Home surveillance camera nightmare, jail time for attacker and the most vulnerable software
Welcome to Cyber Security Today. It’s Monday June 29th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
In my last podcast I talked about making sure the internet-connected devices you don’t think about have good security including strong passwords. I’m talking about things like home and baby surveillance cameras. Here’s why: Australians have discovered that a website in Russia is live-streaming their lives through their surveillance cameras. That’s right: The world can see if people are in their front or backyards, and what they’re doing. Even internet-connected surveillance cameras of businesses are being used. Someone has hacked those cameras. One victim told an Australian broadcaster that his cameras had been hacked several times even after security advisors changed settings and passwords. It’s why before buying you have to research internet-connected devices — including that smart-TV with a webcam in your living room. Ask if the manufacturer regularly issues security updates, how long security updates are available and if the device allows long passwords. And if you get a router or set top box from your internet provider the password on that has to be changed from the default to a something strong. Remember also that if the device uses Wi-Fi then that system has to be secure as well.
I also mentioned in that podcast that compromised internet-connected devices get chained together by criminals into botnets of thousands of devices to launch cyber attacks. Well, last week a 22 year-old from Washington state was sentenced to 13 months in jail for creating and operating several botnets. The first infected over 100,000 devices with factory-set passwords the owners hadn’t changed, or used easy-to-guess passwords. A separate botnet had 75,000 devices, mostly surveillance cameras around the world from one manufacturer or internet-connected digital video recorders. A separate botnet was created using 700,000 hacked routers. U.S. officials have also charged two others for working with this guy.
Finally, the FBI recently issued a list of the 10 most routinely exploited computer vulnerabilities. These are the holes in software hackers use to spread their attacks. Three of the most targeted applications are familiar: Microsoft Windows, Microsoft Office and Adobe Flash Player, which is used for playing multimedia content. Why these three? Because they’re so common. What the list highlights is many of the vulnerabilities in these applications were patched years ago. One of of the top 10 dates back to 2012. Another back to 2015. But hackers keep exploiting them because many individuals and organizations aren’t updating their software regularly. So there’s a security risk in not using Windows Update every month to install the latest patches. There’s another risk in using an old copy of Office or having a computer still running Windows 7 because they aren’t updated any more.
Another high target is Adobe Struts, a framework for web application development. Failure to patch Struts let to the huge hack of consumer files from credit rating agency Equifax in 2017.
One of the other most targeted applications is Adobe Flash. The good news is Adobe is abandoning Flash at the end of this year. If you still have it installed you’ll be getting a notice in a couple of months to delete it from your computer.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.