Skip to content

Security Bytes - Issue 9

Jim Tiller is the Chief Information Security Officer at Nash Squared. With over two decades of information security experience, Jim is an internationally recognized cybersecurity authority on cyber risk management, security technology, industry leadership, and multiple patent-winning recognition for innovation in security solutions.

This week we see a ransomware gang get attacked in retaliation for an attack on Entrust (didn’t seem to matter); a car company makes a bit of an error; a researcher finds a way to get your data by watching blinking lights; and Capitol Records signs its first virtual artist.

I didn’t cover the huge news items this week, such as Twitter whistle blower, Palo’s massive vulnerability, LockBit crippling a French hospital with ransomware, or Apple releases emergency patch, because there’s ton out there already. So, I went more to the edges for this week’s newsletter. Nevertheless, know it was a big week in cybersecurity happenings (I’m starting to sound like a broken record, aren’t I?)

--------------------

Karma or Kickback

This week the LockBit ransomware group confirmed it is (was) suffering from a distributed denial of service attack (DDoS). Based on information from LockBitSupp, the public face of LockBit, as well as Vx-underground the attack appears to be in retaliation to the attack on Entrust months ago, highlighted in June’s Security Bytes. I find this story interesting because on one side it’s the bad guys getting a taste of their medicine. However, on the other side, who is performing the attack and why effectively on behalf of Entrust. It’s just, well odd. Entrust says nothing of significance was taken, but their customers include some of the largest organizations in the world, powerful organizations. I suspect this isn’t the last we’re going to hear from this.

Links:
Article: https://www.theregister.com/2022/08/22/entrust_lockbit_ddos_ransomware/ 


Say it Ain’t so

In previous Security Bytes I’ve highlighted the increasing need for security in the automotive industry and most recently highlighted issues that can surface when non-security companies build their own security solutions. This week those two things collided for Hyundai. A developer wanted to personalize their Hyundai’s infotainment system with their own software and was able to do so after discovering that Hyundai had actually used an example AES encryption key found in the NIST SP-800-38A documentation. By using this published secret key, the developer was able to pass encrypted files as updates to the Hyundai’s in-car system. Just in case you’re having trouble following… the security used to control updates to the car’s systems was based on an example 128-bit key NIST published as part of the standard. Was that lazy programming or was it simply failure to understand the fundamentals of cryptography? I sense it was the latter.

Links:
Article: https://www.theregister.com/2022/08/17/software_developer_cracks_hyundai_encryption/ 
And if you own a Hyundai, here’s how to load your own software: https://programmingwithstyle.com/posts/howihackedmycarguidescreatingcustomfirmware/ 


Blink, Blink, Hack

Ok, this may seem pretty far fetched for an attack, because as an attacker you’d have to succeed at several difficult steps for this to work, but may I remind you of Stuxnet. In other words, when the prize is great enough, the greater the effort worth spending. This week an Israeli researcher discovered a method to exfiltrate data from a highly secure, air-gapped network by monitoring the blinking lights on a system’s network interface card (NIC). Step 1, install a modified version of firmware for the NIC so that the lights blink in a controlled manner relative to the traffic – essentially becoming Morse code. Step 2, use a camera to capture video of blinking lights. Step 3, run video through decoder and done. It may seem like a lot of hoops to jump through, but not a single one is impossible, not by a long shot. Interestingly, the same researcher has created two other methods for attacking air-gapped networks. One uses resonance frequencies produced by a computer which are absorbed into a nearby smartphone where malicious software converts the vibrations into data that computer was processing – like cryptographic keys. The other is where SATA (e.g., hard drives) cables inside the computer act like antennas that can expose data up to a meter away. I’ll say it again, there is no such thing as a “secure” computer system.

Links:
Air-Gap Research: https://cyber.bgu.ac.il/advanced-cyber/airgap 
Article: https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/ 


Will the Real Slim Shady Please Stand Up

It seems every aspect of our lives becomes more and more digital with each passing day. And the emphasis placed on AI – combined with its rapid evolution – has started an interesting dynamic. This week Capitol Records “signed” the first ever AI rapper, FN Meka, on the same day his/her’s/it’s (?) dropped the single “Florida Water”. Created just over a year ago, FN Meka has over a billion views on TikTok with 10 million followers placing him/her firmly as the number one virtual being. Ryan Ruden, Capitol Music Group’s Executive Vice President of Experiential Marketing & Business Development, said the project, “…meets at the intersection of music, technology and gaming culture” and “is just a preview of what’s to come”. Adding to the malaise, this week there was a publication of an AI podcast… with an AI host interviewing an AI guest. Listen, I know this is interesting and a bit of a novelty, but mix this with deepfakes and the level of fraud occurring and things could get out of hand.

Links:
Article: https://www.musicbusinessworldwide.com/capitol-records-just-signed-a-virtual-artist-fn-meka-he-has-over-10-million-followers-on-tiktok/ 
FN Meka’s Florida Water (explicit): https://www.youtube.com/watch?v=ebbXkPvFRNk 
AI Podcast: https://www.allabtai.com/ai-podcast/