After gaining unauthorized access to Australia’s Early Warning Network (EWN), a hacker sent the following alert: “EWN has been hacked. Your personal data stored with us is not safe. We are trying to fix the security issues.”
It also contained an email address to contact EWN support and a link to unsubscribe. That “emergency” message went out to “tens of thousands” of people via text message, email, and landline.
EWN later admitted that its staff was “able to quickly identify the attack and shut off our systems limiting the amount of messages sent out. Unfortunately, a small proportion of our database received this alert.”
The hacker reportedly used “illicitly gained credentials to login” and post the “nuisance spam-notifications.”
Law enforcement is investigating. Meanwhile, EWN will still be used to provide “alerts for severe weather and natural hazard events.”
Other cybersecurity news:
NSA to release free reverse-engineering tool at RSA
The NSA intends to release a free reverse-engineering tool at the RSA conference; the tool is called GHIDRA. It was previously in the limelight thanks to WikiLeaks publishing the CIA Vault 7 documents. Comments on Reddit compared GHIDRA with the expensive reverse-engineering tool IDA.
Skype app can bypass Android lock screen
The lock screen on your Android phone can reportedly be bypassed thanks to a bug in Skype for Android. Researcher Florian Kunushevci, who discovered the vulnerability and reported it to Microsoft, told The Register that by answering a Skype call on a locked Android, photos and contacts can be viewed, messages can be sent, and a browser window can be launched. You can see the authentication bypass in the demo below:
Stormy weather for the Weather Channel app, which is being sued for secretly mining users’ data
The Weather Channel app is being sued (pdf) by the city of Los Angeles for “covertly mining the private data of users and selling the information to third parties, including advertisers.” The app is reportedly the most popular weather app, having been the most-downloaded weather app from 2014 to 2017.
Marriott revises scope of data breach
The massive Marriott data breach may be a bit less massive than originally thought. According to Marriott’s revised numbers, 383 million guest were impacted, as opposed to the originally reported 500 million. Additionally, 5.25 million unencrypted passport numbers were stolen, as well as 20.3 million encrypted passport numbers.
The dismal security of 28 popular home routers
It’s doubtful you felt good about the security of your home router, but if you did then you can kiss that goodbye after reading Cyber Independent Testing Lab’s report (pdf) on the dismal security of 28 popular home routers. Cyber-ITL analyzed the router firmware for the 10 home routers recommended by Consumer Reports, as well as “best” routers of 2018 recommended by CNET, PCMag, and Trust Compass.
OWASP’s top 10 IoT vulnerabilities of 2018
Speaking of the poor security of internet-connected devices, the Open Web Application Security Project (OWASP) pointed out the 2018 top 10 IoT vulnerabilities list.
- Weak, guessable, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces
- Lack of secure update mechanism
- Use of insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Insecure default settings
- Last of physical hardening
Keep that in mind as a new slew of internet-connected products are announced at the 2019 Consumer Electronics Show (CES).
Brace yourself for IoT madness, such as a $7,000 “smart” connected toilet
It’s time for CES 2019, so let the utterly ridiculous products begin. Kohler, for example, announced its $7,000 smart toilet, or $9,000 for a black version, which is dubbed the Numi 2.0 Intelligent Toilet. It “offers exceptional water efficiency, personalized cleansing and dryer functions, a heated seat, and high-quality built-in speakers.
The lighting features on Kohler’s flagship intelligent toilet have been upgraded from static colors to dynamic and interactive multi-colored ambient and surround lighting. Paired with the new speakers in the Numi toilet, these lighting and audio enhancements create a fully-immersive experience for homeowners.
Amazon Alexa built into the product provides simple voice control of Numi’s features and access to tens of thousands of skills, as well as a seamless integration of voice control into the bathroom.”
Alexa in a toilet. The literal internet connected shitter has arrived. https://t.co/UtqXU5tf0r
— Internet of Shit (@internetofshit) January 6, 2019