Security Issues that are interesting

Chat about just about anything else
Post Reply
User avatar
lsemmens
Level 8
Level 8
Posts: 2353
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Security Issues that are interesting

Post by lsemmens » Wed Aug 14, 2019 10:07 am

One of my regular newsfeeds is fromTechRadar. today they posted a couple of interesting ones,

This fake iPhone charging cable will hijack your computer

and for the digital camera owners

DSLR cameras could be at risk from ransomware
Fortunately my DSLR is a little old for this sort of jiggerpokery and Wife is the only owner of bits of fruit around here.
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

RollyShed
Level 2
Level 2
Posts: 98
Joined: Sat Jan 12, 2019 8:58 pm
Location: South Island, New Zealand

Re: Security Issues that are interesting

Post by RollyShed » Wed Aug 14, 2019 6:26 pm

From the article it gives the impression they need to be "holding" the computer, actually be sitting in front of it as it mentions using the keyboard and mouse.

"allowing them to download and launch malware,"
Doesn't Linux always insist on a password?

"remove devices from Wi-Fi networks, and even reconfigure systems.""
So? That would stop the computer from having WiFi access. So? Doesn't owner then reset it when they return to using their computer? e.g. chuck the intruder out the door? And call the police for breaking & entering?

The camera -
"In addition to the threat of having all of the photos stored on a device locked as a result of a ransomware attack, malware installed on a digital camera could also be used to launch other attacks."

So at worst you lose some pictures off that memory card - maybe.
Again, a password needed to attack the Linux system?

Are digital cameras becoming as complicated as a full computer? It probably means some people aren't using 35 mm film. Oh dear!!!!!

User avatar
smurphos
Level 12
Level 12
Posts: 4116
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: Security Issues that are interesting

Post by smurphos » Thu Aug 15, 2019 1:51 am

RollyShed wrote:
Wed Aug 14, 2019 6:26 pm
From the article it gives the impression they need to be "holding" the computer, actually be sitting in front of it as it mentions using the keyboard and mouse.
Nope the whole thrust is that the attacker can access the computer remotely via WIFI if the compromised cable is attached via USB. As to whether that access comes with elevated privileges or not who knows, but assuming not once in depending on the complexity of your user password it might not take long to brute force it. They wouldn't need to guess your user name.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.

carum carvi
Level 5
Level 5
Posts: 973
Joined: Sun Apr 16, 2017 11:44 pm

Re: Security Issues that are interesting

Post by carum carvi » Thu Aug 15, 2019 2:48 am

Very interesting article Lsemmens. Keeps me wide awake of ALL the vulnerabilities attached to working with computers.

The more I read about computer security issues the more I start wondering if perhaps it isnt a good idea to have a small, but well protected database on paper, for all the essential data, as a secure backup? I have done so for myself, but I would also like the idea if passport/identity government records etc were somewhere saved in a NON computer system as an extra backup in case of a major computer breach.

In the Iphone article I was wondering if only a Wifi connection would be vulnerable? Or would an ethernet cabled computer be vulnerable to the same risk, once this Iphone cable is connected?

User avatar
Portreve
Level 8
Level 8
Posts: 2008
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Security Issues that are interesting

Post by Portreve » Thu Aug 15, 2019 3:45 am

It's really a sad time in our technology history that we are going to start having to authenticate and authorize cables themselves, in addition to devices we use them to connect to our hardware.

It's kind of getting to the point where I almost think we'd be better off not being dependent upon any computer technology and just go back to doing things by hand. I mean, not really, but this sort of thing highlights how trivial it actually is to make it almost impossible to completely defend oneself given how insinuated technology has become in our daily lives.
I'm so down wit' dat', yo, dass ich unter dem Beton bin.

Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

All in all, you're just another brick in the wall.

RollyShed
Level 2
Level 2
Posts: 98
Joined: Sat Jan 12, 2019 8:58 pm
Location: South Island, New Zealand

Re: Security Issues that are interesting

Post by RollyShed » Thu Aug 15, 2019 5:58 am

smurphos wrote:
Thu Aug 15, 2019 1:51 am
Nope the whole thrust is that the attacker can access the computer remotely via WIFI if the compromised cable is attached via USB.
So you buy the cable and take it home - somewhere. Your WiFi link just covers your house. A person now needs to know you have one, Needs to know where you live. Needs to know you have plugged it in and now needs the time to brute force your password. By which time you've unplugged it and gone to bed.

You will plug it in again - some day, but when? So he puts up a WiFi connection outside your house and links in via, somehow, at some cost.

Is it actually worth all that trouble on the off chance there might be something worth stealing?

What is possible and what is worth doing can be completely different things.

User avatar
lsemmens
Level 8
Level 8
Posts: 2353
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Security Issues that are interesting

Post by lsemmens » Thu Aug 15, 2019 6:34 am

RollyShed wrote:
Thu Aug 15, 2019 5:58 am
Is it actually worth all that trouble on the off chance there might be something worth stealing?

What is possible and what is worth doing can be completely different things.
Which is why I stated that they were interesting. Nowhere did I insinuate that they were practical. The problem, here, isn't so much the demonstration of the security flaw, but that someone later on can find a way to capitalize on said flaw. Even if it means more development to make it possible. The only way 99% of the unauthorised computer access occurs is because someone found a flaw and then managed to exploit it to their gain.
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

RollyShed
Level 2
Level 2
Posts: 98
Joined: Sat Jan 12, 2019 8:58 pm
Location: South Island, New Zealand

Re: Security Issues that are interesting

Post by RollyShed » Thu Aug 15, 2019 7:39 am

lsemmens wrote:
Thu Aug 15, 2019 6:34 am
Which is why I stated that they were interesting. Nowhere did I insinuate that they were practical.
Exactly but there seemed to be some replies that indicated a "lets hide under the bed" response.

Wouldn't it be easier to leave something under a person's door mat monitoring the WiFi? Or does something need to be plugged in?

I think we should worry more about the drop-bears at this stage, especially those in South Australia, swinging from the rafters in Adelaide.

User avatar
Portreve
Level 8
Level 8
Posts: 2008
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Security Issues that are interesting

Post by Portreve » Thu Aug 15, 2019 12:23 pm

RollyShed wrote:
Thu Aug 15, 2019 7:39 am
I think we should worry more about the drop-bears at this stage, especially those in South Australia, swinging from the rafters in Adelaide.
I lose sleep every night worrying about that.
I'm so down wit' dat', yo, dass ich unter dem Beton bin.

Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

All in all, you're just another brick in the wall.

Post Reply

Return to “Open chat”