The company that made headlines in October for publicizing zero day holes in SCADA products now says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners’ social media credentials and even to spy on those watching the TV using compatible video cameras and microphones. In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown (“zero day”) hole affects Samsung Smart TVs running the latest version of the company’s Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing […]
Search Results for "home"
FBI Issued Alert over July Attack on HVAC System
The FBI issued an alert to businesses in July after unknown attackers breached a computer used to control the heating, ventilation and air conditioning (HVAC) system of a New Jersey company, accessing a graphical user interface for the system, including a floor play layout of the company’s office. The attacks came after an Anonymous affiliated hacker, using the handle @ntisec, published links to vulnerable ICS systems running software from the firm Tridium online. The links included the address of an administrative system that controlled the HVAC system used by US Business 1, a New Jersey company that installs air conditioning systems for other companies, according to a copy of the July, 2012 Situational Information Report (PDF), issued by the Newark Division of the FBI. The alert concerning the February and March, 2012 attack was released by the web site Public Intelligence on Saturday. The FBI did not respond to a request for comment from Security […]
Bluetooth-Sniffing Highway Traffic Monitors Vulnerable to MITM Attack
A system that monitors traffic patterns by pinging Bluetooth devices carried within passing automobiles is vulnerable to man in the middle attacks that could allow a remote attacker to steal data or remotely control or disable systems used to monitor freeways across the U.S., according to an alert from the Department of Homeland Security’s Industrial Control System Computer Emergency Readiness Team (ICS-CERT). ICS-CERT issued an advisory on Friday for customers who use Bluetooth-based traffic systems from the firm Post Oak Traffic Systems. Post Oak’s AWAM Bluetooth Reader Traffic Systems do not properly generate authentication keys used to secure communications. That could allow an attacker to calculate the private key used by the AWAM reader, then use those to impersonate the device, siphoning off administrative credentials that would give them direct access to the traffic monitoring system, DHS warned. Post Oak’s Anonymous Wireless Address Matching (AWAM) devices are installed at the […]
Uncle Sam Wants To Stop Healthcare Fraud, But Smart Cards Are No Panacea
Medical fraud is a huge issue in the U.S. Depending on whose numbers you use, fraud stemming from false medical claims and reimbursements range from $65 billion a year (a figure generated by the Centers for Medicare and Medicaid Studies) to more than ten times that: $750 billion a year (according to the Institute for Medicine). To stem the losses, government and law enforcement have been cracking down on fraud. In October, for example, the U.S. Attorney General Eric Holder and Health and Human Services Secretary Kathleen Sebelius announced charges against 91 individuals believed to be behind a huge, interstate Medicare fraud scheme responsible for some $430 million in false billing charges. Increasingly, though, the U.S. government is turning to technology to help it identify and root out fraud within the system for medical reimbursements. Chief among the ideas under consideration is a beefed up system for identifying health consumers […]
Questions, Doubts greet Researcher’s Claim to have Chrome Zero Day
Google says that it will wait to see what transpires at a New Delhi hacking conference this week before responding to a researcher’s claim that he has discovered a remotely exploitable vulnerability in its Chrome web browser. Speaking with Security Ledger, Google spokeswoman Jessica Kositz said that the company was aware of claims by Georgian researcher Ucha Gobejishvili that he has discovered a previously unknown (zero day) security hole in Chrome and will demonstrate it at this week’s MalCon hacking conference. Gobejishvili described the security hole in Chrome as a “critical vulnerability.” “It has silent and automatically (sp) download function…and it works on all Windows systems” he told Security Ledger in an online chat session. While the Tbilisi-based researcher won’t say much about the hole, he told Security Ledger that he discovered it in July. The vulnerability is in a DLL (dynamic link library) that is part of the browser […]
