Security Week 47: Blue Tooth Toys, Green-Eyed Taxi With Drain And Bilge Tetris
News in Russian , details in English
When we do not look, the toys come to life and begin to do nasty things - Pixar studio would not have removed such a cartoon, but the reality turned out to be less discriminating. British Consumer Protection Organization Which? I checked several interactive toys of popular brands and found the same problem in almost all of them. A savvy attacker can easily hack to use them to eavesdrop on what is happening in the family, talk to the child on behalf of his multi-colored friend, or even try to crawl into the home network.
This time, Furby Connect, I-Que Intelligent Robot, CloudPets and Toy-fi Teddy and a number of other models were subjected to research. Their manufacturers seem to have forgotten that Bluetooth operates within a radius of 10 meters: if a parent can connect to a toy robot through an unprotected application, what will prevent an attacker who is standing outside behind the wall to download the same application and convey his own hi?
By the way, the possibilities of bullying a toy are not limited to this. If the house has, for example, a voice-controlled system, then a vulnerable robot left close to the microphone can, under the guidance of an attacker, place an order on Amazon. And by making an installation that can roll through the streets, scanning the neighborhood for unprotected toys in the active state, you can put the exploitation of the bug on the stream. In general, the possibilities of mass.
')
Nevertheless, toy manufacturers - at least, those who at least somehow commented on this story - considered the problem unworthy. Like, efforts to hack toys are not worth the information that can be obtained with its help. The answer is so helpless that you don't even want to dissect it.
It took only a few decades to under pressure from parents and outraged public eminent manufacturers stopped producing toys with lead paint or small parts, which irrepressible curiosity and encourages to stick in nostril or ear. But to protect the Bluetooth connection with at least the password or the serial number of the toy, they have not yet matured.
News in Russian , more in English
As we learned this week, a year ago, a huge database was stolen from Uber with names, phone numbers and customer email addresses. It turned out that in order to optimize this data was not stored somewhere, but on GitHub and Amazon S3. As a result, the attackers stole data about 57 million users, among other things - 600 thousand driver's licenses. According to Uber, more important user data, such as their credit card numbers and birth dates, remained intact, because they were stored in the company's own infrastructure.
As a result, Uber paid the thieves 100 thousand dollars to destroy the data. But no one can guarantee that the information was really deleted, and not sold to someone else.
Of course, the amount is considerable, but, on the other hand, if the European Data Protection Act (GDPR) came into force, Uber would be fined a couple of millions. Foreign analysts tend to blame for the leakage of the imperfection of the laws that are not sufficiently punishing companies for stinginess and sloppiness in organizing data storage. This, of course, is true, but with some punitive measures you will not correct the situation, you need a systematic approach to protecting cloud data.
News in Russian , more in English
Pen Test Partners specialist came up with a truly creative way to sink a ship using hacker skills. Hacking the ship’s navigation system and breaking it on the rocks is difficult: there’s reliable protection. But the exchange of messages between the port and the ships, especially in terms of cargo distribution, is not so secure. As a rule, intruders are primarily interested in orders to move containers in the port itself: by changing them, you can send cargo along a different route — in other words, to steal. But if you intercept the requests of BAPLIE EDIFACT, which are used to create plans for loading and placing cargo in the ship's hold, then you will discover an exciting game of 3D Tetris with real cargo ...
To just make a row, you can mix the symbols of all the goods so that loading and unloading take many days instead of several hours. Although this will result in millions in losses to the carrier company.
And if you are overwhelmed by the thirst for blood, you can change the center of gravity and the weight of the largest cargo, so that they are not placed in the hold, as expected, but on the deck. In some ports, control weighing is carried out before loading, but not all. Because loads lift cranes, not people, deception has every chance not to be uncovered. As a result, the ship may well roll over.
A transport worker, sunk when leaving the port, is unlikely to cause human casualties, but it will certainly cost a lot of money to the port itself and to all trucks that cannot go to their destination. So, not only information security specialists are interested in finding a solution.
Joshi
Very dangerous stealth virus, 4086 bytes in length (9 sectors). It infects the boot sector of floppy disks and the MBR of the hard drive when accessing them (int 13h, ah = 2, 3, 4, 0Ah, 0Bh).
It appears on January 5: displays the message: “Type 'Happy Birthday, Joshi'!” And waits for typing the phrase “Happy Birthday, Joshi!”. Changes interrupt vectors 8, 9, 13h, 21h.
Disclaimer: This column reflects only the personal opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. Then how lucky.
