Tag Archive for: Questions

Hack raises security questions over Google smart speakers


It’s always there. Always listening.

Having a device like Google Home inside our house is pretty standard these days. From setting alarms to playing our favourite song using a simple voice command, the technology certainly comes in handy.

But have you ever felt uneasy about those always-active microphones?

Can we be sure our privacy is not being compromised?

IT professional and security researcher Matt Kunze was  messing around with Google Home one day when he made a concerning discovery.

In his blog, Kunze says “I noticed how easy it was to add new users to the device from the Google Home app. I also noticed that linking your account to the device gives you a surprising amount of control over it.”

Kunze was determined to find out if it was possible for an attacker to link their own Google account to someone’s Google Home and execute commands remotely on someone else’s network.

The result? Kunze, alarmingly, was able to turn his Google Home Mini into what could basically be described as a listening device.

Kunze says he was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet,  access its microphone feed, and make arbitrary HTTP requests.

Using tools like man-in-the-middle proxy (mitmproxy) enabled Kunze to observe traffic between the Google Home application on a smartphone and the Google Home device.

From there, he discovered that a Google account could be linked to the device by sourcing its information via a local API, and then sending a request to Google’s servers with information to link it.

Kunze wrote a Python script that takes Google credentials and an IP address and then links the Google account to the device at the given IP address.

Kunze then tried to think from the perspective of an attacker.

“Just how much control over the device does a linked account gives you, and what are some potential attack scenarios? I first targeted the routines feature, which allows you to execute voice commands on the device remotely. Doing some more…

Source…

It’s time to focus on information warfare’s hard questions


Written by Gavin Wilde

In 2016, Russia sparked our current era’s obsession with online information operations. By meddling in that year’s U.S. presidential election via a plethora of online tools, Moscow’s operatives illustrated what seemed like the boundless potential of digital manipulation.

Since then, social media companies and governments have made massive investments in catching these efforts. As a report published by Facebook parent company Meta at the tail end of 2022 illustrates, these efforts appear to have reached something of an equilibrium with Russian information operators. Russia, along with several other states, still run malign online information operations, but these campaigns to influence public opinion are detected and taken down with such speed that they rarely reach significant audiences.

This state of equilibrium means that it’s high time to ask more fundamental questions about online information operations and the resources being mustered in countering them. Such efforts — and the coverage of them — means that our collective attention is far more focused on content and mechanics, rather than real-world impact and our information ecosystem more broadly.

Six years into our collective preoccupation with information operations and how platforms wrestle with them, the question of whether they even work in the first place — and if so, how — has gotten lost. The incentives for all parties — platforms, governments and illicit actors alike — are stacked in favor of operating on the assumption that they do, while the science looks inconclusive at best.

Meta capped off 2022 by detailing how it has performed more than 200 takedowns of covert influence operations on its platforms, the culmination of a strategy first used against Russian actors in 2017. In a short five years, Facebook’s threat analysts have arguably served as the vanguard of a new industry — monitoring and countering malign activity online.

Five years on, this industry and those responsible for carrying out information operations — in particular, Russia — have become co-dependents….

Source…

AIIMS Server: Hacking of AIIMS server raises serious questions about cyber security in country: Congress


The Congress on Tuesday hit out at the Modi government over the hacking of the AIIMS server and said it raises “serious questions” about cyber security in the country. AICC general secretary, organisation, K C Venugopal asked about Prime Minister Narendra Modi‘s promise of a new cyber security policy which he announced two years ago.

“It has been a week since the server of AIIMS was hacked. It raises serious questions about the cyber security of the country. In 2020, PM Modi had announced that the country will soon have a new cyber security policy. It’s been two years and we’re still waiting,” Venugopal said on Twitter.

Services at the All India Institute of Medical Sciences (AIIMS), Delhi remained affected on the seventh consecutive day, official sources said.

It is feared that data of around 3-4 crore patients could have been compromised due to the breach detected on November 23.
Patient care services in emergency, outpatient, inpatient and laboratory wings are being managed manually as the server remained down, the sources said.

The Delhi Police, however, issued a statement, saying “no ransom demand as being quoted by certain sections of the media has been brought to notice by AIIMS authorities”.

The India Computer Emergency Response Team (CERT-IN), Delhi Police and representatives of the Ministry of Home Affairs are investigating the ransomware attack.

A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.

The official sources said internet services are blocked on computers at the hospital on the recommendations of the investigating agencies.

The AIIMS server has stored data of several VIPs, including former prime ministers, ministers, bureaucrats and judges.

Source…

6 Questions to Ask Before You Hire a Managed Security Services Provider


Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm also

predicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.

It comes as no surprise, then, that organizations are looking to managed security services providers (MSSP) to either augment in-house security teams or provide risk-management services.

“Many organizations don’t have the resources to build out a security operations center (SOC),” says Scott Barlow, vice president of global MSP and cloud alliances at Sophos. “Meanwhile, security is moving at a rapid rate, and it’s tough to do it yourself. With internal IT staff focused on internal needs, companies really need to think about 24-7 security and threat hunting across their network. That’s why we see a lot of co-managed IT and outsourcing tickets going to MSSPs these days.”

An MSSP may be the answer, but businesses should take the time to do their homework before signing on. Here are six essential questions to ask when seeking assistance.

1 – What types of certifications do your staff have?

“There are a lot of certifications out there,” Barlow says. “From CompTIA to (ISC)2, there are many ways security professionals stay up to date on skills and the latest threats. But it is essential that they are up to date on certifications because the industry is constantly evolving.”

It’s important to start by understanding your staff’s full suite of certifications, then determine what’s needed to fill any gaps, Barlow says.

2 – How do you secure on premise and public cloud assets?

Many organizations have assets in the public cloud in addition to on-prem. It is important to determine how your MSSP can secure both. “Public cloud does not mean Microsoft 365,” Barlow says. “It means that if you have workloads in Azure or Google Cloud Platform (GCP), can they confidently assure you that they can secure those assets and data? Ask how.”

3 – Can you support all my needs?

Identifying your internal IT and security needs is paramount. For…

Source…