Tuesday, December 22, 2015

Careful with mediatic intoxications about SCADA attacks in 2016

Today is the main new in the majority media specialized in cybersecurity: Iranian mercenaries would have assaulted and stolen information of a dam and an electric grid of Unite States. All the world are worried but some experts who said is sensationalism. We'll talk about this, and also the analysis to bank apps on iOS, a drug case in the Dark Web and the multiple possible attacks against... a bulb, yes.

Welcome to the advance of what we possibly see in 2016: the media, with the respectable Washington Post at the head, denounce an attack against a dam and an electric grid of Unite States and they point as guilty to computer mercenaries paid by Iran. Robert M. Lee, instructor in the course of critical infrastructures in SANS, ensures that there's too much sensationalism in the new and the planes wouldn't have been stolen of the dam systems but the contractor's computer. Read this.

Banks apps

Where there isn't sensationalism is in the study made by Ariel Sánchez, from IOActive, about 40 bank apps for iOS. In 2013, he made a similar study and he review these apps, to see how have evolved. The truth is the apps haven't evolve too much: the 12,5% fails the authentication of the SSl certifications, the 35% have links unprotected by SSL and the 40% show information about user's activity or the interactions between client and server. We hope 2016 will be the year when the bank apps improve their systems.

Carnegie Mellon and Tor

We continue with a trial for selling drugs in the Dark Web, which have been condemned Neil Mannion and Richard O'Connor, both of 34 years old and residents in Dublin. During the trial has been revealed their selling drug site would been located thanks to the collaboration of the Carnie Mellon University, whose researchers discovered a new attack against Tor allowing, the same day, discover the IP directions of the famous bazar Silk Road 2.0.

How to attack a bulb

We finish with an interesting text, with markedly technical character, where Viktor Stanchev tells us the different ways he has discovered to attack an "intelligent" bulb manufactured in China. The bulb not only does light but also is a router, a server and a HTTP proxy, apart from other functions. Stanchev explains his experiments with  the bulb, the vulnerabilities discovered, his tries to inform the manufacturers and how they didn't listen him.

Definitively we won't wrong if we predict 2016 will be the year of bulb attacks, taken as the symbol of the Internet of the Things and the Critical Infrastructures.


Post a Comment