Your Toaster Was Hacked And You Don’t Know It
It looks like a scene out of the 1983 movie, WarGames, starring Matthew Broderick. Computers on a nuclear scale attacking another country’s computers (see insert), as well within their own boarders. If you think that this is too far fetching a thought, then look at your favorite news source (mine is KerbsOnSecurity) on October 21, 2016 or perhaps you were impacted that day while trying to watch a movie on Netflix, send a Tweet, listen to Spotify, find a vacation spot on airbnb, or post to Reddit. The massive worldwide attacks that caused these sites to crash most likely came from within your own home.
There are 6.4 billion IoT devices online today with approximately 2% or 128 million with default, weak, or no password protecting them. Internet of Thing devices are your HP printer, QNAP network storage (NAS) for your photos or music library, Amazon Echo, Nest thermostat or camera, Samsung refrigerator, GE washing machine, etc., etc. These are devices that you bring home and plug in with no thought that by the end of the day, it will be assimilated into the nefarious ‘botnet’ army. The botnet is a network of private computers infected with a malicious software and controlled as a group without the owner’s knowledge to forward transmissions to other computers on the internet to engage in cybercrime.
Think that your IT guy or kid down the street who set up your Netgear router or the Comcast tech who installed their new WiFi modem (aka, gateway) is protecting you behind its firewall? A new clients had similar security feelings, but they called us to look at why their internet connection was suddenly painfully slow (2.5Mb/s download on a speed test when they were paying for 150Mb/s). There was a combination of factors that attributed to the issue; the culprit being a newly installed defective modem, however, during our investigations we noticed a lot of network traffic to foreign countries where the client was not transacting or using servers from foreign services (see insert). After filtering the data and scanning the internal sources, we determined that the client’s NAS units were not just serving them, but several other users not authorized to access them. While the client had implemented a secure password protocol, both the router’s configuration and the firmware (a type of software that provide instructions to how the hardware should perform) of the NAS had failed them.
Both had flaws that could easily be fixed: Update to the latest firmware version by the manufacturer to plug holes in the security and ensure that the technician setting up your network has experience with the product (and it’s the right product), as well as understanding the latest threats on the internet.
As society becomes more digitally dependent, we further expose our security of personal information and daily lives to those who wish to capitalize on our misfortune…you’ve by now heard of ransomeware (a type of malicious software designed to block access to a computer system until a sum of money is paid). A properly configured and maintained network will provide a safe environment for your business or family.
Contact Adobe Cinema & Automation to ensure that your digital domain is secure.