Month: January 2018

Grand theft auto? Kidnapping? Murder? There’s an app for that.

This is a summary of three articles from the Sophos Naked Security blog that might be of interest to writers of stories involving cybercrime.

Break into a car in seconds

Many new cars come with an electronic fob on the keychain. The fob uses radio signals to tell the car to unlock. In a development which should surprise absolutely no one, criminals have found a way to abuse this feature. Looks like it takes two devices: one to record the fob’s signal and send it to the second device which opens the car door. This appears to work even if the fob is inside the owner’s house.

Your story’s character may not want to steal a car, but she might want the laptop the owner left sitting in the trunk.

Smartwatches are dumb

Does your story have a villain who’s not above kidnapping? He might use an insecure smartwatch to locate his target.

Smart pumps are also dumb

Does your story’s villain need to deliver a lethal does of morphine to a hospital patient? He could potentially do so from a safe distance if the patient is being treated with a device that regulates the IV drip. The vulnerabilities in the linked article are admittedly very difficult to exploit, but they’re indicative of the sloppy development of devices like this. The vendor says they’ll release an update this month to address the problem. It’s probably a firmware update. How many overworked hospital IT workers do you think will go around applying that update to every affected device?

Advertisement

Data breach at US Department of Homeland Security

The Department of Homeland Security (DHS) suffered a “privacy incident” involving a database with personal information on nearly a quarter million people employed by DHS during 2014. This breach also affects an unspecified number of people who were associated with DHS investigations between 2002 and 2014. This latter group includes the subjects, witnesses, and complainants of DHS investigations.

DHS says that this wasn’t the result of a cyber attack. Sounds like a former DHS employee helped themselves to a personal copy of this database. This database contains names, social security numbers, dates of birth, and other information useful for identity theft. It isn’t clear how far this information was disseminated.

So if you think you may be affected by this data breach, click the above link for information about enrolling in 18 months of free credit monitoring. And if you’re an author with a character who wants secret information about a company or organization, have your character start running phishing attempts against current and former employees of the company/organization. She might identify these employees by running searches in social media sites like LinkedIn. Gaining access to an employee’s personal computer or Dropbox account might be very fruitful, because there’s no telling what that employee might have taken home with him.