Archive for December 31, 2012

RB | December 31, 2012

Comments Off

Happy New Year

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Holidays | Tags: 2013, New Years

RB | December 29, 2012

Comments Off

Smart TVs Dumb Security

When a device gets connected to the web without any security it leaves the users vulnerable. This is a trend as the Internet of Things evolves. In this case, Samsung Smart TVs seem to have no security, a dumb TV. Dailywireless.org reports that 40% of Americans have connected their TV to the Internet.

At the same time, The Security Ledger is reporting that a “Security Hole in Samsung Smart TVs Could Allow Remote Spying.” The Malta-based firm ReVuln, says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners’ social media credentials. Attackers could also spy on those watching the TV using compatible video cameras and microphones.

ReVuln is a security research firm that offers information on security holes it discovers only to subscribers. However, it did confirm the previously unknown (“zero-day”) hole with Security Ledger. The zero-day affects Samsung Electronics Co. (005930) Smart TVs running the latest version of the company’s Linux-based firmware. It could give an attacker the ability to get access to any file on the remote device, As vulnerable are external devices (such as USB drives) connected to the TV.

In an Orwellian twist, the hole could be used to use cameras and microphones attached to the Smart TVs. Granting remote attackers the ability to spy on those viewing a compromised set. Luigi Auriemma of ReVuln told ComputerWorld via email, “If the attacker has full control of the TV … then he can do everything like stealing accounts to the worst scenario of using the integrated webcam and microphone to ‘watch’ the victim.”

Security Ledger says that the Smart TVs offer no native security features, such as a firewall, user authentication, or application whitelisting. More critically: there is no independent software update capability, Which means that, barring a firmware update from Samsung, the exploitable hole can’t be patched without “voiding the device’s warranty and using other exploits,” ReVuln said.

The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV. Copying the contents of its hard drive to an external device and mounting them on a local drive. This gave them access to photos, documents, and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.

rb-

There is no patch for people. Until there is, Smart TV users will have to wait for Samsung to fix this huge security hole or fix it for themselves and risk voiding their warranty. Smart TV with a complete lack of security features, Smart TV Dumb Security.

Samsung Developer Conference Showcases New Smart TV Tools and Policies for Developers (news.samsung.com)

Category: Uncategorized | Tags: 2012, Internet of Things, Linux, Samsung, Security, Smart TV, Vulnerability

RB | December 27, 2012

Comments Off

F-Secure Top Security Predictions for 2013

As the new year looms, all kinds of firms start making predictions, mostly to boost their sales next year, I will be looking at a number of firm’s predictions for next year, a let’s see how smart they are this time next year. Here are the top security predictions for 2013 from Finland-based F-Secure Labs shared with Help Net Security.

1. The end of the Internet as we know it? – Secure Labs predicts that the ITU WCIT in Dubai could mean the end of the Internet (which I covered here and here). Sean Sullivan, Security Advisor at F-Secure Labs says that the World Conference on International Telecommunications could have a major impact on the Internet as we know it. “The Internet could break up into a series of smaller Internets,” Sullivan says. “Or it may start to be funded differently, with big content providers like Facebook and Google/YouTube having to pay taxes for the content they deliver.”

rb- WCIT has concluded with the U.S. and most of Europe refusing to sign the treaty due to language backed by Russia and China that could have large-ranging impacts on Internet freedom.

2. Leaks will reveal more government-sponsored espionage tools – “It’s clear from past leaks about Stuxnet, Flame, and Gauss that the cyber arms race is well underway,” says Mikko Hypponen, Chief Research Officer at F-Secure Labs. While we may not always be aware of nation-states’ covert cyber operations, we can expect that governments are more and more involved in such activity.

3. Commoditization of mobile malware will increase – The Google (GOOG) Android operating system has solidified in a way that previous mobile operating systems haven’t, extending from phones to tablets to TVs to specialized versions of tablets. The more ubiquitous it becomes, “the easier to build malware on top of it and the more opportunities for criminals to innovate business-wise,” Sullivan says. Mobile malware will become more commoditized, with cyber-criminals building toolkits that can be purchased and used by other criminals without real hacking skills. In other words, malware as a service, for Android.