It isn't just athletes that have been training hard for the Winter
Olympics in Sochi; Russian hackers have also been sharpening their
skills to harvest a wealth of valuable data from visitors to the event.
But they're not as fast as some of the more excitable reports from the
troubled event are telling it.
"The State Department warned that
travelers should have no expectation of privacy, even in their hotel
rooms," NBC's foreign correspondent Richard Engel somewhat-breathlessly
reported. "And as we found out you are especially exposed as soon as you
try and communicate with anything."
Engel, accompanied by Trend Micro's senior researcher Kyle Wilhoit, showed
an Android Samsung smartphone getting hacked in a Moscow café "before
we'd finished our coffee," and a MacBook Air and a ThinkPad running
Windows 7 falling to online attacks from a hotel room connection within
24 hours.
But, as Wilhoit later admitted on Twitter,
there was more than a little intentional fear, uncertainty, and doubt
(FUD) added to the report – or as he described it "part of the 'tv
magic'".
For a start, the coffee-break hacking of the smartphone
wasn't uninitiated, he said, meaning the user had to actively download
unknown software. Wilhoit said the attack was an .apk dropped from
browsing to a .RU Sochi-themed website that the user had to agree to
install.
As for the computers, Wilhoit recounts
that they were fresh out of the box and appear to have been put online
with no attempt to download the latest OS updates, no security software
of any kind, and unpatched versions of Java, Flash, Adobe PDF Reader,
and Microsoft Office 2007.
Given the testing methodology, if you
tried that sort of stunt in any Starbucks in the US you'd get similar
results, but Wilhoit promised a full technical report on the incident by
Friday.
TV magic aside, visitors to the Russian games are
certainly going to have problems. Kaspersky Lab is the official digital
gatemaster for the games and says that the multiplicity of devices that
visitors will be bringing to the sporting event will make ensuring
security a tough job – El Reg would argue a near-impossible one.
As
any IT manager worth their salt would tell you, it's a good idea to
take a clean-skin laptop when traveling abroad. But that means a system
that's been fully patched, has all but essential ports locked down, and
which is crammed full of the best security software coders can write,
with any valuable data being downloaded via VPN as needed.
No comments:
Post a Comment