Category: Blog

Smart TV’s May Be Tracking You And Vulnerable To Hacks

Do you own a smart TV?  More than half of all television sales in the US last year were smart TVs, so chances are decent that you own one.  If you do, be aware that it may be collecting far more data about you than you think.

Recall that last year, Samsung, (one of the top smart TV manufacturers) found itself in hot water when it was revealed that the TV could listen in on conversations, record them (for better voice recognition) and save them on a Samsung server.

Those issues still persist to varying degrees, but a recent Consumer Reports study underscores something most people in the tech business have known all along.  Smart devices really aren’t all that smart, at least when it comes to security.

The Consumer Reports study concluded that most smart TVs and associated technologies like the Roku have only the most rudimentary of security features and can easily be hacked, giving the hackers total control of your TV. This includes the ability to turn it off, on, change the channel, and monitor your viewing habits.  Given that, these TVs can also be voice-controlled. Once a hacker is in control of your set, he could monitor any conversations that take place near it without your knowledge.

In addition, the most recent smart TVs come with a feature called Content Recognition.  For example, if you watch the latest episode of the Walking Dead (whether on AMC or Amazon Prime or some other streaming service), the next time you pull up a web page on your PC or smart phone, you’ll start seeing advertising related to the Walking Dead.

This, of course, gives any would-be hacker a much deeper view into your viewing habits and history.

The upside is that most of these features can be deactivated if you have the patience to sift through the television’s menu system. Of course, if you do that, then it’s no longer a smart TV, and thus, not worth the extra money you spent on it.

As ever, the bottom line is this:  These kinds of risks aren’t going to go away on their own.  Until and unless smart device makers start taking security more seriously, we’re going to keep hearing about potential or actual abuses.

Microsoft Office Update Available To Only Windows 10 Users

There are big changes coming to MS Office which you need to be aware of, given how widely used “Office” is in most companies.

First, the headline change:  When MS Office 2019 is released, it will only run on Windows 10.  If you’ve still got machines on older operating systems, and you want to keep your productivity suite up to date, then you’ll need to upgrade those older systems.

Also, be aware that when Office 2019 ships, it will only have “Click-to-Run” technology.  No MSI, although Office Server will have an MSI deployment option.

In terms of software support, the company had this to say:

“Office 2019 will provide five years of mainstream support and approximately two years of extended support.  This is an exception to our ‘Fixed Lifecycle Policy’ to align with the support period for Office 2016.  Extended support will end 10/14/2025.”

The Office 2019 bundle will include the following apps:

  • Word
  • Excel
  • PowerPoint
  • Outlook
  • Skype for Business

Additionally, server versions of SharePoint and Exchange will be available.

In conjunction with the announcement above, the company also announced service extensions for Windows 10, and changes to the system requirements for people who use Office 365 ProPlus, the company’s online office suite.

Beginning on January 14, 2020, Office 365 ProPlus will no longer be supported on Windows 7, Windows 8.1, Windows Server 2016, or any Windows 10 LTSC (Long Term Servicing Channel) release.  Windows 10 support (versions 1511, 1607, 1703, and 1709) will get an additional six months of support for both enterprise and education customers.

Although these changes will no doubt inconvenience some users, overall, they have to be judged as a positive.  Microsoft has been taking a number of meaningful steps in recent years to streamline and simplify their product support, and these latest changes are very much in keeping with that.

2018 Olympics Hit By Malware

Hackers are picky about their victims.  They’ll target just about any group or organization, including the 2018 Olympics.

Cisco’s Talos Group recently identified a new strain of malware they’ve dubbed “Olympic Destroyer” which is wreaking havoc in Pyeong Chang’s computer networks and causing downtime to internal WiFi and television systems. This has impacted the games’ opening ceremonies, and stands an excellent chance of further disrupting the rest of the festivities.

Because the threat was only recently discovered, the Talos team’s initial assessment and report was spotty and short on details, but the group recently amended their initial findings.  The results aren’t pretty, and the malware is seen as being both more dangerous and more advanced than originally thought.

The big three findings in the team’s amended report are as follows:

  • It’s Polymorphic – As the malware spreads, it collects new credentials from each machine it infects, adding these to its binary on the fly. Members of the Talos team had this to say about the behavior: “I have not seen a malware sample modify itself to include harvested creds before and I’ve been doing this stuff longer than I should admit.  Polymorphic malware isn’t a new idea by itself, but I’ve never seen any examples of malware modifying itself to include harvested credentials.”
  • It Spreads Via The EternalRomance Exploit – This bit of information comes to us from the Windows Defender team. The mechanism by which Olympic Destroyer spreads is industrial grade, utilizing an exploit from the NSA leaked by the Shadow Brokers last year.
  • Finally, It Wipes Data – This is perhaps the most significant of the three updates to the Talos report. The malware has a data wiping mechanism built into it that it utilizes at every opportunity in an attempt to delete files on network shares.  Since it only seems to target shared files, it’s not deleting items key to OS functionality. Even so, these shared files are important, and this is what’s causing operational disruptions.

