Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/31/2012
02:42 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Olympics Tap Big Data To Enhance Security

Olympics crime fighters are using big data analysis techniques to identify suspicious activity, imminent threats, and unexpected holes that attackers could exploit.

"If someone has NFC turned on, an attacker in close proximity can pick up every signal to gather private information or payment information on an athlete's device," Siciliano wrote in the McAfee blog post. "It is almost like pick pocketing, but they don't even have to touch you."

Even limiting the NFC exchanges to one device, the Samsung Galaxy III, does little to minimize the risk, Siciliano said.

The Android Beam data-transmission protocol and the NFC broadcast ability on which it depends are both enabled by default in Android 4.0 and have no automatic restrictions to keep them from opening malware sites or accepting virus-riddled files when a surreptitious RFID tag or hidden smartphone asks them to, according to Miller.

Nokia's N9 smartphone automatically accepts any NFC connection request, in fact, practically begging hackers to deliver doctored .doc, PDF, or other files that can give hackers root access to the phone.

Security software vendor Kaspersky Labs has warned that phishing scams, DDoS attacks, penetration attempts on Olympic Committee websites, and other examples of cybercrime are almost impossible to prevent, even at a high level of alertness.

Attackers could go after London Olympic Committee servers publishing information about the games or go after internal-network servers running timers and other Olympic logistical systems, according to Kaspersky researcher David Emm.

Hackers could also just set up at Olympic venues with fake Wi-Fi hotspots designed to lure unwary users into divulging private login or other information, he said.

A host of other email scams are also circulating, taking advantage of the high level of interest in the Games to try to slip through the guard of both onsite and remote spectators, according to a warning issued earlier this month by the U.K. Department of Human Services.

It's impossible for any Olympic Committee to completely eliminate security risks, but the British government has "been going to great pains to avoid" the most direct digital threats, not to mention the physical risks, according to Kaspersky's Emm.

However, neither the digital precautions, nor the 3,500 British troops added to the 27,000-person private security staff, delivered security tight enough to prevent even obvious gaffes in physical security.

Directors at Wembley Stadium, where the Olympic soccer competition will be held, had to replace all the locks at the 90,000-seat arena after police lost a set of keys while checking security.

Less ominously but more obviously, the security net was too loose to keep an Indo-British woman from slipping into the parade of nations during the opening ceremonies and march uninvited with the Indian national team. The intrusion by 25-year-old Madhura Nagendra wasn't subtle; the red hoodie and blue jeans she wore clashed obviously with the blazers, saris, and yellow turbans worn by the Indian marchers.

"She was very brazen and walked alongside our flag bearer Sushil Kumar and everybody took her to be an official or something," Indian Olympic Committee official Harpal Singh Bedi told the British Evening Standard.

The Indian delegation is demanding an explanation from the London Organizing Committee.

Nagendra didn't "just walk in off the street," according to Sebastian Lord Coe, chair of the London Olympic Organizing Committee. She was one of hundreds of dancers, actors, and singers performing earlier portions of the opening ceremony who decided to expand her role.

"She shouldn't have been there, but she clearly started in that venue," Coe said at a press conference after the event. "She was a cast member who got slightly over-excited."

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25487
PUBLISHED: 2020-09-22
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
CVE-2020-11856
PUBLISHED: 2020-09-22
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.
CVE-2020-16202
PUBLISHED: 2020-09-22
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
CVE-2020-24333
PUBLISHED: 2020-09-22
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only� or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing ...
CVE-2020-4619
PUBLISHED: 2020-09-22
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.