Weekly Tech Roundup — April 17
The good guys had some wins this week, making the digital world a little bit safer. But it seems the world needs balance—new threats popping up in the place of old ones. Luckily, the innovations weren’t all bad. What tech headlines did you miss?
Robots and blockchain are taking the coffee trade by storm
A Denver-based startup is trying to make the trade of coffee beans a fairer venture.
Bext Holdings Inc. has built a robot that works as a multi-talented scale that gives coffee bean buyers the ability to rate the quality of and pinpoint the weight of a specific farmer’s beans, according to Tech Crunch. The robot is able to analyze coffee beans for specific markers like the percentage of good-quality coffee cherries in a batch. These results will be available for both buyers and sellers to see. Prices are then negotiated using the bext360 mobile app.
The tracking and documentation is achieved via blockchain technology. This decentralized ledger allows the company to create a record of where the coffee beans came from and who paid how much for them. The goal of the venture is to make the entire process transparent, letting coffee drinkers know where exactly their morning cups of coffee originated.
Bext Holdings Inc. also hopes this venture will ensure that farmers get paid a fair rate for their products, regardless of whether they’re a small farm or larger organization.
“Consumers are more enlightened than ever before. And companies want to meet their high standards. But in general, groups working on fair trade spend a lot of overhead on tracing materials. They use rudimentary tracing mechanisms. And it’s very imprecise. People in the field can still get exploited,” CEO Daniel Jones said.
More than $1 million in funding has been raised to keep the project running and fuel its expansion.
The fourth time is the charm for Kelihos botnet hacker
The infamous hacker known for the Kelihos botnet was arrested in Spain after seven years of attacking consumers and financial institutions, according to PC Mag. International cooperation between the U.S. and foreign authorities led to last Sunday’s arrest of Pyotr Levashov—otherwise known as Peter Severa and by other aliases.
The Kelihos botnet first appeared in 2010, targeting Windows PCs through spam campaigns, stock scams, and other frauds. Less than 24 hours before the arrest, the Department of Justice began blocking Kelihos domains via a Rule 41 warrant.
This was not the first time authorities tried shutting down this destructive array of botnets. Previous takedowns were conducted in 2011, 2012 and 2013. Kelihos was able to get back up and running however after each attempt, making the #7 spot on the Spamhaus worst spammers list.
“The ability of botnets like Kelihos to be weaponized quickly for vast and varied types of harms is a dangerous and deep threat to all Americans, driving at the core of how we communicate, network, earn a living, and live our everyday lives,” said Acting Assistant Attorney General Kenneth A. Blanco.
With this hacker finally behind bars, there is hope that there will be at least a temporary slowdown in malicious attacks driven from this botnet. But it is a near certainty that another botnet will rise to take its place, wreaking havoc on data protection plans across the globe.
Encryption added to previously hacked Dallas sirens
Outdoor warning sirens were hacked in Dallas on Saturday, prompting all 156 emergency sirens to run for 90 minutes. Properly used, the sirens warn residents of impending tornadoes.
The hack left city officials in need of a security update. They went on to evaluate the security of their financial systems, flood warning system, police/fire dispatch, and 911/311 system, Computerworld reports.
Encryption was added to ensure the safety of these systems, but there is still no word on how the attack occurred. It appears to have come over a radio frequency, not over a wired computer network. The identity of the attackers remains unknown. Police are working with the FBI and FCC to pinpoint the source.
Security experts theorize that the hack could have been carried out simply by recording the radio signal broadcast during a monthly emergency system test, then replayed to initiate the attack.
But even if the attempt was more complicated or malicious, it is still the responsibility of the FCC to ensure that these networks are secure and protected by strengthening data protection protocols for vulnerable devices.
Inmates hack into own prison network
Five individuals from the Marion (Ohio) Correctional Institution were caught hacking into the prison network where they were being held, Bleeping Computer reports. Two computers cobbled together from recycled materials and spare parts were found in the ceiling of a training room closet.
The five inmates were discovered in July of 2015 when IT staff began noticing increased amounts of traffic from user accounts of off-duty employees. Further investigation revealed a computer with the name “-lab9-“ which was inconsistent with the facility’s computer naming scheme.
Once they identified which network switch and port the traffic was coming from, they were able to locate the computer. The inmates had been hacking into the network in order to access the personal information of other inmates, which was used to apply for credit cards and issue passes for fellow inmates.
The inmates involved were quickly sent to different facilities and are awaiting further punishment. Much of the responsibility for the attack does fall onto the prison however, as it didn’t force employees to change their passwords every 90 days—a best practice for data protection.
FDA demands Abbott Laboratories take cybersecurity threats from medical devices seriously
The FDA sent out a warning letter to Abbott Laboratories after security concerns emerged over their Merlin@home Transmitter, which relays information to doctors from patients’ implanted cardiac devices. According to Threatpost, if the newly-discovered flaws continue to go unaddressed, the company will face fines, injunctions, and other penalties.
The vulnerabilities in these devices allow an attacker to interfere and interrupt communication between the transmitter and the implant. Some of these issues have been patched by Abbott Laboratories and St. Jude Medical, but it was deemed incomplete after challenged by medical device security researcher MedSec. Other vulnerabilities include giving hackers the ability to shock patients and drain implant batteries.
“As this letter points out, the company has neglected to act on security expert recommendations dating as far back as 2014, and now Abbott’s St Jude Medical cardiac products are failing to comply with FDA regulations. The implant vulnerabilities we highlighted have not been fixed yet, however the FDA is now demanding action. We urge Abbott to act swiftly on mitigating these serious exposures,” said MedSec CEO Justine Bone.
Abbott responded with its own statement: “At Abbott, patient safety comes first. We have a strong history and commitment to product safety and quality, as demonstrated by our operations across the company. Abbott acquired St. Jude Medical in January 2017; the FDA inspection of the Sylmar facility, formerly run by St. Jude Medical, began on February 7; and we responded to the 483 observations on March 13, describing the corrective actions we are implementing. We take these matters seriously, continue to make progress on our corrective actions, will closely review FDA’s warning letter, and are committed to fully addressing FDA’s concerns.” Concerns over data protection still linger.