Latest headlines: Tony Sprando and Kate Couch on the history and future of the USB, Paul Konikowski on a remote desktop cyberattack and more
July 15, 2021 | Volume: 7 | Issue: 13
If you are a tech manager at a university, or an AV/IT specialist at a corporation, or anyone in charge of technology at an institution, I hope you have been reading the SecuringAVseries from cybersecurity expert Paul Konikowski. In his column today, on the second half, he demonstrates how he can pull up an AirMedia device at Virginia Tech. Fortunately, they had changed the default password so he couldn’t actually control the device, but he could still view any presentation that was being broadcast with an AirMedia device. They are essentially one layer of security (a password) away from something more serious.
This isn’t the first time that wireless presentation devices have been shown to have security vulnerabilities — in 2019, it became known that a serious vulnerability in Barco’s WePresent product, which, it turned out, was being rebranded and resold by numerous other manufacturers on the market. Some had discovered and patched the vulnerability, but most hadn’t. Manufacturers are very secretive about when and if they buy and remarked OEM products — but there was also not a mechanism in place for all those manufacturers to communicate with each other about security problems. The losers in this scenario were end users, who didn’t have a way to know if the product they had bought was, deep down, using the vulnerable code unless the “manufacturer” of that brand admitted it.
Since AV was later in moving to the network, the industry is still, as a whole, immature in its preparedness for dealing with cybersecurity attacks. End user institutions have to be ready to protect their own systems — or they risk ransomware attacks, or worse. Stay safe out there.
On Feb. 5, 2021, a water treatment plant operator in Oldsmar Beach, Florida, noticed his mouse cursor was moving around his computer screen, seemingly on its own. The rogue mouse opened software and boosted the level of sodium hydroxide (aka lye) in the water to be over 100 times the normal level. The only way this was detected was because the operator saw the mouse moving and quickly reset the system to the right level. Authorities in the area did their best to reassure the public that the sensors would have stopped water flow long before it was released as part of an emergency management system. But what if the sensors were also hacked?
In 2019, Fox News reported the following: “Ajay Bhatt, who led the intel team that created the Universal Serial Bus [USB], told NPR the design of USB ports used to plug in devices such as keyboards, mice, printers and thumb drives is a bit annoying. Frustrated users have created several memes over the years mocking USB devices.” Even the inventor of the original USB thinks they’re hard to use … How far has USB come since?