More details will no doubt become available as the various teams researching Olympic Destroyer get a better understanding of what they’re looking at.  The bottom line is, it’s a pretty advanced threat and will likely inspire copycats in the months ahead.

Changes To Google Images Will Make Image Theft Difficult

Image theft is one of the biggest problems on the internet.  If you’re a photographer, you’ve almost certainly lost money because people find your work online and make a copy of it rather than paying for the right to use it.

Unfortunately, Google has made that incredibly easy to do, but that’s changing.  Until recently, if you did a Google image search, you’d get a list of images that matched your search phrase, and one of the buttons displayed was a “View Image” button that would take you to the image file itself, as opposed to viewing the image in the context of whatever web page it was displayed on.

This, of course, made stealing the image a trivial task.  Content providers have been complaining loudly, and Google listened.  Effective February 15, the “View Image” button is no longer listed.  Of course, it’s still possible to steal the image in question, but users will have to jump through at least a couple more hoops to do so.

A second, smaller and somewhat less impactful change is the fact that Google has also removed the “Search By Image” button that formerly appeared when you navigated straight to an image file.  Savvy users will still be able to drag the image itself to the search bar and accomplish the same thing, but relatively few people are aware of this, which will cut down on its use significantly.  The thinking here is that netizins were making use of this feature to find copies of images that didn’t have a watermark visible.

While these two changes give photographers reason to cheer, it definitely negatively impacts the user experience, as there are a number of perfectly legitimate uses for copyrighted image material.  The bottom line is that if you’re accustomed to the old way of searching for and acquiring images, you’ll have a bit of an adjustment period ahead.

Google Will Get Tougher On Websites Not Using HTTPS

Google is poised to make an important change to its Chrome browser beginning in July 2018.

Here’s the summary from Emily Schechter, the Google Chrome Security Product Manager:

“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption, and within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as ‘not secure.’  Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure.'”

All the major browsers already have plug-ins that alert users anytime they’re visiting a non-secure (HTTP) website, but Google’s planned move will likely prompt them to incorporate the notification into their core product as well.

According to Google’s statistics, 81 of the top 100 sites (as ranked by traffic volume) already use HTTPS.  In addition to that, Google reports that 68 percent of Chrome users are finding HTTPS when using Android and Windows, and 78 percent of the time when using Mac OS X, iOS, and Chrome OS.  Those figures are markedly higher than they were in 2010, when an estimated 40 percent of websites were using the secure socket layer.

If your company’s website hasn’t already made the switch, the time to do so is now.  The writing is clearly on the wall, and it’s not hard to imagine that after Google begins “shaming” non-secure sites with the notification, they’ll also start implementing penalties that will hurt their position on search results pages.  Even if they don’t, the persistent non-secure warnings will be enough to keep many users away, so it doesn’t matter how well optimized or SEO-friendly your site is, an increasing percentage of users may simply opt out if it’s not secure.

New Bug Discovered in iOS That Can Disable iPhone Apps

Last year, Apple had to fix a “special character” bug in their Message app that was more of an annoyance than anything.  This year, a new special character bug has been found, but this one is much more serious and could allow an attacker to crash your phone and block access to a variety of messaging apps.

The bug is specific to iOS 11, so if you’ve got an older version, you don’t have anything to worry about.  The company has already announced that it will be fixed in the upcoming release of iOS 11.3.

Unless you’re in the habit of getting messages in Telugu (Indian language), you’re not likely to see it, because the bug relies on one of the special characters utilized in that language pack.  Once you receive a message containing the special character, your phone will crash.  Even after you restore it, you’ll find that you’re not able to access iMessage, WhatsApp, Facebook Messenger, Gmail, or Outlook for iOS. Although if you use either Telegram or Skype, these appear to be unaffected.

Unfortunately, you don’t have a lot of control over who sends text messages to you, so until the patch is released this spring, there’s not much you can do except to be mindful that it could happen.

If you’re a long time user of Apple products, then you know that this is hardly the first time that strange things have caused the OS to crash.  Just last month, it was discovered that a properly formatted URL could cause a system crash.  In 2015, researchers discovered that a properly formatted text string could cause iMessage to crash. Just last year, a five-second video caused iPhones around the world to crash.  All that to say, keep an eye out for strange text messages, and definitely upgrade to iOS 11.3 as soon as you get the opportunity to do so.

IRS Labeled Email Could Contain Ransomware

There’s a new strain of the “Rapid Ransomware” making the rounds, and because of how it’s being transmitted, it’s destined to have a higher than average rate of infection.  The new strain was first discovered by Derek Knight. It is disturbing because it claims to come from the IRS, and will feature subject lines like “IRS Urgent Message-164.”

The body of the email then goes on to say that the recipient owes some amount of money in real estate taxes, and “helpfully” includes instructions for how to settle in the attached file.  Inside the zipped file, the user will find a word document.  You’ll need to click on “Enable Editing” to see the file, and unfortunately, the moment you do, you’re doomed.  “Rapid” will scan the target computer for data files and encrypt them, appending each with the “.rapid” extension.

