2012's worst security exploits, fails and blunders

Stolen social security numbers. Erased online identities. Pilfered payment information. Yep, 2012 was a banner year for the bad guys.

By Brad Chacos, PC World |  Security, privacy

The scariest part? Most people probably employ the same basic (read: lax) security practices Honan did. Fortunately, PCWorld has already explained how to plug the biggest digital security holes.

The Flame virus

Traced as far back as 2010 but only discovered in May of 2012,the Flame virus bears a striking similarity to the government-sponsored Stuxnet virus, with a complex code base and a primary use as an espionage tool in Middle Eastern countries like Egypt, Syria, Lebanon, Sudan, and (most frequently) Iran.

Once Flame sunk its hooks into a system, it installed modules that could, amongst other things, record Skype conversations or audio of anything happening near the computer, snag screenshots, snoop on network connections, and keep logs of all keypresses and any data entered into input boxes. It's nasty, in other words--and Flame uploaded all the information it collected to command and control servers. Shortly after Kaspersky researchers sussed out Flame's existence, the virus' creators activated a kill command to wipe the software from infected computers.

The $50 homebrew tool that unlocks hotel doors

At the Black Hat Security conference in July, researcher Cody Brocious unveiled a device could semi-reliably open electronic door locks made by Onity. Onity locks are found on 4 million doors in thousands of hotels across the world, including high-profile chains like Hyatt, Marriott, and IHG (which owns both Holiday Inn and Crowne Plaza). Based around an Arduino microcontroller and assembled for less than $50, the tool can be built by any crook with pocket change and some coding skills, and there's at least one report of a similar tool being used to break into hotel rooms in Texas.

Scary stuff, to be sure. Perhaps more worrying was Onity's response to the situation, which was basically "Put a plug over the port and change the screws."

Originally published on PC World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question