Threat Report

CTC’s August 2019 Threat Report

Technology integrates so well into our daily lives that it’s easy to place perhaps too much trust in it. 

That’s what happened to approximately 100 drivers in California. They trusted Google Maps to find their way out of a traffic jam but ended up stuck in a muddy field.

That level of trust can create issues for businesses, too. Here are three recent instances of violated trust.

Tech Trust Issue #1: Android Phones

One new threat allows Android apps to capture loudspeaker data using a smartphone’s accelerometer. From Hacker News

Since the built-in loudspeaker of a smartphone is placed on the same surface as the embedded motion sensors, it produces surface-borne and aerial speech reverberations in the body of the smartphone when loudspeaker mode is enabled. … 

Researchers say the remote attacker could then examine the captured readings, in an offline manner, using signal processing along with “off-the-shelf” machine learning techniques to reconstruct spoken words and extract relevant information about the intended victim.

While this hack isn’t as potentially damaging as our next two, it helps underscore the novel ways bad actors can acquire your company’s vital information.

Tech Trust Issue #2: Macs with Zoom

Another vulnerability afflicted Macs with Zoom’s video conference application installed. Hackers could leverage common website technology to open a video call on those Macs without users’ permission or knowledge. 

This was possible because the hackers exploited a web server that Zoom installed on users’ computers — often without their explicit permission or knowledge. 

Through the Zoom-installed web server, hackers could force the targeted computer to accept requests that regular web browsers would not accept. Then, a website could activate the user’s webcam for a video call that the user neither initiated or is even aware of. 

In response, Apple issued a software update that removed the clandestinely-installed web server. Zoom issued an explanation and promised to take security more seriously in the future. 

For a company that proudly touts users’ trust on its home page, however, it’s clear this issue left a bad impression on Mac users everywhere.

Speaking of misplaced trust …

Tech Trust Issue #3: Browser Extensions

Security researchers discovered that a collection of eight browser extensions for Chrome and Firefox browsers collected private information on 45 companies and millions of individuals.

From Lifehacker: “Each of these extensions tracked data differently and used sneaky tactics — such as waiting until 24 days after installation to begin tracking — to obfuscate the data collection process. The collected data was then sold to any interested buyers ….”

The extensions captured personal and corporate data. Accessible corporate data included:

  • Company memos and proprietary secrets (such as source code)
  • Firewall access codes
  • LAN environment data

… and more. 

Ensure that users on your network immediately uninstall:

  • Chome: Branded Surveys, HoverZoom, Panel Community Surveys, PanelMeasurement, SpeakIt!
  • Chrome and Firefox: FairShare Unlock, SuperZoom
  • Firefox: Helper

Chrome and Mozilla disabled the extensions and removed them from their respective marketplaces. However, but security research shows the extensions remain active on computers in which they were installed. The only safe way to address the issue is to uninstall them completely. 

There’s No Substitute for Awareness and the Right Support

It’s easy to trust the technology we use every day — even if it occasionally directs us to a muddy field. But the duties and responsibilities of enterprises to associates, clients, and investors require unceasing vigilance.

Solutions such as those provided by Cisco AMP, Palo Alto Traps, Symantec, and others can help your team maintain that vigilance through features such as artificial intelligence. 

CTC Technologies provides support for these and other safeguards for everything from startups to large, multi-national corporations. We’re ready today to help your company stay ahead of threats, whether they spring forth from mobile devices, laptops, or any other network-connected devices. Contact us today to learn more.