AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/27/2021

Fisher Price Chatter Bluetooth Telephone 60G LTE has serious privacy issues

Fisher Price Chatter Bluetooth Telephone has the appearance of a classic kids toy, but it was designed for adults and allows to make and receive calls over Bluetooth using a nearby smartphone. The device is a Bluetooth headset that accepts the connections from a smartphone and could be used to take calls or as a speakerphone, unfortunately, serious privacy issues could allow attackers to spy on the owners. The device has already sold out, but it is only available for US customers. Researchers from security firm PenTest Partners that analyzed the device pointed out that the issues can allow using the device as an audio bug. The experts discovered that the Fisher-Price Chatter Bluetooth Telephone uses Bluetooth Classic failing in implementing a secure pairing process. “When powered on, it just connects to any Bluetooth device in range that requests to pair.” state the experts. “Some nearby (next door house, next apartment, street outside) can connect their own Bluetooth audio device (smartphone / laptop etc) and use it to bug their neighbours.” In a scarier scenario, ill-intentioned could use the device to speak to and listen to anyone in the environment where the device is located, including children.

 

Regulate, break up, open up: how to fix Facebook in 2022

This year the public saw an alarming side of Facebook, after a huge leak of internal documents revealed the extent of vaccine misinformation and extremism on the platform, a two-tier system of who gets to break the rules, and the toxic effects of Instagram for teens. Digital rights activists around the world have warned about these issues for years, but with the company facing mounting pressure, next year could provide an unprecedented opportunity for action. We spoke to researchers, activists, and tech experts about how Facebook can be reined in 2022 and beyond, and the innovative solutions that could bring about change.

 

TikTok Overtakes Google As Most Visited Website Of 2021

If you ever need to find something on the internet, it’s pretty much almost a given that you would use Google. This is why it wouldn’t be surprising if you learned that Google is probably the most visited website. However, 2021 was a slightly different story because according to Cloudflare, they discovered that based on their data, TikTok actually beat out Google. Yes, the social media platform where people post funny videos, dance videos, and informative videos managed to beat out Google to become the most visited website of 2021 to steal the number one spot. Other companies on the list include Facebook, Microsoft, Apple, Amazon, YouTube, Twitter, and WhatsApp, all of which make up the top 10 visited domains of the year.

 

Shutterfly services disrupted by Conti ransomware attack

Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data. Although many associate Shutterfly with their website, the company’s photography-related services are aimed at consumer, enterprise, and education customers through various brands such as GrooveBook, BorrowLenses, Shutterfly.com, Snapfish, and Lifetouch. The main website can be used to upload photos to create photo books, personalized stationary, greeting cards, post cards, and more. On Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang, who claims to have encrypted over 4,000 devices and 120 VMware ESXi servers.

 

The Worst Hacks of 2021

IF 2020 WAS the year of pandemic lockdown hacking, 2021 was open season for attackers around the world. Ransomware gangs were shockingly aggressive, targeting health care facilities, schools, and critical infrastructure at an alarming rate. And hackers continued to launch supply chain attacks with extensive fallout. With the pandemic still raging in the background, system administrators, incident responders, global law enforcement, and security practitioners of all sorts worked tirelessly to counter the barrage. And governments scrambled to take more concrete action against online threats. 

For now, though, the seemingly endless cat-and-mouse game continues. As John Scott-Railton, senior researcher at University of Toronto’s Citizen Lab, puts it, “2021 is the year where we’re realizing that the problems we chose not to solve years or decades ago are one by one coming back to haunt us.”

Related Posts