Tag Archive for: danger
There’s Danger in QR Codes
QR codes have become embedded in daily life for many adults. Their spread was highlighted on Super Bowl Sunday, when a bouncing QR code on a brightly colored field occupied 30 seconds of very expensive air time. Capturing that particular QR code led viewers to information on cryptocurrency. Codes that have popped up on restaurant tables across the country lead to menus and apps for paying meal charges. Other codes could lead to much less benign destinations.
The same qualities that make QR codes so valuable make them a legitimate threat to enterprise (and personal) cybersecurity. A type of bar code introduced in 1994 by automotive supplier Denso Wave, QR codes were first used to track components and subassemblies through an automobile assembly process. There are now 40 versions of the QR code, each carrying a different amount of information. Depending on the error correction employed, QR code capacity can range from 72 to 16,568 bits — more than enough to carry significant information about a part, or a malicious instruction for your mobile device or enterprise network.
And the opportunities to deliver those malicious instructions exploded shortly after the beginning of the pandemic when countless restaurants, eager to avoid the appearance of delivering viruses along with menus, moved customers to a menu viewed on their mobile phones. How did those menus get to the customers’ mobile phones? Through a scanned QR code. Convenient, hygienic, and ubiquitous, QR codes have revolutionized menu delivery and customer feedback. They have also revolutionized delivery methods for malware and social engineering attacks.
Take a Closer Look
The problem isn’t really with the capability of QR codes — those capabilities make the codes very useful for any number of legitimate business and consumer purposes. The problem is that so many people have stopped thinking about the codes that they scan. How many times have you seen people walk into a restaurant and scan the QR code from a sticker attached to the table, often scanning the code before they’re fully settled in their seats? That kind of reflexive scanning is the human component of the vulnerability that the code introduces to the…
Hacking Danger: Peloton users warned of new security threat relating to bike’s touchscreen
Peloton users are being warned of a new security threat relating to the touchscreen on their Bike+ that could potentially be controlled by hackers.
In a report released Wednesday, cybersecurity company McAfee discovered a vulnerability that allows hackers to access Peloton’s bike screen and potentially spy on riders using its microphone and camera. However, the threat most likely affects only the $2,495 bike used in public spaces, such as in hotels or gyms, because the hacker needs to physically access the screen using a USB drive containing a malicious code.
According to McAfee’s Advanced Threat Research team, a hacker can discreetly control the stationary bike’s screen remotely and interfere with its operating system. That means hackers could, for example, install apps that look like Netflix or Spotify and steal the users’ log-in information. Perhaps more alarmingly, the cybersecurity team was able spy on users via the camera and microphone, which is normally used for video chats with other users.
“As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched,” the report said. It also warned the hacker could configure this spyware at any point, including during the supply chain or delivery process, without the owner knowing.
Internet-connected devices, whether they are bikes, computers or even refrigerators, are all susceptible to hacks. Cyberattacks have increasingly caught the public’s attention, with high-profile companies including McDonald’s, Microsoft and Electronic Arts publicly revealing recent security breaches.
McAfee said it pored over Peloton’s software with a “critical eye” to find vulnerabilities and warn users. The two companies worked together to “responsibly develop and issue a patch.”
Peloton released a mandatory software update that fixes the issue to users earlier this month. The security risk doesn’t affect the lower-priced Peloton Bike because it uses a different type of touchscreen.
This is an important reminder for users of all connected devices to activate automatic software updates to keep them protected against the latest attacks, according to…