multiple remote root exploits for some of Cisco’s latest consumer-grade gear - and remember, if your router is pwned, it doesn’t matter if all your computers are patched and ultra-secure; your traffic can still be silently MITM’d and your connection hijacked for nefarious purposes.
Ah…another set of router exploits. At least all the major routers that run traffic in the core of the networks are secure from these kinds of vulnerabilities because of high degrees of security-first coding, right?
Fortunately, only ‘advanced payment cards’ are currently affected by this. Well, and the BC Services Card once it’s in people’s hands and the chip has been activated.
Well, at least this technical threat isn’t a problem in Canada, where we aren’t moving towards advanced electronic identity cards meant to subsequently be accessed using personal computers to access sensitive data held by government services.
Oh. Wait. I forgot: we’re doing just that, aren’t we.
Though a little over a year old, this post concerning the security of smartmeters is particularly valuable considering the rapid adoption of the technologies throughout Canada. Particularly pertinent:
Citing confidential sources, the FBI said it believes former employees of the meter manufacturer and employees of the utility were altering the meters in exchange for cash and training others to do so. “These individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters,” the alert states.
The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.
“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.”
The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer.
So, this suggests that insider threats and poor shielding enable significant fraud. Can’t say it’s surprising given how often these meters have been compromised when deployed in other jurisdictions.