Posts Tagged ‘cyber security’

Hacking Home Automation Systems Through Power Lines

Saturday, August 13th, 2011



 

X10-Jammer.png

Quoted from Hackaday.com

As home automation becomes more and more popular, hackers and security experts alike are turning their attention to these systems, to see just how (in)secure they are.

This week at DefCon, a pair of researchers demonstrated just how vulnerable home automation systems can be. Carrying out their research independently, [Kennedy] and [Rob Simon] came to the same conclusion – that manufacturers of this immature technology have barely spent any time or resources properly securing their wares.

The researchers built tools that focus on the X10 line of home automation products, but they also looked at ZWave, another commonly used protocol for home automation communications. They found that ZWare-based devices encrypted their conversations, but that the initial key exchange was done in the open, allowing any interested 3rd party to intercept the keys and decrypt the communications.

While you might initially assume that attacks are limited to the power lines within a single house, [Kennedy] says that the signals leak well beyond the confines of your home, and that he was able to intercept communications from 15 distinct systems in his neighborhood without leaving his house.

Can’t imagine how someone disturbing your private time while you’re enjoying your hot bath? think again. have a nice weekend.

Courtesy: Hackaday, Wired

School District Halts Webcam Surveillance

Tuesday, March 9th, 2010

A suburban Philadelphia school district is deactivating a webcam, theft-tracking program secretly lodged on 2,300 student laptops following allegations the device was used by administrators to spy on a boy at home.

“I think given the concerns of parents and community members, I think we have a responsibility to at least take a pause and review the policy,” Lower Merion School District spokesman Doug Young said in a telephone interview Thursday evening.

The move came a day after the 6,900-pupil district, which provides students from its two high schools free Macbooks, was sued in federal court on allegations it was undertaking a dragnet surveillance program targeting its students — an allegation the district denied. Young said the computer-tracking program was activated a “handful” of times solely to track a missing laptop.

The suit was based on a student’s claim, acknowledged by the district, that the webcam was used by school officials to chronicle “improper behavior” based on a photo the computer secretly took of the boy at home. (.pdf) in November.

The assistant principal at Harriton High informed the student “that the school district was of the belief that minor plaintiff was engaged in improper behavior in his home, and cited as evidence a photograph from the webcam embedded in minor plaintiff’s personal laptop issued by the school district,” according to the lawsuit.

Young declined to directly say whether the program was activated in this instance to locate a missing laptop. He said the district only activates it when there is a reported missing laptop, and urged Threat Level to draw its own “inferences.”

“The only situation where the feature would have been activated is in the case of a stolen, missing or lost laptop,” Young said. “There’s never been any scenario used for any purpose other than that.”

Lawyers for the student did not return phone calls and e-mails for comment. The Associated Press reported late Friday the FBI was probing the allegations. (more…)

Secure Computing’s Cyber Security Study Reveals Sobering Results

Saturday, November 15th, 2008

Industry insiders say critical infrastructure is not prepared for cyber attacks and recommend that asset owners and operators begin by taking five steps to enhance their security.

SAN JOSE, CA –  Secure Computing Corp., a leading enterprise gateway security company, announced the results of a study conducted during August and September 2008 in the U.S., Canada, and Europe. The study surveyed 199 international security experts and other “industry insiders” from utilities, oil and gas, financial services, government, telecommunications, transportation, and other critical infrastructure industries. Despite a growing body of legislation and regulation, more than half of these experts believed that most critical infrastructure continues to be vulnerable to cyber attack. Further, a majority of respondents said that major attacks have already begun or are likely to occur in the next 12 months.

“An attack on any one of these industries could cause widespread economic disruptions, major environmental disasters, loss of property, and even loss of life,” said Elan Winkler, Director of Critical Infrastructure Solutions for Secure Computing. “This study revealed that many critical infrastructure organizations are simply not ready for the cyber attacks which are coming soon.”

Rick Nicholson, Vice President of Research for Energy Insights, an IDC company, who authored a white paper based on the survey, added, “Most utility CIOs believe that their companies will be compliant with relevant standards, but still have a long way to go before being adequately prepared for all cyber attacks.”

In the study, respondents were asked to indicate the state of readiness for eight different industries. More than 50% of respondents believed that utilities, oil and gas, transportation, telecommunications, chemical, emergency services, and postal/shipping industries were not prepared. For some sectors, such as postal/shipping and transportation, as many as three out of four experts indicated that the infrastructure was not ready for attack. Only the financial services industry was considered prepared, although nearly 40% believed that even this sector was not ready to defend itself.

Survey participants were also asked which industry was the biggest target, which was the most vulnerable to attack, and which was the most detrimental if breached. The insiders picked the energy sector in all three cases, with 33% saying it was the biggest target, 30% saying it was the most vulnerable, and 42% saying it would be the most detrimental if attacked.

When asked to name the biggest bottleneck to improving cyber security, the largest number of experts (29%) pointed to the cost of security measures. Apathy was the second most likely to be selected as the primary bottleneck, with government bureaucracy and internal issues tying for third. (more…)