Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: Hackers have completed the first-ever power outage sourced from malware within the power grid, the hacking group responsible is still unknown. Security flaw in Comcast’s Xfinity Home Alarm System allows anyone with a radio jammer to interfere with the security system enough to block the system from alerting the homeowner when there is someone breaking into the house. An opinion piece about the need to step up the technology and security for the upcoming voting this election year. Finally, CES releveled a variety of new connected healthcare products.
Hackers brought down the power supply to hundreds of homes in Ukraine last week, in a cyber attack believed to be the first ever to result in a power outage. The Ukrainian energy ministry said it was probing a “suspected” cyber attack on the power grid, targeting several regional power companies, which the country’s intelligence service blamed on “Russian special services”. Moscow has not responded to the allegation. Experts have warned for years that the industrial systems that control critical infrastructure such as power plants are vulnerable. Malicious software, known as malware, has previously been discovered on these networks, but no one has yet linked these infections to an outage.
Vulnerabilities in Comcast’s Xfinity Home Security system could make it possible for burglars to break into someone’s home without triggering the alert that’s meant to notify someone when their home is at risk. Researchers at the cybersecurity company Rapid7 exploited a security hole in the Xfinity Home Security System, which includes door, window and motions sensors, that enables an outsider to make it seem as if a window or door is closed when it’s in fact open. A thief would only need to spend $100-or-so on radio jamming equipment to block the signal that normally emits from an open door. Then when the jammed signal is released it takes anywhere from just a few minutes to three hours to restore its connection.
For years, skeptical political theorists have warned that, although new technology held great potential for voting, it came with many potential threats to voter privacy and security. Unfortunately some of these valid concerns were hijacked by conspiracy theorists, especially after a notorious series of scandals were linked to Diebold voting machines in the 2004 presidential election. But given this week’s news [in late December], it’s time to return to the question of how technology can compromise voter security, with an eye to developing constructive solutions.
The Consumer Electronics Show in Las Vegas this week won’t just feature tech giants. Health and personal care companies, including First Response and L’Oréal, also have descended on the annual gadget show. They’re hoping to wow customers with new sensor-equipped products coming soon to a drugstore near you.