A considerable number of hacking targets were covered by the news recently, including cases involving Cisco and Tesla. The most controversial case, as most agree, was the Yahoo e-mail fiasco when one of the world’s largest web communications companies unveiled a startling story about being the victim of a major hacker attack sponsored by a suspicious state back in 2014. This has left the personal data of more than 500 million users compromised, and it couldn’t have come at a worst timing as Yahoo is seeking to place the finishing touches on a whopping $4.8 billion takeover deal with Verizon.
It also appears that authorities were able to take advantage of digital security methods to track down an alleged bomber who placed improvised explosive devices (yes, IEDs that you used to hear about in Iraq and Afghanistan) in two of Manhattan’s trash cans. A cellphone used as a detonator became the homing device used by the police in this case. New bills were introduced by a member of the U.S. Congress with the objective of beefing up security at the voting systems used in this country before the upcoming 2016 presidential elections – which is most probably too late and will not be used in the November voting process.
The company of Jigsaw, an offshoot of Google, has developed a software program powered by AI to automatically find and assist you in fighting trolls on the web. And Cloudfare, involved in web security, introduced a three-phase campaign to enhance the concept of web encryption.
Let’s dig in.
Massive DDoS attacks targeted KrebsonSecurity.com
A massive attack of the distributed denial-of-service (DDoS) was launched at the security news website of Brian Krebs on Tuesday, September 20th. The Akamai cloud and security services company, protecting KrebsonSecurity.com, was able to defend the site in the face of two huge back-to-back attacks. The first wave targeted the site with a whopping 620 Gbps of malevolent traffic, nearly doubling in size of the largest ever attack recorded by Akamai at 336 Gbps. The attack launched against KrebsonSecurity.com, however, adopted a violent approach that can be described as being more brute, using a significantly large hacked computer network to swarm the site. Two days later, Krebs was informed by Akamai that their business relationship was over and services would no longer be provided to his site. Apparently, Akamai was involved in a free-of-charge association with KrebsonSecurity.com and there was no longer any benefit into it. Krebs’ website went offline as of Thursday night and he was planning to relaunch it Friday. Reports show it continues to face major troubles.
The Chinese are coming!
Americans are very familiar with the threat of carjacking. However, hackers in China are developing a method I like to call “carhacking.” Tencent, the giant Chinese tech company, has had its hackers place a video online showing the methods they used to wirelessly hack and take control over a Tesla S self-driving car. Of course, they haven’t got into any details about their techniques. However, they did show how the car’s trunk can be opened, the mirrors moved in different ways, and most dangerously, press on the brake pedals with the car in motion. Tesla tried to calm the fears by downplaying the attack and claiming such tactics only work when a car is connected to a malevolent Wifi hotspot and the driver actually carries out specific actions on their browser. Of course, as expected from Tesla, they rushed to fix the glitch with impressive speed and efficiency, updating their software by installing an “over-the-air patch.” The entire ordeal was taken care of in ten days after the hackers were kind enough to inform Tesla.
iPhone 7 hacked in one day
A hacker only 19 years of age has apparently been able to find bugs in Apple’s cherished iPhone 7 and iOS 10, and successfully hacked the device and operating system in a matter of just 24 hours. After gaining control he was able to, for example, install apps not approved by Apple. Luca Todesco, aka qwertyoruiop in the hacker community, has apparently been the first person to break into iPhone 7, posting a clip showing his method. Of course, he has stopped short of unveiling any specific details regarding the vulnerabilities he was able to exploit. The young hacker has said he might decide to inform Apple about the bugs through the company’s recently launched bug bounty program. Apple’s security software used in iPhone 7 has “definitely made my life harder,” Todesco explains. Yet he did go on to say no company will be able to place enough security systems to stop all hackers. Efforts can be doubled, tripled and beyond, but someone out there will always be found willing to burn the midnight oil to hack it.
Another problem with the NSA
No one is surprised of the continuing fallout effect after an NSA hacker team themselves became the target of a hacking attack (yes, you read correctly). A month ago a group going by the name of Shadow Brokers published a significant amount of data they had stolen from an NSA team of hackers. Cisco has now revealed the data included a vulnerability feature that has an effect on the firewall equipment used by this company, providing hackers the ability to steal highly important decryption keys for older versions of certain Cisco VPNs (which were also encrypted). This was meant to allow workers on remote devices to safely access a network protected by a firewall. This case involves more than 840,000 devices that were most likely affected, as scans conducted on the web have shown. To make things even worse, an FBI probe has unveiled that the NSA never even bothered to inform Cisco while it knew all along one of its operators had unintentionally left the hacking tools vulnerable to other hackers to be stolen.
Google under criticism over how “Allo” stores messages
On Wednesday, September 21st we witnessed Google launch its smart messaging app called Allo. However, it was quickly revealed that the new software uses a different method to store messages on Google’s servers, in contrast to what the company had announced. End-to-end encryption is not offered by Allo as a default feature, since Google’s AI systems have to analyze the data sent by users in order to provide “smart” features that are adaptive, which are in fact the hallmark of Allo. The app does come with an Incognito Mode offering full encryption if desired. However, using such a method will mitigate the special functions provided by Allo. As a precautionary measure, Google had said back in May that chat logs and other information sent using Allo would be stored only on a transient basis, meaning not having a permanent status on their servers. This apparently balanced between privacy and also providing Google access needed to deliver AI integrations. However, it appears Google has chosen not to employ transient data storage and Allo messages will stay put on its servers until deleted manually by users, or a defined date and time for expiration. Privacy advocates have described Allo as a Google app involved in recording all of your messages and providing it to the authorities if requested.