When we do not look, the toys come to life and begin to do nasty things - Pixar studio would not have removed such a cartoon, but the reality turned out to be less discriminating. British Consumer Protection Organization Which? I checked several interactive toys of popular brands and found the same problem in almost all of them. A savvy attacker can easily hack to use them to eavesdrop on what is happening in the family, talk to the child on behalf of his multi-colored friend, or even try to crawl into the home network.This time, Furby Connect, I-Que Intelligent Robot, CloudPets and Toy-fi Teddy and a number of other models were subjected to research. Their manufacturers seem to have forgotten that Bluetooth operates within a radius of 10 meters: if a parent can connect to a toy robot through an unprotected application, what will prevent an attacker who is standing outside behind the wall to download the same application and convey his own hi?
By the way, the possibilities of bullying a toy are not limited to this. If the house has, for example, a voice-controlled system, then a vulnerable robot left close to the microphone can, under the guidance of an attacker, place an order on Amazon. And by making an installation that can roll through the streets, scanning the neighborhood for unprotected toys in the active state, you can put the exploitation of the bug on the stream. In general, the possibilities of mass.
')
Nevertheless, toy manufacturers - at least, those who at least somehow commented on this story - considered the problem unworthy. Like, efforts to hack toys are not worth the information that can be obtained with its help. The answer is so helpless that you don't even want to dissect it.
It took only a few decades to under pressure from parents and outraged public eminent manufacturers stopped producing toys with lead paint or small parts, which irrepressible curiosity and encourages to stick in nostril or ear. But to protect the Bluetooth connection with at least the password or the serial number of the toy, they have not yet matured.
Uber stole data. And for a long time.
News in Russian , more in English
As we learned this week, a year ago, a huge database was stolen from Uber with names, phone numbers and customer email addresses. It turned out that in order to optimize this data was not stored somewhere, but on GitHub and Amazon S3. As a result, the attackers stole data about 57 million users, among other things - 600 thousand driver's licenses. According to Uber, more important user data, such as their credit card numbers and birth dates, remained intact, because they were stored in the company's own infrastructure.
As a result, Uber paid the thieves 100 thousand dollars to destroy the data. But no one can guarantee that the information was really deleted, and not sold to someone else.
Of course, the amount is considerable, but, on the other hand, if the European Data Protection Act (GDPR) came into force, Uber would be fined a couple of millions. Foreign analysts tend to blame for the leakage of the imperfection of the laws that are not sufficiently punishing companies for stinginess and sloppiness in organizing data storage. This, of course, is true, but with some punitive measures you will not correct the situation, you need a systematic approach to protecting cloud data.
How to sink a ship
News in Russian , more in English
Pen Test Partners specialist came up with a truly creative way to sink a ship using hacker skills. Hacking the ship’s navigation system and breaking it on the rocks is difficult: there’s reliable protection. But the exchange of messages between the port and the ships, especially in terms of cargo distribution, is not so secure. As a rule, intruders are primarily interested in orders to move containers in the port itself: by changing them, you can send cargo along a different route — in other words, to steal. But if you intercept the requests of BAPLIE EDIFACT, which are used to create plans for loading and placing cargo in the ship's hold, then you will discover an exciting game of 3D Tetris with real cargo ...To just make a row, you can mix the symbols of all the goods so that loading and unloading take many days instead of several hours. Although this will result in millions in losses to the carrier company.
And if you are overwhelmed by the thirst for blood, you can change the center of gravity and the weight of the largest cargo, so that they are not placed in the hold, as expected, but on the deck. In some ports, control weighing is carried out before loading, but not all. Because loads lift cranes, not people, deception has every chance not to be uncovered. As a result, the ship may well roll over.
A transport worker, sunk when leaving the port, is unlikely to cause human casualties, but it will certainly cost a lot of money to the port itself and to all trucks that cannot go to their destination. So, not only information security specialists are interested in finding a solution.
Antiquities
Joshi
Very dangerous stealth virus, 4086 bytes in length (9 sectors). It infects the boot sector of floppy disks and the MBR of the hard drive when accessing them (int 13h, ah = 2, 3, 4, 0Ah, 0Bh).
It appears on January 5: displays the message: “Type 'Happy Birthday, Joshi'!” And waits for typing the phrase “Happy Birthday, Joshi!”. Changes interrupt vectors 8, 9, 13h, 21h.
Disclaimer: This column reflects only the personal opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. Then how lucky.
Source: https://habr.com/ru/post/343218/
All Articles