Tuesday, August 9, 2022

Cyber Security Today – Phony Samsung app, update Microsoft Office, not-so-smart door locks, and a router manufacturer disciplined

Avoid this phony Samsung app, update Microsoft Office, not-so-smart door locks, and a router manufacturer disciplined

Welcome to Cyber Security Today. It’s Friday July 5th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

It’s the start of the U.S. Independence Day long weekend. For those of you enjoying a day off, thanks for listening. For the rest of you who usually listen on the way to or at work, thanks you as well — and here’s the news:

Attention owners of Samsung smart phones: Don’t get suckered into using an Android update app found in the Google Play Store. Called “Updates for Samsung,” this scam lures you into paying $34.99 to download updates. What you really get, according to the CSIS Security Group, are a lot of ads — and you’ve given a stranger your credit card. About 10 million people have downloaded this app for some reason. The only safe way to get Android updates is through the Settings application on your device. Go to “About phone” and then “Software Update.” If your device is so old you can’t get Android updates anymore, it’s time to buy a new one.

Attackers don’t always look for new holes in software when trying to crack computers. Old vulnerabilities that are unpatched are just as good. A reminder of that came this week when the U.S. military’s Cyber Command issued an alert that hackers are still trying to exploit a vulnerability in Microsoft Office that was discovered two years ago. If you or your company hasn’t patched Microsoft Office in a while, you’re open to being hacked.

Smart home and office technology isn’t always smart. If manufacturers take shortcuts, Wi-Fi connected door locks, surveillance cameras and the like can reduce security, not increase it. The latest example was outlined this week by two security researchers who were able to crack a front door lock made by a company called Zipato by getting to its wireless hub. Now, the hub had some security protections, including a scrambled password. However, the way those protections were implemented wasn’t good enough. To its credit, when told of the vulnerabilities Zipato fixed them, and new firmware is available for users to download. The company has also discontinued the vulnerable hub. The lesson for manufacturers of Internet-connected devices is that product security is complex and has to be carefully thought out and implemented.

What might happen if they don’t do it right? Regulators might come knocking. For example, this week D-Link, which makes routers and Internet-connected surveillance cameras, was forced to promise to follow a comprehensive software security program after being sued by the U.S. Federal Trade Commission. It was part of a settlement of a 2017 complaint that the company failed to secure products from well-known vulnerabilities. In marketing materials D-Link said its products included advanced network security. In reality devices could be easily hacked. The settlement also obliges D-Link to get independent third-party assessments of its security program every two years for the next decade. And if you have a vulnerable D-Link device? The company has to push software fixes out and send clear how-to-install instructions to owners.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast