The Tech Corner
The Tech Corner is a weekly technology news and advice column presented each week courtesy of Melvin McCrary at Ga. Computer Depot in Cedartown.
Internet of Things
After installing Internet-enabled surveillance cameras, network attached storage devices, or other home automation devices, you learn that they are constantly phoning home to a peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Most of these will not allow blocking this without software or hardware modification.
Foscam is one of several Chinese companies that come with peer-topeer networking capabilities baked in. This fact is not exactly spelled out to the user (although some of the models listed do say “P2P” in the product name, others do not).
These P2P - based cameras have a setting to disable P2P traffic (it is enabled by default), Foscam has admitted that disabling the P2P option doesn’t stop the device from seeking out other P2P hosts. This P2P function is built into most cameras and designed to bypass firewalls and can’t be switched off.
Fraudsters Tap Kohl’s Cash for Cold Cash
Scam artists are using hacked accounts from retailer Kohls.com to order high-priced, bulky merchandise that is then shipped to the victim’s home.
While the crooks don’t get the stolen merchandise, the unauthorized purchases rack up “Kohl’s cash” that the thieves quickly redeem at Kohl’s locations for items that can be resold for cash or returned for gift cards.
Turns out, the criminal wasn’t after the merchandise at all. Rather, the purpose of changing her email address was to drain the account’s stored Kohl’s cash, a form of rebate that Kohl’s offers customers — currently $10 for every $50 spent at the store. Two fraudulent orders totaling $1400.00 yielded $220 in Kohls cash total, which is emailed once the order is confirmed.
Trane ComfortLink II Thermostat
Cisco researchers found that Comfort Link devices allow attackers to gain remote access and also use these devices as a jumping off point to access the rest of a user’s network. Trane has not yet responded to requests for comment.
One big problem is that the ComfortLink thermostats come with credentials that have hardcoded passwords. By default, the accounts can be used to remotely log in to the system over “SSH,” an encrypted communications tunnel that many users allow through their firewall. The two other bugs Cisco reported to Trane would allow attackers to install their own malicious software on vulnerable Trane devices, and use those systems to maintain a persistent presence on the victim’s local network.
On January 26, 2016, Trane patched the more serious of the flaws ( the hardcoded credentials). According to Cisco, Trane patched the other two defects as part of a standard update released back in May 2015, but apparently without providing customers any indication that the update was critical to their protection efforts.
Skimmers Hijack ATM Network Cables
ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.
In an alert sent to customers, NCR said it received reliable reports of NCR and Diebold ATMs being attacked through the use of external skimming devices that hijack the cash machine’s phone or Internet jack.
“These devices are plugged into the ATM network cables and intercept customer card data. Additional devices are attached to the ATM to capture the PIN,” NCR warned. “A keyboard overlay was used to attack an NCR ATM, a concealed camera was used on the Diebold ATM. PIN data is then likely transmitted wirelessly to the skimming device.”
Safeway Self-Checkout Skimmer
Security experts discovered skimming devices attached to credit and debit
card terminals at self- checkout lanes of Safeway stores in Colorado and possibly other states. There is a simple how-to video made by a fraudster who is selling very similar-looking overlay skimmers for Verifone point- of- sale devices; The device can be attached very quickly (and removed quickly as well). The device in the video is just a shell, and does not include the POS PIN pad reader or card reader.
47% Spike in ID Theft Due to Tax Fraud
The U.S. Federal Trade Commission (FTC) today said it tracked a nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud. The announcement coincided with the debut of a beefed up FTC Web site aimed at making it easier for consumers to report and recover from all forms of ID theft. It is encouraging to see the FTC urging consumers to request a security freeze on their credit file.
Emsisoft Releases a Decryptor for HydraCrypt and UmbreCrypt Ransomware
Emisoft has released a Decryptor for the HydraCrypt and UmbreCrypt ransomware infections. Both of these infections are part of the CrypBoss Ransomware family, whose source code was leaked last year.
Latest TeslaCrypt Version uses the .MP3 Extension
A new version of the TeslaCrypt ransomware was released that contains some minor changes. The version number is still 3.0, but the ransom notes have been renamed and the file extension for encrypted files is now .MP3. There is still no way to decrypt this latest version of TeslaCrypt.
In honor of Safer Internet Day, Google is giving away 2GB of extra storage for completing their Security Checkup. This checkup will walk you through a series of checks to make sure you are using Google in the most secure manner possible.