Tag Archives: Drones

Security news Bites for the Week Ending March 29, 2019

We’re From the Government and WE’RE HERE TO HELP YOU!

Well, not really.

We don’t have to worry about the gov being hacked.  They just give our information away.  At least in this case there is no hard evidence that the data was misused.

FEMA hired a contractor to help it find temporary housing for 2+ million people displaced by the recent hurricanes and wildfires.  In order to validate that the people were eligible for assistance, FEMA shared data like name and last 4 of social with the vendor.

Unfortunately, they also shared people’s address, bank account number, bank routing number and other financial details.

FEMA’s OIG discovered it and FEMA says they are sorry.

FEMA then conducted an audit of the contractor and didn’t find any obvious signs of abuse/misuse.  They are also fixing the problem.

Hopefully, that is the end of it, but given how much government agencies use contractors, are you betting this situation is unique?

Are YOU oversharing information with third parties? Are you sure?

 

Drones are rapidly becoming a large security risk

Because, at the low end, drones are really cheap and expendable and at the high end, really sophisticated, the bad guys have figured out that that are a great tool to cause disruption and potentially even death.

We saw late last year that rogue drones shut down London’s Gatwick airport.  While this was distressing, what if, instead, a drone hovered over some crowd and released some lethal whatever.  Relatively easy to do and it could cause mass casualties.

While the drone makers are adding no fly zones around places like airports and prisons, users can hack the drone software or pick second tier targets.  Everything can’t be off limits, otherwise the drone business will end.

For very high risk targets, authorities are trying to use military anti-drone technology, but that won’t be possible to protect every possible target.

Alternatively, drones are great surveillance tools – quietly photographing potential targets and eavesdropping on WiFi signals.

And, there are many more issues – and right now, no good answers.  Source: Threatpost.

Source: ZDNet.

 

Norsk Hydro says that they lost $40 Mil in the first week alone after the ransomware attack

Norsk Hydro estimates that they lost over $40 million in the first week after the ransomware attack shut down many factories and forced others to run in manual mode.

The good news is that they say they have cyber insurance led by AIG (so apparently multiple interlocking policies to give them more coverage with multiple providers sharing the risk).  How much insurance they aren’t saying and what the final costs are, including any lawsuits, won’t  be known for years,

They believe it will take weeks to repair all of the affected systems, which, actually, is good, scary as that may seem.

Norsk says that they think they have cleaned all of the infected servers and are ready to begin restoring data.

My assessment from a distance is that they appear to have a well designed and well tested INCIDENT RESPONSE PROGRAM.  Still it will cost them tens of millions of dollars – maybe more.

Consider how you would respond to an incident like this.  There is no indication that this was a targeted attack, but rather a random event.

Source: Security Week.

 

36 New Security Flaws Found in CURRENT Cellular Networks

While the president seems hell bent at stopping Huawei from becoming an integral part of the worldwide next generation cellular network due to security risks (which is probably not a bad idea, but will no impact on security for at least 5-10 years until 5G cellular becomes the norm), the government is doing nothing about the security holes that are affecting us today and will continue to affect us for years and likely decades.

Security researchers from Korea (South, not North) have identified 51 vulnerabilities in the current cellular network, 36 of which were previously unknown.  While they have reported these issues to various parties, it is likely that hundreds of millions of phones and maybe even the network itself will never be fixed.  Source: Computing.

Facebooktwitterredditlinkedinmailby feather

The Darker Side of Drones

Over a million drones have been sold to the hobby market in the U.S. alone.  Some have been sold with more nefarious purposes intended.

To make matters worse, the FAA expects that number to triple – to over 4 million drones – by 2021.

Drones are used by farmers to manage their fields, to inspect infrastructure such as pipelines, and even, on a trial basis, by Amazon to deliver your package.

In Iraq and Syria, they are used to drop grenades and small explosives, in prisons to deliver contraband and take pictures of you while sunbathing in your birthday suit in your back yard.

In addition to these stories, there are hundreds of new stories every day.

The challenge is how to separate the good from the bad and that is not easy.

Information for this post came from World Wide Technologies.

The first answer is that today, for consumers, there is no good answer.  The military is probably in a little better position, but not much.

It is important to understand that shooting down your neighbor’s drone or even interfering with its radio or GPS signal is a crime and will get you arrested (and has gotten people arrested) if you are caught at it. Under U.S. law, a drone is considered an airplane and shooting down your neighbor’s $500 DJI drone will get you the same treatment as if you shot down a commercial airplane – so don’t even think about it.

Here is what the experts are looking at.  Some drones stay in radio contact with their controllers.  It that is true, you may be able, with the right equipment, to track back the radio signals back to the controller, if you are lucky.

Some drones can be programmed to travel on a flight path without any communication back to its owner.  In order to track these guys you need way more sophisticated technology – Infrared signal trackers for example.  Very expensive today.

The drone maker DJI has released AeroScope, a system to track only DJI drones by the signals that they emit.  Owners can, however, encrypt those signals and the system won’t track competitor’s drones, so it is of limited use.

For drones used for surveillance, such as, possibly, the one that crashed into the 40th floor of the Empire State Building last year, standard security measures work – close the blinds to keep out cameras, encrypt WiFi to discourage eavesdropping and if you think you are a target like banks and law firms, up the ante on those – strong encryption and light/radio blocking window blinds.

Right now the bad guys are winning, but stay tuned, people are working on the problem.

Facebooktwitterredditlinkedinmailby feather