U.S. terrorist watchlist found, T-Mobile hacked and troublesome SDKs.
Welcome to Cyber Security Today. It’s Wednesday, August 18th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Employees at many organizations make mistakes that leave sensitive data open on the internet. If you know how to hunt around the web you can find all sorts of things – like lists of suspected terrorists. That’s what security researcher Bob Diachenko of Comparitech said he recently found. The watchlist was compiled by the U.S. Terrorist Screening Centre. It was sitting open and could be found by anyone with the skill to do it. The watchlist had some 1.9 million records including names, citizenship, gender, date of birth and passport number. The database was connected to an internet address in Bahrain, which suggests it might have been shared with a U.S. partner law enforcement agency in that country. But as Diachenko notes, it’s a list of suspects, not of people who have been charged or convicted of a crime. In the wrong hands it could be used for harassment or blackmail.
American cellular provider T-Mobile has admitted that someone recently gained unauthorized access to part of the company’s data.
UPDATE: After this podcast was recorded the company said a preliminary analysis shows that approximately 7.8 million current T-Mobile postpaid customer accounts’ information is in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with the carrier. No phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the copied files. But some of the data accessed did include customers’ first and last names, date of birth, Social Security number and driver’s license/ID information.
Forrester Research analyst Allie Mellen said that according to the attackers, this was a configuration issue on an access point T-Mobile used for testing. The configuration issue made this access point publicly available on the Internet. “This was not a sophisticated attack; this was not a zero day. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”
“This is the fifth public data breach of T-Mobile in three or four years,” Mellen added, “and by far leaks the most sensitive data and exposes the most customers. It seems T-Mobile has not learned from these previous breaches, especially considering they didn’t know about the attack until the attackers posted about it in an online forum.”
The fallout continues from the ransomware attack in May on Colonial Pipeline in the U.S. The company has started sending out letters to over 5,800 current and former employees whose personal information was accessed by the attackers. News reports say Colonial paid a ransom of $4.4 million to get access to its data. The U.S. Justice Department got about half that back.
Cyber attackers continue to look for weakly-protected providers of critical infrastructure – like pipelines. You may recall in February someone remotely tampered with the controls at a water treatment plant in Florida. The latest incidents occurred in Maine. The Department of Environmental Protection reports two municipal wastewater plants were recently hit by ransomware. In one incident office computers were down for three days, but the treatment plant wasn’t affected. No personal information was compromised. In the other incident involved a computer running the elderly Windows 7. It isn’t clear if that computer was encrypted, but the utility involved said no taxpayer information was compromised.
For those listeners who don’t know what a software development kit is, it’s a collection of software tools that help developers create applications, and may also be installed with a product. As a result, a vulnerability in an SDK can be dangerous. Here are two recent announcements of SDK problems covering perhaps millions of devices:
Companies and individuals using a wide-range of internet-connected devices such as internet gateways, travel routers, Wi-Fi repeaters and toys should be watching for firmware patches from the products’ manufacturers. This comes after a security firm called IoT Inspector discovered dozens of security vulnerabilities in devices that use certain chipsets from a company called Realtek. It is believed at least 65 manufacturers of perhaps 200 products sold for over a decade could be vulnerable to cyber attacks. Realtek issued an alert to manufacturers last week. They should now be using a fixed version of the software development kit. It isn’t clear if all products can or will have security updates issued.
In addition, a vulnerability has been found in an SDK from a company called ThroughTek, which has a protocol for wirelessly connecting a product to a mobile app. FireEye’s Mandiant threat research team says the vulnerabilities could allow a knowledgeable hacker to compromise devices. Possible devices at risk could include baby monitors, digital video recorders and wireless cameras. Mandiant wasn’t able to compile a list of affected products. But, as with your desktop software, it’s important for anyone with an internet-connected device to regularly check with the manufacturer’s website for software and firmware updates.
Finally, using an online dating site for meeting people can be risky, because you don’t always know who you’re really communicating with. The Tinder service says it will soon make its ID Verification system available to members around the world. It’s been in a trial in Japan for two years. Tinder already has a photo verification system that uses selfies.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.