August 2023 Edition
EXECUTIVE SUMMARY: We cover the fantastic tale of the hacker sometimes known as 'The Doctor' and other times as the 'Janit0r' who played cyber Thanos and destroyed over 10 million devices to save the planet from another hacker - or so he says. Maureen The Clean discusses Phlashing while juggling kids and her day job. Jake The Pedantic reveals his command of the 'come to papa' phrase while discussing 'Juice Jacking' while Samuel The Harangued continues to whack-a-mole Aunt Mabry's cyber indiscretions.
In 2016, a hacker known who called himself/herself 'The Doctor' but was given the nickname 'The Janit0r' destroyed over 10 million internet connected home devices, including 60,000 Indian home internet routers, and made them completely unusable. Thanos would have blushed with a move like THAT! '
'The Doctor', in a letter admitting guilt written to a news outlet, called it an 'Internet Chemotherapy'. 'The Doctor' used what is called a Phlashing attack, also known as Permanent Denial of Service (PDoS), where the attacker runs malicious code on a device and causes irreparable damage rendering the device completely unusable (also called 'bricking a device' since it can only be used as a brick or paper weight afterwards). His motivation was to remove poorly designed, insecure devices in homes from connecting to the internet before they were compromised by a more malicious hacker to launch a larger attack on the internet that used those same devices as weapons! But he didn't stop there. He released the source code to his malware and soon it ran wild amongst people who had a lot more malicious intent and many variants sprouted. Do you call 'The Doctor' a hacker? A vigilante? Irresponsible? Ethical or unethical? If so, what about the makers of these home internet devices who continue to sell devices with known vulnerabilities? The debate continues as devices increase exponentially in our homes!
Internet connected devices in companies and homes such as smart TVs, home routers, security cameras are all prime targets. Unpatched vulnerabilities are how they are exploited. Unfortunately, these are plentiful and pretty much every major brand has been guilty of pushing out poorly secured code in their devices including code from Chinese manufacturers
How to Protect Yourself?
Here are 3 things you can do to reduce your risk. Unfortunately, these issues mostly stem from the vendor:
Change the default password on all internet connected devices and make them strong passwords.
Make sure to update all devices to the latest patches. Enable automatic updates, if possible.
Check to see if your device manufacturer is still issuing software updates or patches for your device. If they have issued an 'end-of-life' notice for the device or components inside the device, it may be prudent to remove that device from your home network.
'Come to Papa!'
Jake The Pedantic
'Juice Jacking' With USB Ports
Hackers have figured out how to install malware behind those free USB charging stations in airports, malls, etc. It is perfect for them - they install the malicious USB once and people walk over to get hacked! Hackers call it 'Juice Jacking'. It is a big enough issue that the FBI and FCC have issued warnings about it. Juice jacking has been around since at least 2011 and major phone manufacturers have built in protections since then requiring user permission on data transfer or software install. But jail broken phones and other devices such as hand held gaming systems or devices from lesser known vendors could still be vulnerable.
TIPS TO AVOID IT
Use the right power adaptor! It comes with most of the common devices like phones!
Use your own battery charger!
If you are in a bind and have to use a USB outlet, power off your phone - still not foolproof but at least you are making it harder and lowering your risk.
Fool me once, shame on you. Fool me twice, shame on me! Imagine losing money in a crypto scam and then being targeted again by a scammer who promises to recover your money? Crypto recovery scams are now a thing. Read the FBI warning.
Are you using an old router that the manufacturer has issued an 'end-of-life' notice on? These are ripe targets for hackers to convert them into botnets or worse steal your data. Some old Zyxel routers are being targeted actively.
99.98% of Americans can be uniquely identified with just 15 characteristics such as marital status, age, gender. The data broker industry trades over 1500 characteristics about each of us thousands of times a day across every app, device and website we use.