vulnerabilities in July
  • A patch for Linux is expected to be released soon

The problem is that even with these patches, there are many users who are unaware of this exploitation and/or do not update their devices regularly. For users that haven’t updated their devices or do not have an update for their device, the safest thing to do is to turn Bluetooth off on your phone and leave it off until there is a patch for your device

 

Source: https://www.armis.com/blueborne/

 

-Matthew Smith

China’s Real-Name Policy

Starting October 1st, 2017, the Cyberspace Administration of China (CAC) will enforce new rules, forcing website operators and service providers to request and verify real names and other personal info from users when they register for accounts, and must report any illegal content to the authorities. While this may prevent people from spreading lies about the government or starting uprisings, it will most definitely do more harm than good.

The CAC has created a list containing what would be considered unlawful and forbidden from being posted online, and includes but is not limited to:

  • Opposing the principles defined in the Constitution
  • Spreading rumors, disrupting social order, and destroying social stability
  • Spreading pornography, gambling, violence, murder…
  • Insulting or slandering others and infringing upon others
  • Any other content that is prohibited by laws and administrative regulations

To sum it up, anything remotely offensive or negative towards others or the government is now considered illegal and punishable by law. VPNs have also been banned, so Chinese citizens have no choice but to abide by these laws or avoid the internet entirely, which in this day and age is something that’s incredibly difficult to do.

512px-National_Emblem_of_the_People's_Republic_of_China.svg

On top of censorship, the “Real-Name Policy” poses a tremendous security issue. The more websites someone signs up for, the more they put themselves at risk of having their personal information stolen. Originally, this Real-Name Policy only applied to large websites such as WeChat and Weibo that will have better security in place, but after October 1st it will be required by all websites, including smaller websites with less secure databases. This could result in a hierarchy or monopoly of sorts, as people will only use trusted and well-known websites in fear of having their information stolen. Either way, there will always be a possibility of having personal info stolen, causing the internet to be more dangerous than before this safety law was passed.

-Chris Heine

 

Sources:

https://thehackernews.com/2017/08/china-real-name-registration.html

http://thediplomat.com/2017/08/chinas-new-wave-of-internet-censorship-name-verification-for-online-commenting/

Picture from Wikipedia