As soon as the malware finishes encrypting your files, it will automatically open “Recovery.txt” which will display details on how much you’ll have to pay the hackers to get your files back.  Unlike most other ransomware strains, this one will configure itself to start every time you login to the computer, so if you pay the ransom to get access to your files again, but fail to completely remove the malware, you’ll be facing the same problem the very next time you use the machine.

Observant users will take note of the fact that the email address is not a .gov and likely not be taken in. Unfortunately, many people will look no further than the subject line and immediately begin following the instructions contained in the email, which is obviously the reaction that the hackers are hoping for.

As ever, protecting yourself from threats like these comes down to two things:  Education and vigilance.

Traditional Hard Drive Technology Is Evolving

Rumors of the death of HDD technology have been greatly exaggerated.  The advancement of solid state technology and its increasing rate of adoption has been largely responsible for this, but don’t count old school HDDs out just yet.  They still have many important advantages, and recent breakthroughs should add further to the longevity of the tech.

Right now, the biggest advantage that HDDs have over their solid-state counterparts is sheer size.  While it would be prohibitively expensive to purchase 20+ Terabytes of solid-state storage, getting that amount (or more) of HDD storage is a trivial undertaking, a fact that it’s impossible to discount.

Even more exciting though, consider the recent breakthrough in 3D nano-magnets.  These were invented at the University of Cambridge, and stand to completely change the game. They allow data to be stored and processed in three-dimensional space, which will not only increase HDD storage space exponentially, but should see similar gains in terms of speed of access.

Another exciting recent breakthrough is a new magnetic system that turns heat into motion, which could be used to power miniaturized IoT sensors and actuators.  Such a system could also be applied to HDD technology by using the heat to power lasers, which would write data using the heat from the system itself, leading to an incredible boost in operating efficiency.

Finally, consider the invention coming out of the Imperial College of London.  Researchers there have figured out a way to write magnetic patterns onto nano-wires, which the research team claims could mimic the function of the human brain.  While this technology is still in its infancy, imagine the possibilities of having a computer, or even parts of a computer (like your HDD) powered by something that mimics the function of the human brain, and the dazzling possibilities that open up.

All that to say, while HDD tech might be a little long in the tooth, it’s not dead yet.  Not by a longshot.

40 Percent Of All Login Attempts Are From Bots

Here’s a statistic that is as disturbing as it is frustrating.  According to the latest “State of the Internet/Security” report for the fourth quarter of 2017, as published by Akamai, bot-traffic accounts for a staggering 43 percent of all login attempts.  As bad as that figure is on its face, it’s far worse for companies in the hospitality industry, where the figure is an almost unbelievable 82 percent.

The reason?  Hackers are increasingly using bots to perform “credential stuffing” attacks.

Although human traffic still dominates the web, bot traffic is rapidly catching up.  According to Akamai’s estimates, not counting streaming video, bot traffic accounts for 30 percent of the total, and that figure increases every year.  In fact, even though bot traffic is still a minority in absolute terms, some industries already see more bot traffic than human traffic.

TicketMaster is a great example of this.  The web’s premier site for purchasing concert tickets online is almost unusable by humans these days, because virtually all of their traffic is bot-driven, with bots often being used to buy every available ticket the moment they become available, so they can be resold later at a hefty premium.

Akamai’s Martin McKeay had this to say about the report: “Increased automation and data mining have caused a massive flood of bot traffic to impact websites and internet services.  Although most of that traffic is useful for internet businesses, cyber-criminals are looking to manipulate the powerful volume of bots for nefarious gains. Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots.  Not all web traffic and not all bots are created equal.”

These are wise words, and it bears some consideration.  How much of the traffic coming to your business website on any given day is human?

Known Bug On Macs May Be Causing Lost Data

Do you own a Mac?  Do you use APFS “sparse disk images?”  If so, be aware that under certain conditions, your trusty computer may allow you to copy important data into the void where it will be lost forever, without giving you a heads up first.

This unusual error was recently discovered by Mike Bombich, the creator of Carbon Copy Cloner, which is a popular Mac backup application.  According to Mr. Bombich, the bug is only likely to impact a small percentage of users, but if you’re one of the unlucky few who lose important data, that’s going to be small consolation.

Here’s how the bug works, and where it can get you into trouble:

Let’s say you’ve created a 100 GB APFS-formatted sparse image whose data is stored on a remote network share.

Time passes, and you copy 90 GB worth of data to the remote network share, which leaves just 10 GB for use by your sparse image, but therein lies the problem.  The sparse image still thinks it’s got the full amount of space to play with.

At this point, if you copy a 20 GB file, the copy function will appear to succeed.  In the short run, you’ll still be able to access and open the file until you reboot your machine.  After restarting, 10 GB of the 20 GB file copy vanishes, and the file becomes corrupt and unusable.

Details of the bug have been forwarded to Apple, and the company is in the process of reviewing them.  At this point, no ETA has been given on when a fix might be made available.  Until it is, be very careful when using sparse images, because the system will let you copy your files right into oblivion.