Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Man Uses Toaster to Hack Computer

And no, we don't mean it the other way around

Dec 14, 2007 | 02:24 AM

By Tim Wilson
DarkReading

We've heard of hackers using computers to hack toasters or soda machines, but until this week, we'd never heard of a hacker using a toaster to hack a computer.

Now we've heard everything.

Any kitchen appliance can be used to attack your computer system, said Dror Shalev, a hacker and security expert who works at Check Point Software in Israel, during ClubHACK 2007, an international convention of hackers held earlier this week in India.

Shalev said he felt challenged by a recent statement by another security expert, according to a report from the event. "I read a senior scientist from Google saying there was no need to be afraid of a toaster at home," he said. "But as a hacker, I came up with a toaster that could actually hack a computer. I call it a ‘Crazy Toaster.'"

Shalev said he developed software and networked it with the toaster. "As soon as the toaster is plugged, the software is activated before it breaks into the user’s computer system. The same software prototype can be networked with any home appliance for stealing the Web secrets," he said. "With wireless technology available, there is no need for connecting the appliance with the computer."

Shalev said he just wanted to convey that one couldn’t blindly trust "anything" in the world of Internet. "As the usage of computers and the Internet goes up, we will need to be cautious about every object in our surroundings," he said.

In the future, people should purchase home appliances only from branded companies, he advised. "If an appliance or home device comes as a gift, accept it only if it is from someone you trust."

— Tim Wilson, Site Editor, Dark Reading


Subscribe to RSS










Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:suse linux
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Vulnerability:bind
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.


Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)