Each week we bring you three of the top stories in the cyberverse, often as much for amusement as for enlightenment. But still, knowledge is gained. This week, some important lessons have been taught to the attentive, in the world of cyber security.
So have a seat and prepare to get schooled, it’s this week’s cyber week in review.
Drones Break the Rules
Speaking of rules, if you have flown a drone, you know they come with a number of them. There are height-limits and no fly zones, and for good reason: drone operators have, intentionally or not, caused difficulty for others, even airport problems, as a result of their flying. If you have some sort of work-related or other legitimate reason to fly in a no-fly zone, the manufacturer can issue exemption certificates.
But it seems that the manufacturers issued another code: the development debug code was left on many devices. Essentially, that code would allow access to anything, including the right to alter the drone’s regulations. For some, that’s like locking the babysitter in the bathroom and throwing a party. Drone maker DJI says they have repaired the problem with a system update, but some users have contradicted that report. So, who knows.
Lesson from this one: if you crack the code, fly responsibly.
Social media is not without consequences, a lesson that one would hope every person on the planet (or at least those utilizing social media) would know by now. Not always so. When you’re stuck at work and you post a photo with the hashtags “#SUNNYDAYOUTSIDE” or “#workhardplayhard,” it can seem harmless enough. If the accompanying photo includes an image of your laptop with your work open, that still might not be much cause for concern.
But in certain industries, that laptop image could constitute a data breach, for which you are personally responsible. Working in corporate research or espionage, you’d probably never be obtuse enough to post such a thing. Yet, other fields also take data seriously, such as hospital research.
An Italian researcher, Luigi Carbone, at North Middlesex University Hospital posted that image. Along with it, one can only presume unintentionally, was the personal information of some 31 female patients. As is to be expected in such a breach, Mr. Carbone no longer has a job at that hospital, and apologies have been issued.
Slip of the Segway
If you are not the type to go scooting around on a Segway, hang tight. There is still a lesson to learn in this one.
Some computer engineers recently exploited cyber security flaws in a Segway miniPRO which let them hijack the device’s operation, mid-motion. They conducted their research at slow enough speeds that sending their human guinea pig flying didn’t cause injury, but the techniques could be utilized by others, on other devices. The hijacker needs to be close enough to your Segway to put on the brakes while you go careening along.
Still, it’s another situation with the potential for a rude awakening. Which brings us to the lesson to learn in this one: all digital devices carry some amount of cyber security risk. Before the explosion of the internet, maybe only those directly working in IT had to be very concerned about things like device security, anti-virus software and firewalls. For those in the know, that seems like a blissful pre-dawn to the modern era. But we no longer live in the cyber Dark Ages, and it’s time for a digital renaissance: every user of digital devices should understand how to secure it.
That is a hefty lesson, but a reminder we all need. Forward it on.