Weekly Tech Roundup: January 9

We’re one week into 2017, but the digital world didn’t take time off for the holiday season. In fact, the new year brought with it major innovations, emerging technologies, and evolving cyber threats that are setting the stage for months to come.

We’ve raked through the big tech stories of 2017 thus far to pick out the headlines most interesting to us. What stories did you miss?

One of the first cases of infected Android-based smart TVs occurred last week, turning years-long fears into reality.

One smart TV user was in for a rude awakening this holiday season, PC World reports.  A message popped up on his LG Electronics TV screen demanding a $500 ransom. The infection occurred after the man downloaded a movie-watching app. Like many ransomware variants that target Android devices, this application was a “screen locker” that made it impossible to change channels to avoid the message.

The TV owner and his programmer friend tried everything they could to restore the device to its original state, attempting to restore it to its out-of-the-box factory settings. They even took to Twitter for advice.

Family member's tv is bricked by Android malware. #lg wont disclose factory reset. Avoid these "smart tvs" like the plague. pic.twitter.com/kNz9T1kA0p— Darren Cauthon (@darrencauthon) December 25, 2016

A short call to LG’s tech support proved initially unhelpful, as it would cost $340 for a consultation —$160 less than paying the ransom itself. But eventually, they were provided with a trick from the LG team to boot the device, wiping it clean of ransomware by pressing two buttons.

Luckily, this user was able to restore his device, but the task was not a simple one. And it marks a turning point in the world of ransomware attacks. If these attackers can hack and infect a smart TV, what IoT devices are next?

RELATED: What is Ransomware?

The cloud has become a money-maker for many companies according to the Future of Cloud Computing Survey by North Bridge.

The numbers are astounding: North Bridge projects that public cloud spending will grow to $522B by 2026 at a compound annual growth rate of 19%.  It also asserts that 80% of companies are getting revenue from the cloud, and more than 40% of these get more than 50% of their profits from cloud-based applications.

This survey also delved into cloud architecture, finding the hybrid cloud model is still the main cloud strategy. This trend is expected to continue well into the future.

When asked about cloud technologies, 70% of those surveyed said that they used SaaS, with the use of IaaS a close second.

The survey then turned its attention to data storage, finding that almost 30% of companies stored more than 50% of their data in a public cloud while 60% stored the same amount of data in a private cloud. Trends show that these two ways of storing data will merge, more people storing data publicly than privately in the future.

"This year's survey showed a strong move towards a more strategic and nuanced view of hybrid cloud. Broad SaaS adoption, deep analytics, and emerging areas such as IoT and AI highlight that the value of data is a large consideration when building a cloud strategy. As the cloud ecosystem matures, users are turning to a broad spectrum of technology and integration companies to help unlock the potential of cloud," said Wikibon Senior Analyst Stuart Miniman.

RELATED: Three Major Cloud Adoption Trends for 2017

The U.S. Food and Drug Administration is taking a stand on the security of connected medical devices.

In a 30-page report, the FDA gave its recommendations to medical device manufacturers on how they should protect these devices from cyberattack. The report details the many steps manufacturers should take to ensure these devices are secure from the time of delivery to use in hospitals and in patient homes.

While the recommendations hold no legal authority, they are explicit and thorough, detailing the specific steps, assumptions and predictions manufacturers should adhere to when creating these products.

Fears continue to rise as other attacks on IoT devices increase. Researchers have also proven that devices like insulin pumps, pacemakers and defibrillators can be remotely tampered with.

Not only is this damaging to patient health, but it also opens the door for scenarios of identity theft in which hackers break into hospital systems and steal information.

“When manufacturers consider cybersecurity during the design phases of the medical device lifecycle, the resulting impact is a more proactive and robust mitigation of cybersecurity risks. Similarly, a proactive and risk-based approach to the post-market phase for medical devices, through engaging in cybersecurity information sharing and monitoring, promoting “good cyber hygiene” through routine device cyber maintenance, assessing post-market information, employing a risk-based approach to characterizing vulnerabilities, and timely implementation of necessary actions can further mitigate emerging cybersecurity risks and reduce the impact to patients,” the report reads.

This is one of the first steps taken by the FDA after a draft of these recommendations was released last January, and it lays the groundwork for future policy and regulation to come.

Uber is gearing up for more controversy in the new year.

After recently changing its privacy policy to expand how long it can tap into its users’ location data, Uber is facing another controversy surrounding data from the New York Taxi & Limousine Commission, according to Bloomberg.

As it does with New York City taxis, the commission wants Uber and other ride sharing services to give them access to data like location and rider information. In public hearings this month, Uber and Lyft have been challenging these demands, which would require them to provide the addresses and times that riders are dropped off. Ride sharing services are already required to share pickup information. 

Uber is fighting against this as they claim it is an invasion of privacy, even though taxis already provide this information to the TLC. Uber is also citing instances where personal information has been shared or hacked into when obtained by the commission.

Uber has offered to provide data on the length of each trip, but this isn’t good enough for the TLC. The commission wants more information to gauge driver fatigue and inspect instances of misconduct.

Ransomware is embarking on a new campaign and its target is human resource departments.

According to ZDnet, GoldenEye ransomware is posing as job applicants in order to infiltrate company IT systems. They’re even going so far as to create cover letters to come off as more authentic.

HR departments are seen as an easy target by the so-called Petya ransomware variant as HR employees routinely open emails and attachments from strangers.

Researchers at Check Point have been keeping an eye on this ransomware variant, first uncovered in Germany. The phishing emails contain a short introduction as well as two attachments. The first attachment is a harmless cover letter, but the second is an Excel spreadsheet containing the ransomware. If the user opens the Excel file and assents to a request to enable macros, ransomware is downloaded and encrypts the user’s files. Once encryption is complete, the ransomware demands 1.3 bitcoins (about US$1,000).

Researchers have tracked the ransomware back to its developer who they believe goes by the alias Janus, but have not been able to stop the virus from spreading.

RELATED:

• Predictions for the Year in Ransomware: 2017
• Granite Ridge Builders Protect Their Data from Ransomware
• There Are Many Ways to Repel Ransomware, Only One Way to Defeat It