In this week’s security snacks:
- Smart TVs Not Smart About Malware
- Home Devices Wide Open to Easy Attack
- Half of the World’s Email Servers Vulnerable to Cyberattack
Happy munching!
Smart TVs Not Smart About Malware
Bite
Samsung advises that its latest TV, the QLED TV, needs to be checked for virus “every few weeks”.
Snack
Samsung has just advised us that their latest TV, the QLED TV, should be checked “every few weeks” to prevent malicious attack. The advice tweeted via the @SamsungSupport Twitter handle showed how to check. Basically, a series of remote-control button presses. The tweet was deleted shortly afterwards but not before the information was spread across the Twitterverse.
BBC News asked Samsung for comment on the post, attempting to confirm if any specific threat had caused Samsung to issue the information. Samsung’s response was this was purely for “customer’s education”.
Rather than automating the process, however, Samsung expect consumers to manually check. Security advisers doubt many will do that. This leaves a lot of Smart TVs potentially exposed over time.
Would you check your TV for viruses? Maybe it’s time you should. In this always-on, connected world we need to be sure our devices are kept in good health, virus free and safe from attack.
Meal
Read more about Samsung’s advice, including an excerpt from the deleted Tweet, at the BBC: Samsung TVs should be regularly virus-checked, the company says.
Home Devices Wide Open to Easy Attack
Bite
Researchers from Stanford University have found that attackers don’t need sophisticated attacks to exploit home devices because even security basics are missing.
Snack
While cyberattackers work on exotic exploits, a massive research study indicates they might not need them. An academic study undertaken by Stanford University and Avast Software highlights that basic security measures are not being taken on IoT devices. An alarming number of devices have default admin credentials and/or weak passwords. A huge number of home devices are using insecure protocols (Telnet, FTP).
This exposes hundreds of millions of devices to potential attacks from cyberspace. Attackers would not even have to resort to any malware, complex exploits, or sophisticated cyber-weapons.
It’s just not just that a single device can be hacked. Researchers were able to hack a single device and turn it into a ransomware tool, using it as gateway into hacking the whole home network. They even hacked a coffee maker and sent malicious updates to the device, which could have serious consequences in the home, such as starting a fire. They also made the coffee maker send ransomware messages!
How can this be mitigated? It’s the usual suspects.
- Change the default credentials
- Keep the devices up to date with security patches
- Secure your network
Also consider only Internet-connecting the devices if absolutely necessary.
Meal
Get more information in this article from the register: Freaking out about fiendish IoT exploits? Maybe stop disable telnet and change that default password first?
Half of the World’s Email Servers Vulnerable to Cyberattack
Bite
Microsoft warns of an active Linux worm attack on the Exim mail server, and urges Azure customers to patch.
Snack
Exim is a mail transfer agent running on over half of the world’s email servers. It was discovered that Exim 4.87 to 4.91 releases contained a vulnerability which allows attackers to remotely execute commands on an exposed server.
Mitigations already exist in Azure, put in place by Microsoft, on how servers can send out mail. However, the company has urged that Azure users should be proactive and patch their Exim software to version 4.92, or at the very least restrict network access to VM’s running an effected release.
Meal
Ingest the full meal at Info Security: Microsoft Urges Azure Customers to Patch Exim Worm.
