Skip to content
Imran ViraniOct 11, 20223 min read

Security Impurities: News of the Week (October 5th - 11th)

Fright Light: Hackers Hack Ikea Smart bulbs

Smart devices are supposed to give us peace of mind. Instead of tracking remotes and switches for every device we have in our homes, smart tech promises universal control in the palm of our hands.

Unfortunately, a recent hack against Ikea's smart lightbulbs highlights the problems of Internet of Things (or IoT) devices. These devices contain security flaws that are hard to fix, flaws that may never receive updates for patches even as they are discovered. For the Ikea lightbulbs, this was a vulnerability that allowed hackers to turn victims' lights on to full brightness. Users could not turn them down using the Ikea Smart Home app.

While this seems more annoying than dangerous (and Ikea says it fixed the problem), it is still a sign of the security issues of smart devices. Though they offer convenience and greater user control, many smart devices are vulnerable to these hacks. Ultimately, these devices will never be as secure as they should be, and consumers should think twice before purchasing a device simply because it can be controlled by an app.

On the link of collapse: Malicious apps being linked to Facebook accounts

A lot of mobile games and applications have the ability to link to your Facebook account. Because this saves app data and allows users to connect with their Facebook friends, many users opt in without giving it a second thought.

However, Meta (Facebook's parent company) recently announced that Android's Google Play Store and Apple's App Store contain over 400 malicious apps that use fake "link your Facebook account" icons to steal users' Facebook logins. With control of these Facebook accounts, hackers can access the personal information of users. They can also message users' friends, opening the door for phishing attacks. Most of these bad apps are photo editors, and the hackers who run them publish fake reviews on app stores to drown out warnings from scammed users.

This danger should remind users to question if they need to connect an app to their Facebook account, and to always think before they link.

“Don’t do anything unless I CISO.”: The Uber hack and the personal responsibility of CISOs

In the big cybersecurity news of the week, a landmark legal decision occurred as former Uber CISO (Chief Information Security Officer) Joe Sullivan was found guilty of attempting to cover up a hack at Uber. This decision will make many CISOs rethink their decisions in similar scenarios. Sullivan was found to have taken steps to hide the Uber hack (which occurred in 2016 and is not to be confused with the more recent Uber hack) from authorities and users. He now faces up to 8 years in prison for his misdeeds.

More than a sign of poor management or toxic culture, this case can be seen as a learning opportunity for CISOs. Major companies are a popular target for hackers, and CISOs – who are tasked with overseeing a company’s security strategy – are often left with the blame, regardless of who is truly at fault. Still, no matter how badly a hack can reflect on a CISO, attempting to cover it up can make things even worse. With this case, a legal precedent has been established. CISOs and other security executives that conduct themselves like Mr. Sullivan can now face prosecution. Moving forward, companies should see how the Uber hack was mismanaged as a lesson. Legal responsibility is now a major reason for CISOs to conduct themselves in an accountable and transparent manner. Also, in the event of a hack, no matter who is ultimately responsible, CISOs should operate under the belief that honesty is the best policy."