Child monitoring software hacked, another software code no-no and more MicroTik router problems
Welcome to Cyber Security Today. It’s Wednesday September 5th. To hear the podcast click on the arrow below:
For parents, keeping an eye on what your children are doing online in this connected era is a necessity. For that, there’s lots of software allowing you to monitor what’s on your kids’ smart phones, tablets and computers. However, as with any technology, the more you add the bigger the risk it will be hacked. The latest example was discovered by an apparent good-guy hacker who got into the system of a company called Family Orbit, whose software can be used by parents to view what their kids are doing with their devices. The hacker told the news site Motherboard that access could be gained to all photos uploaded from the phones of kids being monitored. In addition, the hacker could get access to company passwords. Family Orbit says it has plugged the hole. This story is one of a series Motherboard has been writing about what it calls commercial spyware for monitoring children or employees. Parents and employers have to think carefully about subscribing to such software. Will it be of benefit, or it is another way a hacker can get access to a system and instead of protecting people violates their privacy?
Last month I reported on a software update at an Irish telecom company that went wrong and left encrypted data exposed on a stolen laptop. Well, CNN has discovered a screw-up just as bad: Acting on a tip, it found a U.S. government web site for handling Freedom of Information requests for many departments exposed full Social Insurance numbers and dates of birth of people either requesting information or about people whose information was being sought. This information could have been stolen and used for impersonation and fraud. Normally personal information is masked. But guess what? When the web site was recently updated it messed up the protection mechanism. The government was notified and the holes fixed and departments warned to be more careful about what personal information can be disclosed. But software and web site developers simply have to do a better job of testing their code before it is implemented.
Finally, last month I also told you about vulnerabilities in business-level MikroTik routers that could be used to install cyptocurrency mining software. Now a Chinese security company called 360 Netlab says it has discovered another problem: Thousands of operating systems on MikroTik routers have been hacked, and their traffic is being forwarded to other Web sites. MikroTik sells in Canada, but most of vulnerable devices found in Brazil, Russia, the U.S., Indonesia and India. Regardless, it’s important that administrators with MicroTik routers on their networks install the latest security updates.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.