Millions of smart TVs from Samsung and some streaming devices from Roku recently were found to be vulnerable to cyberattacks, allowing intruders to take control and remotely change channels and volume settings, among other things, according to Consumer Reports research.
Vulnerabilities were discovered not only in Samsung televisions, but also in TVs from TCL and other brands that sell sets compatible with the Roku TV smart-TV platform and streaming video devices such as Roku Ultra, according to the report.
Further, the affected televisions and devices collect a wide range of personal data, Consumer Reports noted, and users who choose to limit that data collection would risk limiting the functionality of the TV.
The report is based on a wide ranging security and privacy review of major brands, including Vizio, LG and Sony.
“For many years, there was no reason to hack a television or a smart streaming media player,” he told TechNewsWorld.
It was only with the advent of subscription-based video services and transactional video that you started to see financial data, like credit card numbers, get stored online, Sappington noted.
Are Smart TV Designs Taking Home Security for Granted?
Most WiFi router vendors have not patched numerous firmware vulnerabilities discovered more than two years ago, according to a report Insignary released on Tuesday.
OEM firmware built into WiFi routers use open source components that contain numerous known security vulnerabilities that can be exploited by hackers, it notes.
Insignary, a startup security firm based in South Korea, conducted comprehensive binary code scans for known security vulnerabilities in WiFi routers. The company conducted scans across a spectrum of the firmware used by the most popular home, small and mid-sized business and enterprise-class WiFi routers.
Insignary conducted the scans during the last two weeks of November 2017. Its research and development team scanned 32 pieces of WiFi router firmware offered in the U.S., Europe and Asia by more than 10 of the most popular home, SMB and enterprise-class WiFi router manufacturers: Asus, Belkin, Buffalo, Cisco, D-Link, EFM, Huawei, Linksys, Netis and TP-Link.
WiFi Routers Riddled With Holes: Report
The man who wrote the book on password management has a confession to make: He blew it.
Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly.
The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn’t keep the hackers at bay.
The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
SAN FRANCISCO — Hackers are discovering that it is far more profitable to hold your data hostage than it is to steal it.
A decade-old internet scourge called ransomware went mainstream on Friday when cybercriminals seized control of computers around the world, from the delivery giant FedEx in the United States to Britain’s public health system, universities in China and even Russia’s powerful Interior Ministry.
Ransomware is nothing new. For years, there have been stories of individuals or companies horrified that they have been locked out of their computers and that the only way back in is to pay a ransom to someone, somewhere who has managed to take control.
You don’t even need to have any skills to do this anymore,” said Jason Rebholz, a senior director at the Crypsis Group who has helped dozens of victims of ransomware.
Ransomware has allowed people who are not computer experts to become computer thieves. It used to be that hackers had to be a little creative and skilled to get money out of people. There were fake antivirus scams that promised to clean up your computer — for a fee.
With New Digital Tools, Even Nonexperts Can Wage Cyberattacks
It was first reported in England — hackers gained access to the National Health Service computers, effectively shuttering the entire system. Patients were told to stay home; doctors and nurses were unable to access email or medical records and had to take notes by hand. The hackers demanded a ransom, to be paid in bitcoin.
By Friday afternoon, though, it was clear that this was not a limited attack. Businesses in at least 11 other countries reported similar cyberattacks. Many were paralyzed.
According to Britain’s Independent newspaper, these attacks may stretch around the globe, from Portugal to Turkey, Indonesia, Vietnam, Japan, Germany and Russia. It “is much larger than just the NHS,” Travis Farral, director of security strategy for cybersecurity firm Anomali Labs, told the Independent. “It appears to be a giant campaign that has hit Spain and Russia the hardest.”
If you run a business, back up every computer in your office and have a plan for what to do if your system goes down for a while. Be smart about setting up your network, so that most users don’t have complete access to the system. This makes it harder for a ransomware attack to infect everything. And make sure your users are educated about the common kinds of attacks.
