AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/05/2021

1 – IoT privacy and security concerns

There is a famous hacking story that’s become something of an urban legend in the cyber security industry – about a casino that had its IT network infiltrated via an internet-connected fish tank. It’s said that the tank’s IoT thermometer was used to access the casino’s entire system and extract data on its clientele. It’s a rather extreme example of what could happen, but serves to highlight an important point – if you connect a device to the internet, regardless of how innocuous it might seem, it can be turned into an open door for cyber criminals. The rapid increase of the Internet of Things (IoT) includes smartphone-controlled coffee machine, office lights linked to Wi-Fi and even connected fish tanks. But each new thing seems to come with a hackable flaw or a route into a user’s wider network. This has led to calls for security to be made part of the design – ‘secure by design’ – and for stronger passwords rather than easy default options.

 

2 – Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest

A teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. Carroll was an assistant principal at Bellview Elementary School, while her daughter attended Tate High School. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. A Florida State Department of Law Enforcement investigation concluded that phones and computers from their Pensacola suburb household were used to access student records.

 

3 – Signal tries to show how much data Facebook collects, gets banned from the platform instead

Facebook and Signal have been in a battle ever since the former decided to alter WhatsApp’s privacy policy to collect and share data with Facebook. This move saw users ditch WhatsApp in favour of apps like Telegram and Signal, forcing Facebook to delay the enforcement of its new privacy terms. Soon after that, Signal decided to take the battle directly to Facebook but was shot down in the process. In a new blog post, Signal claims that it decided to run a series of honest ads showcasing the amount of data Facebook collects from its users. Instead, Facebook decided to disable Signal’s ad account even before the ads reached it target audience. The idea behind these ads was to target very specific users through Facebook’s tools that take advantage of the enormous data collected by the company. 

 

4 – MIT’s nano flashlight could create cell phones able to detect viruses

Researchers at MIT have built a new nanoscale flashlight on a chip that they believe could someday result in cell phones that can be used as sensors capable of detecting viruses and other incredibly small objects. The approach used by the researchers to design the nano flashlight on a chip might also be used to create a variety of other micro flashlights with different beam characteristics to create devices for a variety of applications. Scientists say they can make a wide spotlight versus a beam of light focused on a single point depending on the need. Researchers have endeavored to identify a material by observing how light interacts with the material for decades. Using light to identify a material requires shining a beam of light onto it and then analyzing light after it passes through the material. All materials interact differently with light, allowing the light that passes through the material to provide a fingerprint for that specific material.

 

5 – New Attacks Slaughter All Spectre Defenses

All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago. A paper published on Friday by a team of computer scientists from the University of Virginia and the University of California, San Diego, describes how all modern AMD and Intel chips with micro-op caches are vulnerable to this new line of attack, given that it breaks all defenses. That includes all Intel chips that have been manufactured since 2011, which all contain micro-op caches. The vulnerability in question is called Spectre because it’s built into modern processors that perform branch prediction.

Related Posts