William Ha

Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home

November 9, 2019 by William Ha 1 Comment

Cybersecurity researcher Takeshi Sugawara found that it’s possible to make microphones respond to light as if it were sound. By pointing a laser at the microphone and changing the intensity, the light somehow influences the microphone’s membrane at the same frequency as the laser. The researchers then changed the intensity of the laser to match the frequency of a human’s voices to “speak” to the voice-activated devices. They found that all almost all the smart devices tested registered commands from up to 164 feet away. This has the potential to allow threat actors to purchase items and unlock doors silently through your window. The researchers even tried using infrared lasers, which are invisible to the naked eye, and found that it worked to activate certain smart devices. There are technical controls to prevent this, such as voice authentication and PIN numbers, but the best thing to do is keep the device out of the line of sight of any potential threats.

https://www.wired.com/story/lasers-hack-amazon-echo-google-home/

Windows ‘BlueKeep’ Attack That U.S. Government Warned About Is Happening Right Now

November 3, 2019 by William Ha Leave a Comment

The NSA considers the BlueKeep exploit potentially “devastating” and a “wide-ranging impact”. In June 2019, they published an advisory urging Windows administrators to update their operating systems to prevent this growing threat. The exploit is being compared to the WannaCry attack, which as we know infected numerous systems worldwide. This ongoing BlueKeep attack seems to be smaller scale as a cryptocurrency miner payload is being used. However, the threat actors behind the attack can potentially drop more malicious payloads that can infect the estimated 700,000 Windows systems that still aren’t patched. Another interesting fact is that the BlueKeep exploit was recently released in Metasploit.

https://www.forbes.com/sites/daveywinder/2019/11/03/windows-bluekeep-attack-that-us-government-warned-about-is-happening-right-now/

Hacking victim who paid Bitcoin ransom goes on to hack the hackers

October 29, 2019 by William Ha Leave a Comment

A ransomware victim who paid the attackers to decrypt his files gets revenge by hacking them right back. The German programmer released almost 3,000 decryption keys to assist others hit by the Muhstik ransomware, alongside free decryption software. What he did wasn’t legal, but it’s cool to see this vigilante type response to being hacked. Who knows? Maybe if situations like these happened more often, we’d see a decline in ransomware related attacks. Since the FBI warns companies not to pay the ransom anyway, the possibility of getting hacked right back could further deter ransomware attacks.

https://thenextweb.com/hardfork/2019/10/08/ransomware-bitcoin-hacker-cryptocurrency-muhstik-rekt/

FBI Issues Surprise New Cyber Attack Warning: Multi-Factor Authentication Is Being Defeated

October 12, 2019 by William Ha Leave a Comment

The title of the article makes it seem like there’s a new vulnerability or attack that can be exploited to defeat MFA. However, the article just reiterates what most of us already know; the human factor is often the easiest target for attackers. Social engineering paired with phishing attack tools, such Muraen and NecroBrowser, are being used to bypass MFA. As we learned in previous weeks, user awareness and training are some of the most effective ways to defend against these attacks.

https://www.forbes.com/sites/zakdoffman/2019/10/07/fbi-issues-surprise-cyber-attack-warningurges-new-precautions/#ea474547efba

The NSA Is Running a Satellite Hacking Experiment

September 23, 2019 by William Ha Leave a Comment

According to the article, it is difficult to tell whether a satellite has been hacked because there’s so much data to review that they really don’t know if something is going wrong. Satellites that orbit outside of a certain area or exhibit unusual behavior could indicate a compromise but humans don’t always notice it and don’t have the ability to make a determination quickly because there is so much data. As 5G is becoming more relevant, many more satellites are going into orbit. However, there hasn’t been an any evidence of improvements in satellite security. The NSA is trying to determine if small satellite behaviors can be categorized as good, bad or something else by using artificial intelligence. They are also trying to see if malware can be deployed to a satellite from the ground station. Cyber attacks are possible on satellites and ground stations because they are essentially just computers with special software. Hopefully these experiments reveal ways to address any threats and vulnerabilities in satellite systems.

https://www.defenseone.com/technology/2019/09/nsa-running-satellite-hacking-experiment/160009/

LastPass Patches Bug Leaking Last-Used Credentials

September 16, 2019 by William Ha Leave a Comment

LastPass is a password manager that stores encrypted passwords online and provides users easy access to them through a web interface, browser plugins and smartphone apps. The vulnerability allowed an attacker to exploit a flaw in Chrome and Opera extensions to expose the last credentials filled by LastPass. It was eventually patched. To me, this vulnerability really highlights the biggest flaw of password managers. The tool that is supposed to protect you is actually the thing that can cause the most harm. I’m interested to know if anyone in class has experience with password managers and if you would recommend using one.

https://www.securityweek.com/lastpass-patches-bug-leaking-last-used-credentials