skip to Main Content

Bug Bytes for January 11: Device security is top of mind as CES wraps

Bug Bytes For January 11: Device Security Is Top Of Mind As CES Wraps

Australia’s disaster alert system was targeted by cyber attackers this week, gaining access to the country’s early warning network (EWN) and sending out false emergency texts, emails and landline messages across Australia. ITPro reported that the EWN staff were quick to identify the attack and shut down the messages early, but it’s believed thousands of citizens may have received the alert.

Real-time GPS coordinates for over 11,000 buses in India were left exposed on the internet for over three weeks, according to ZDNet. Security researcher Justin Paine told the publication that the data leaked via an ElasticSearch server that was left connected online without a password.

Meanwhile, ThreatPost reported a Skype vulnerability that allowed authentication bypass had been patched. If breached, the “glitch” would have allowed access to personal data on millions of Android devices around the world. Security researcher Florian Kunushevci alerted the vulnerability to Microsoft, which owns Skype, in early December. To exploit the vulnerability, Kunushevci said an attacker would simply need to steal an Android device, place a Skype call to said device, and answer that call.

For owners of Amazon Ring Security Cameras “there have been more than just algorithms watching through the lens, according to sources alarmed by Ring’s dismal privacy practices” as reported by The Intercept. This follows last month’s news that in Ring’s Ukraine employees had been given access to a database of customers’ video history shortly after a December 2016 meeting. According to The Information, a spokeswoman for Ring said customer videos are encrypted “today” but didn’t respond to questions about when Ring began encrypting the videos.

AT&T says it’ll stop selling your location data reported The Washington Post on Thursday. The news came amid calls for a federal investigation, following a Motherboard story revealing a complex chain of unauthorized information-sharing that ended with a bounty hunter successfully tracking down a reporter’s device.

Finally, as CES wraps, TechRepublic delivers a bleak picture of consumer security. According to a recent McAfee report 58% of consumers don’t secure their personal devices. More, nearly half (42%) said they consider themselves accountable when it comes to device security.

A good reminder to all of us to use a password manager, two factor authentication and keep your devices updated. Even if you believe (as 27% of those surveyed do) that product security is the responsibility of the manufacturer, we need to install updates in order to take advantage of the work they’re doing to keep our devices secure.

Until next week, happy Friday and stay safe out there everyone!

Listen In on a Day in the Life of a Pen Tester ( Part 2 )Register Now
+
Back To Top