2014 Threats Predictions: The Internet of Things Offers Handy Gadget Control, Yet Could Unlock More Than We Expect

This post is one in a series of articles that expand on the recently released McAfee Labs 2014 Threats Predictions. In this and related posts, McAfee Labs researchers offer their views of new and evolving threats we expect to see in the coming year. This article was written by Toralv Dirro, Aditya Kapoor, and Cedric Cochin.

Many people are looking forward to the Internet of Things and how this trend can make our lives easier and more automated. But many don’t know what this means or how it already impacts us today. The idea behind the Internet of Things is that if people and many common objects in our daily lives were equipped with unique identifiers, then our computers could efficiently automate and manage these objects. Today there are many definitions, but central to all is the management of resources by computers, including mobile devices. To achieve this, these resources must be interconnected. And this is where we can see both benefits—and possible problems—for our lives.

Lots of devices already offer an intranet or Internet connection to make our dealings with them easier; just look at the average new television. Of course it works just fine connected to your cable, satellite, or aerial service. Now add a Blu-ray player and some TVs will automatically exchange information, adopt configurations, etc. For instance, the Anynet+ protocol will link your TV via a network cable or WiFi stick and download content from the Internet, while updating itself with the latest version. These are useful features, but they come with a risk. We have seen that attackers can exploit vulnerabilities in the set (basically it’s just a computer, running an OS and apps) to take over the TV and, for example, activate a built-in webcam. There are even alternate operating systems for some TV sets. If an attacker could take over a TV somewhere in a corporate network and use it to stage attacks on other machines, how would we ever suspect the TV could be the weak link? If this isn’t already happening as part of advanced attacks, we suspect it will occur in the coming year.

Vulnerabilities in Things extend much further than television. The European standard Meter-Bus (or M-Bus) was designed for the remote reading of gas and electric meters. Recently its radio variant, Wireless M-Bus, has gained a lot of popularity. The wireless aspect allows the remote management of lights, heating, electricity, alarm systems, and much more from a central unit using a special protocol. These systems have become affordable for home use and allow the owners to control appliances and other home services via smartphones and tablets over standard WiFi. Soon some houses will do away with keys to unlock doors and replace them with locks that use near-field communications or Bluetooth to identify the owners simply by their smartphones. Some Internet-connected locks will allow the remote locking and unlocking of homes, handy for letting in the house cleaner or the kids after school. What could possibly go wrong? For starters, if attackers can crack your home WiFi, they might easily open the doors to robbery attempts, without having to break in and attract undue attention.

The Internet of Things is still in its early stages. Yet we can foresee even more serious threats. Electric cars can now store and return electricity to the power grid. To do this, they will be connected to the home network and a smart meter, making remote attacks against a car and its systems (disabling brakes, etc.) much more feasible. We can also imagine potentially lethal remote attacks against medical devices such as insulin pumps. And these concerns don’t begin to touch the potential problems of various household or office devices updated by the “backdoor,” for good or ill, by their manufacturers.

In the coming years, having your ID stolen after a criminal compromises your home computer may seem a minor problem. Your security concerns will have to expand beyond traditional computing devices to make sure all networked objects are regularly updated and that you employ secure passwords.


It’s alive! Once-prolific Flashback trojan still infecting 22,000 Macs

A screenshot of an Apache Server log showing infected Macs connecting to a Flashback command and control server. The user agent strings and referrer strings showing Windows NT 6.1 machines, are set by Flashback. Intego has confirmed that the machines are, in fact, infected Macs.

The Flashback trojan that hijacked well over 500,000 Macs at its peak is still clinging to life, with about 22,000 infected machines in recent days, a security researcher said.

The compromised Macs were observed connecting to command and control servers that had been "sinkholed—meaning taken over for research or security purposes—by analysts from security firm Intego. During a five-day period ending January 7, 22,000 Flashback-infected computers reported to server domains recently acquired by Intego, Arnaud Abbati, a researcher with the company, wrote in a blog post. Those machines could be maliciously controlled by anyone who has access to one of the many domain names programmed into a Flashback algorithm, assuming they know how the internals of the malware works.

Flashback first came to light in 2011 when it took hold of people's machines by masquerading as a legitimate installer of Adobe's ubiquitous Flash media player. By early 2012, Flashback morphed from a socially engineered threat to one that performed surreptitious drive-by attacks by exploiting vulnerabilities in Oracle's Java software framework. Flashback was among the most sophisticated pieces of malware ever to target mainstream Mac users.

Read 5 remaining paragraphs | Comments

New Year, New Apartment, Same Old Scams

The New Year has started and many people are still holding to their resolutions. Besides the usual suspects of exercising more and quitting smoking, some might have planned on finding a new apartment. Unfortunately, this also means a rise in prepaid rental ad scams. So be cautious while you’re searching for a new home.

The prepaid rental scam advertisements can be encountered on nearly any platform and in most countries. The ads often look very professional; some are even copies of real ads from legitimate sources. We have seen them on established apartment rental sites, online notice boards, B&B agency sites, and even in the classified ads section of newspapers. The website owners try their best to spot false advertisements and delete them as fast as possible, but there is always a chance that there is a new ad that hasn’t been removed yet.

The scam is pretty simple. Once the victim shows interest in the apartment the alleged landlord informs the victim that he is currently traveling and will not be able to show the apartment in person, but will send the keys after a security deposit has been made. This is a classical advance payment scam. The money is often requested through services other than regular bank wire transfers. After the victim sends the money, the scammer disappears with the deposit and is never heard from again. The key to the apartment is never sent, and the apartment may never have actually existed. Although some scammers made the effort of sending a real key that didn’t work on the apartment to the victim. The attacker may do this to buy some time to erase his tracks until the victim realizes the key does not work on the apartment.  

Some scammers also use the false pretense of a background check to gather personal information or passport photos of the victim, which can then be used to steal the victim’s identity.

Similar scams can happen in the other direction as well, often with rentals for vacation apartments. In those cases, the scammer pretends to be an interested renter instead of the landlord. Once all the details have been agreed on, the scammer will ask for the bank details in order to proceed with the wire transfer. The trick is that the scammer will transfer more money than the agreed sum to the landlord. This money does not come from the scammer’s bank account, but is instead stolen from an online banking account that has been hijacked by a financial Trojan. After the transfer has been credited, the landlord is contacted and asked to send the excess money back to the now allegedly traveling scammer through other means. A few days later, the landlord will be informed by the bank that the money was stolen and he will have to pay it back, since he served as a money mule.

So no matter if you are renting or leasing, you should always be vigilant and try to follow a few rules even if it can be difficult to verify the details.

  • Don’t pay any money in advance if you haven’t seen the apartment or met your contact.
  • If you can’t see the apartment or meet your contact, use a trusted escrow service.
  • Be cautious when sending money to a different address or through unusual financial services.
  • Do not rush the transaction or feel pressured. If the other party is too eager to sell, something might be wrong.
  • Money from a false transaction should only be sent back to the original account that it came from.
  • Search online for the email address or the advertisement text. Others may have already reported it as a scam.