At a glance.
- Television remote controls as eavesdropping devices.
- Telework and data security.
- CPSC data breach more extensive than initially believed.
- User sues Warner Music over data breach.
Remote controls pose privacy risk.
And by that we mean the kind of remote control that can get lost in the couch cushions. Data security company Guardicore reports that they have uncovered a vulnerability contained in a device found in over 18 million homes across the US: the remote control. Researchers used an attack called WarezTheRemote to take advantage of Comcast’s XR11 voice remote and turn it into a listening device. Without physical contact with the targeted remote, a hacker could use a simple RF transceiver to intercept the remote’s communication with the set-top box and continuously record audio. Guardicore has worked with Comcast to help secure the device against the vulnerability. It's worth noting that this is a proof-of-concept. As far as is known this isn't an attack that's so far been seen in the wild.
Data Security Report focuses on telework security.
TechRepublic reports, software recommendation company Getapp has completed its Annual Data Security report, surveying over eighty IT security managers to determine what security trends to expect from businesses in 2021. With COVID-19 forcing many to work from home, remote work security is a focus. Classifying data based on level of confidentiality and limiting employee access to data based on necessity are recommended, as data breaches, both accidental and malicious, are four times more likely within companies that allow full access to all employees. Online retail account takeovers increased 347%, as dependence on e-commerce surged this year. The use of two-factor authentication rose 18%, and 28% of businesses were attacked by ransomware. Employee training is becoming more virtual, with increased use of virtual or augmented reality tools, and dedicated security training is becoming more prevalent.
CPSC data breach larger than initially reported.
The National Law Review reports, the recent data breach suffered by the US Consumer Product Safety Commision (CPSC) was more extensive than originally thought, according to an investigation conducted by the CPSC Office of the Inspector General (OIG). The breach, which occurred in April 2019, was caused by mismanagement and resulted in the accidental disclosure of sensitive manufacturer and product data. Initially the CPSC reported the data was released to up to 36 recipients, when in actuality the report finds the recipients totaled over 500. Reliance on staff accounts and poor accounting were likely the causes of the underestimation of the scope of the breach, and the OIG recommends improved security measures to avoid such an error in the future.
Warner Music Group being sued for data breach.
Warner Music Group (WMG) is being sued by a victim of a data breach the organization suffered earlier this year, reports MyNewsLA.com. The skimming attack, which occurred between April and August, compromised WMG’s e-commerce customer data, including credit card information. The class-action lawsuit claims that WMG is guilty of negligence and violation of the Consumer Privacy Act.