It’s often repeated that as fast as the security industry can solve malware threats, hackers can find new ones. Before one vulnerability has even been patched, they are exploring the next.
It’s been a rough few days in that respect. Hot on the heels of the news that almost one billion Android handsets could be vulnerable came the revelation that Apple’s Mac system wasn’t quite a bulletproof as we might have thought.
Even Tesla’s Model S, a car that can’t be hotwired because it’s electric, has been hacked, although Elon Musk’s crew were quick off the mark in patching the flaw that could allow hackers to start the car and plant other malicious software in the system to gain control of the vehicle.
Closer to home, there were the reports of a new phone scam that could have vulnerable people giving their financial details to fraudsters in the mistaken belief they were speaking to their bank. According to gardaí, one victim was conned out of €38,000 after a call claiming that there had been fraudulent activity on a card.
It's all a bit disconcerting. The Apple firmware worm widely reported in recent days was a headline grabber mainly because Macs have an image of being immune to viruses and other security threats – something that doesn't hold true any more. On one hand, the hysteria from some quarters was a little overdone. The firmware worm was created by researchers as a proof of concept rather than something that had been discovered in the wild. However, that had to be balanced with the fact that infecting firmware is something the NSA actively explored.
The problem is that we are living more of our lives online and, as we increase the amount of information we put out there about ourselves, the risks mount. The average smartphone user may use a mobile banking app on their phone, post some family photos on social media and shop online. That can reveal a lot about them to malicious users, whether through security breaches or inadvertently supplying details through geolocation data in photographs, for example.
When you add in the internet of things and the popularity of the connected home, that can create a more complete picture for would-be fraudsters.
While it may be tempting to throw away the smartphone and cut off your social media profiles, it’s probably a little dramatic. A little common sense and scepticism can go a long way. And remember, for every malicious hacker out there, there are more who have made it their mission to search out security flaws for no other reason than to help patch them.
Some of that has been discussed at conferences such as the annual Black Hat and DefCon events that are happening in Las Vegas this week.
The white hats are still fighting on.