What you need to know about the massive hack that hit the British health-care system and elsewhere
Since 9/11, airline passengers have had to deal with the full panoply of security measures: bans on liquids, inspection of laptops at security gates, taking shoes off, not to mention coping with shrinking legroom and most recently, passengers getting dragged off planes.
Now, the Trump administration and the Department of Homeland Security are contemplating a laptop ban that could cause even more tension between passengers and airlines.
Are you ready to forfeit your laptop when flying?
Microsoft and Intel on Wednesday announced Project Evo, their highly anticipated collaboration to create the next generation of personal computers. The project aims to expand on new advances in artificial intelligence, mixed reality, advanced security and gaming.
Terry Myerson, executive vice president of the Windows and Devices Group at Microsoft, unveiled some of Project Evo’s ambitious plans at the Windows Hardware Engineering Community (WinHEC) event in Shenzhen, China.
Through the collaboration, the companies will push the boundaries of a personal computer’s capabilities in the near future, he said. Technologies under development include far-field speech and wake-on-voice enabled through Cortana, biometrics and voice authentication in Windows Hello, spacial audio, and HDR support for gaming.
Project Evo — particularly its expanded use of Cortana — invites comparisons to the digital assistant tools found in Amazon Echo and Google Home, standalone speakers that use Amazon Alexa and Google Assistant respectively. Though their capabilities differ, each uses voice communications to interact with the automated home.
However, Project Evo seems geared toward making the personal computer into a much more sophisticated device — one that can be accessed and operated in ways never before seen.
Microsoft and Intel’s Project Evo Ups the PC Game
More security vulnerabilities will appear in the software of Adobe and Apple than in Microsoft’s, more attacks on the Internet’s infrastructure will occur, and cybersecurity events will stoke international tensions. Those are a few of the predictions for 2017 that security experts shared with TechNewsWorld.
Users of Apple desktops and laptops for years have been relatively insulated from the kinds of malicious activity that has besieged those in the Windows world, but that’s going to change next year, warned Trend Micro.
More software flaws will affect Adobe and Apple in 2017, compared to Microsoft, the company noted in a security predictions report.
Declining PC sales and an exodus to mobile platforms have dampened interest in targeting devices running Windows, Trend Micro explained. Microsoft also has upped its security game in recent times, which has made it more difficult for attackers to find vulnerabilities in Windows.
2017: More Apple Security Flaws, Cyberattacks, Hacktivisim
The source code for Mirai, the malware behind the botnet that launched a massive attack on the Krebs on Security website — the largest DDoS attack on record — has been released in the wild, according to Brian Krebs, author of the blog.
A hacker who goes by the handle “Anna-senpai,” apparently because of increased scrutiny from the cybersec industry, last week announced the release on Hackforums, Krebs said.
The code release has heightened fears that the Internet of Things will be flooded with attacks from new botnets.
“The current lack of guidance and regulations for IoT device security is one of the bigger problems in this area, and why we see breaches in the IoT space rising,” said Reiner Kappenberger, global product manager at HPE Security – Data Security.
IoT Could Become Playground for Botnets Gone Wild
At the request of the FBI, Israeli authorities last week arrested Itay Huri and Yarden Bidani, both 18 years old, for operating vDOS, a DDoS-for-hire service that raked in more than half a million dollars in two years.
DDoS attacks flood websites with garbage data in order to disrupt their operation and deny users access.
The pair were questioned and released after posting bond of about US$10,000 each, according to TheMarker, an Israeli news site. In addition, the duo’s passports were seized, they were placed under house arrest for 10 days, and they were barred from using the Internet or any telecommunications equipment for 30 days.
The arrests occurred at around the same time that Krebs on Security published a report on vDOS.
vDOS revenues for the past two years exceeded $600,000, and the service launched more than 150,000 DDoS attacks on behalf of its customers, Krebs reported.
Attack-for-Hire Teens Collared in Israel