Research

Activism and IoT

Political cyber attacks have significantly increased in the past few years. Hackers often boast about their abilities to take down large and highly secure companies, but now organisations in politics can offer more significant impact and kudos.

First Published 17th February 2016

Activism and IoT

Turkey's General Directorate of Security gets a visit.

3 min read  |  Reflare Research Team

This week was a busy week for hacktivists as well as IoT data breaches. Once again, hackers have shown interest in political gain by hacking large organisations such as healthcare, government facilities and postal services.

The hacking organisation Anonymous recently hacked Turkey's General Directorate of Security (EGM) due to what Anonymous claims as various waves of abuse from the government. They then released 2.8GB of compressed data that contains information on the government's infrastructure. This is just another example of hackers using attacks to gain political awareness for their causes. No significant backlash is expected to happen, but the published data was used to bring to light political events between Turkey and its anti-terrorist activity.

At the same time, Hollywood Presbyterian Memorial Medical Center has been forced back into pen and paper transactions. The hospital released a statement to say that they are working with the FBI and LAPD on an investigation into a recent attempt to hold the hospital's data hostage. Recent reports show that the hospital could be a part of a ransomware attack, which means that attackers encrypt its data and require thousands of dollars for the decryption key. In an organisation with millions of health records, it could set a precedent for ransomware attacks. Ransom attacks are common on individual machines, but this is one of the first attacks that threaten an entire organisation enough to force them to stop using their computer systems.

IoT technology continues to show its limitations in security. Samsung recently sent a press release that highlighted how their voice systems work for Smart TVs. Any voice communication within the TV's area is captured and sent to cloud servers. This means that private conversations are sent to Samsung and processed from voice to text. Samsung collects this data to determine if they need to improve their devices. Unfortunately, this means that any personal conversations are also recorded among voice commands. Should law enforcement subpoena Samsung, these conversations would no longer be private. The official recommendation by Samsung is to not have private conversations in rooms with a Smart TV which is not a practical mitigation for end users.

Samsung is yet another IoT device that was shown to have severe security flaws, mainly in the area of privacy. Until engineers for these devices begin thinking like hackers, the hacking community will continue to find critical flaws in the systems.

Subscribe by email