Credit:TKKurikawa/Shutterstock.com12 16 - 29 October 2019 Email us your security questions [email protected]
QHow worried
should we be
about security
flaws reportedin
smart-home devices?
Richard Edwards,
FacebookAWhetherit’s virtual
assistants or
home-security
equipment, new devices
are increasingly becomingThomasCook customers
targeted by phishing sites
Securityresearchers have discovered
that53 ThomasCook-related
domainswere registered in theweek
after the travel operator went into
receivership, some of whichwere
created for phishing purposes.
Patrick Martin, head of threat
intelligenceat Skurio, said that none
of the siteswere actively hosting
malware, “but there are53 domains
out there so I’d be surprised ifat least
one or more[wasn’t]”. Somewere
being used as a means of harvesting
user databy offeringThomasCook
customersrefundsfor money they’d
lost on cancelled holidays.
Martin added thatroughly 25%
of the domainswere simply
piggybacking off thecollapseby
acting as harmlessredirectsto other
sites, but others appearedto have
been set up so that phishing
attemptscould be made onformerpart our lives. A recent report
byWhich?found webcams
with security flaws
being sold by
Amazon,
which serves
as a reminder
to owners of
webcams,
baby monitors
and home-
surveillance
cameras of the dangers
that weface, even in our
own homes.
Because of the amount of
sensitive information
exchangedin what is seen as
a ‘safe’ space, hackers are
able to access a hugevolume
of personal information that
can be used to devastatingeffect. By
successfully hacking
home devices,
criminals can spy on
people, blackmail them
andeven discreetlymake
themtheir partners in crime.
To combat this, further
government intervention is
becoming increasingly
necessary. If the government
allowed manufacturers who
comply with Internet of
Things device standards to
display aclearly visi blemark
(similar to the BritishStandards Institute
kitemark), it would provide
an easy way for consumers
to tell if something is safe,
andto avoidmanufacturers
who don’t comply with
these standards.
Security should be
implemented by design
and, as these Internet of
Things devices are
manufactured for global
consumption, appropriate
government guidelines
will help make these
devices safer.News about the latest threats and advice from security experts
Stay Safe OnlineSECURITY ALERT! |What’s been bothering us this fortnight
Security Helpdesk|Your questions answered by security specialistsemployees and customers from
a legitimate-looking email address.
UK citizens have already been alerted
to the influx ofThomasCook-related
scams, as banks have issued alertsto
customerswarning against the rise in
threats targeting them.
bit.ly/thomas218 millionWordsWith
Friends players
hit by hack
More than 218 million
players of the popular
mobile gameWords
With Friends havebeen advisedto change their
passwords,following a serious data
breach last month.
On 12 September, the games’
publisher,Zynga, announced thata
databasecontaining player account
information may have beenstolenby
an outside hacker.The hacker then
cameforwardto claimresponsibility,
telling news siteThe Hacker News that
he was ableto access the data ofevery
user who had signed upto playWords
With Friends on Android and iOS.
The stolen informationreportedly
included names, email addresses, login
IDs, hashed passwords and phone
numbers.Zynga said that no financial
datawas compromised in the breach,
that most of its other gameswere not
affected and that it had takenstepsto
protect users’ accounts. “Cyber-
attacks are one of the unfortunate
realities of doing businesstoday,” the
company said on a support page.
bit.ly/wordsBy hacking home devices, criminals
can spy on people, blackmail them and
make them their partners in crimeTHIS ISSUE’S EXPERT:
David Emm, Principal
SecurityResearcher
at Kaspersky Lab
(www.kaspersky.co.uk)