February 3, 2014 No Comments-
Kristian A. Bognaes, Director, Norman Safeground Development Center
– January gave us a couple of more massive data breaches. News stories like these are almost becoming routine, unfortunately, so I will look at a few other things that made the news in the first month of the year.
Physical security is always an issue
When it comes to data theft and spying, nothing is more efficient than having physical access to the hardware. Having a good firewall is rather futile if somebody enters your office building and leaves a hidden WLAN access point connected to your internal network.
A related, but unusual, story made news in January – an unnamed German bank experienced theft of cash from its ATM’s. This has happened before when skimming has been used to create copies of bank cards. This incident, however, was unusual in that it was made possible by deep knowledge of the physical hardware that the bank was using for its automatic teller machines. As it turns out, the ATM hardware was running Windows XP operating system. In itself, this is not unusual, but combined with a USB socket that was accessible by drilling a single hole from the outside of the machine, the perpetrators were able to install malware that would enable them to make withdrawals directly from their own screen menu.
Using Bluetooth to hide card skimmers
Hiding hardware to read credit card data and PIN codes continues to be a popular way of stealing money. As mentioned above, the hardware is often camouflaged on the outside of ATM’s or as additional hardware in payment terminals in stores. In January, a new method was discovered where gas pumps had been fitted with a new type of skimmers. It seems that gas pumps have become popular targets for skimming attacks, but this attack was different. The skimming hardware was installed inside of pumps without any external signs of tampering. Running on the power supply of the pump itself, the skimming device could be accessed from the outside using Bluetooth wireless from a regular laptop. After the card data was collected, the criminals could then create copies of the cards and make withdrawals from the owners’ bank accounts.
Skimming will continue to be a problem with payment cards for a while yet. Some countries have come far in introducing cards with embedded microchips, so-called ‘smart cards’. Skimming will possibly be eliminated when chips are required at all payment terminals. Until then, be careful with where you use your cards, and always protect your PINs.
Your fridge may be infected
Finally for the month of January, the news story about the infected fridge is interesting. Some new high-end fridges have built-in computers with touch screens that lets users look up food recipes or keep inventory. As it turns out, one such fridge got infected with malware and became part of a network to send out ‘phishing’ emails. This is worrisome since it is clear that the future holds a lot more specialized devices that are nothing but computers and that are all connected to the internet. To emphasize on what the future may hold – Google just bought the company Nest, which specializes in embedded devices for home automation.
Antivirus software for thermostats, anyone?
Norman Safeground Blogs Archive