Welcome to the ISMS.online series of cyber and information security news.
As usual, there are plenty of stories to choose from, so let’s get started…
3 and a half minute read
There’s something whiffy about the wi-fi
This week researchers discovered a serious flaw in the authentication systems of both business and residential wi-fi routers in several countries. The flaw, which has been named ‘Krack’, is potentially leaving the majority of wi-fi connections exposed to potential attacks.
We have heard that Google is currently patching devices that are thought to be affected, but they admit that this could take weeks. Microsoft has said that they have released a security update for their routers in a hope to rectify the situation.
The US Computer Emergency Readiness Team (CERT) said of the flaw:
“US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol. Most or all correct implementations of the standard will be affected.”
“The risk will depend on a number of factors including the time it takes to launch an attack and whether you need to be connected to the network to launch one, but the paper suggests that an attack is relatively easy to launch. It will leave the majority of wi-fi connections at risk until vendors of routers can issue patches.”
Hacking kid’s smartwatches is child’s play
Children are always eager to get hold of things that are above their age group. First, it was the smartphone and now it’s the smartwatch. Great, you might think. At least it stops them playing with yours. But the Norwegian Consumer Council (NCC) has tested a number of smartwatch brands designed for children and have found them to be scarily ‘easy’ to hack.
During these tests, the NCC was able to track the location of the wearer, listen in on their conversation, as well as communicate directly with them.
Some of the brands involved have said that the security flaws uncovered have either been fixed or are soon to be. As a precaution though, John Lewis has withdrawn the smartphones from sale.
North Korean drama hit by cyber-attack
UK based television company Mammoth Screen has been hit by a cyber-attack after announcing that it was to produce a drama about North Korea.
The film, which was due to be broadcast on Channel 4 next year, was to revolve around the story of a British nuclear scientist who is taken prisoner while working in North Korea. It’s thought that after demanding the UK government pull the drama, they employed hackers to gain access to the TV company’s computers.
No actual damage was done by the hackers, but they made their presence felt. Mammoth has now pulled the drama from production.
Parliament’s emails get hacked
Back in June, the British parliament and it’s cabinet ministers suffered what it calls a sustained cyber-attack, in a story that has only just come to light.
It is thought that hackers repeatedly tried to guess passwords of 9,000 accounts at Whitehall, finally gaining access to 30 of them. Experts say that the attacks had come from Iran, after originally wrongly accusing Russia. This incident has been described as Iran’s first significant cyber-attack on Britain.
Get your ISMS certified with ISO 27001
Want to learn more about our ISMS?
Use the ISMS.online software to satisfy the directive