Monday, July 31, 2017

Now you can see it… and now you can’t

A year ago, today ...

Magicians’ profession has existed since immemorable times. In its creation at the Medo Imperium (century 7 b.C) in the mesopotamian rivers it was related to religion.  Through the times, it ended up being related to wise people and scientists. Nowadays, however, magicians are related with illusion and magic shows. They amaze the audience with their ‘mystic art’ which are nothing but tricks in order to make people believe they are watching something which actually is not real.

Magician’s job is about hidding the truth, lying to the audience and surprise them when they are not aware. Today in our retrospective we are checking that the cybersecurity world is full of magicians who hide information and leave people speechless (and not always for good).

A person who has demonstrated to be a security magician is Jonathan Zdiarski, Apple’s researcher. A year ago, this expert discovered a problem that could leave exposed the privacy of WhatApp´s users. Did you think that everytime you deleted a message they would disappeared forever?  That’s what you was wanted to believe, due to according to Zdziarski’s Discovery, the app had a fail that allowed any attacker to sniff in users’ private conversations, eve though they had deleted them.

Another big surprise equivalent to David Copperfield’s tricks is the one that got Verizon after buying Yahoo. A few days after the millionaire transaction took place (Remember the purchase was €4.800 millions), Yahoo suffered a security breach that left more than 200 millions of users’ details in the Dark web. Wondering who the responsible of this attack was? The infamous Peace Of Mine, who had perpetrated other assaults to LinkedIn, MySpace, Tumblr…

The key of a good magic trick consists in hidding the truth to the audience and take their attention to other places. However, if we wore a cape or a transparent top hat, it would be difficult to surprise our audience. Only a year ago we found out that it was what Windows 10 did with its ‘free’ implantation. Even though it is true that you didn’t have to pay a pence to enjoy the software, according to various experts that analyzed every single system corner, the privacy data it got in return had a bigger value than you thought. There is nothing free in the web.

Others that showed all their ‘magical’ potential were the responsible of hacking vehicles with the OnStar system to unlock, track and even turn them on. The good new is that the company didn’t last too long in reacting and releasing a patch to cover the vulnerability which made possible that ‘spell’ in your car.

Even though nowadays magicians don’t represent what they used to, people who still develope that job boast about their tricks. Being duped got a price, whatever it is through a legit show or not, as what these ‘magicians’ are looking for is to get your details, which is a way to get to your wallet. This happened a year ago, now and as often as they are able to do it.


Post a Comment