Mid-January 2019 news roundup

Here are a few interesting items that have come through my news reader recently.

uPNP abuse

Universal Plug-and-Play (uPNP) is a feature that is enabled by default in most home routers. uPNP allows a network-enabled device on your home network to tell your router to allow external connections back to the device, like a gaming console or a media server.

While this feature might be useful in some cases, it has a history of security-related problems. A recent example involves tricking chromecast and other google-friendly devices into playing a video promoting someone’s youtube channel. You might enjoy reading that article if you want an idea of how a character in your story could get a victim’s TV to show a video of your character’s choice. Imagine getting someone’s TV to show a forged emergency broadcast system alert, for example.

You might also want to consider disabling uPNP on your home router.

Non-technical cyberwarfare

Gizmodo has an article reminding us that sometimes you don’t need mad skills to crack a network. The FBI was able to acquire evidence against drug kingpin El Chapo by persuading his sysadmin to give them the keys to decrypt encrypted voice-over-IP conversations. If your story’s character needs to compromise an otherwise secure computer network, bribing or blackmailing an insider might be a good alternative.

Biometrics v. photography

Have you ever seen a movie where someone is only able to enter a lab or operations center after putting their palm on a handprint scanner? Apparently that’s a real thing: the scanner looks at how the user’s veins are arranged. It turns out that a photograph FROM SEVERAL METERS AWAY reveals enough detail to create a wax hand that will fool some of these scanners.

I recently watched Die Another Day (2002), and I think they used a severed hand to get through one of these things. So, that kind of messy unpleasantness isn’t even necessary any more!

And if you’re a Bond villain with a lair under a volcano that you access with a handprint scanner, think about wearing gloves in public.

Advertisement

Author: carl

A web programmer and Linux system administrator who would like to be a writer.