Security researcher disputes NBC's Sochi 'hacking' experience
Hacked! As soon as you connect to the internet while at the Winter Olympics. Well, maybe not. There's been a bit of blowback from the report, even from the expert that NBC turned to during its report on online security in Sochi, Russia. To begin with, the team actually wasn't even there, they were in Moscow, and this points to a bigger issue: the hacking that NBC News experienced would have likely been the same regardless of location, as it happened while hitting up Olympic-themed websites and willingly downloading (hostile) Android apps. It had nothing to do with connecting to public WiFi, at least in the instances shown during the report.
As Robert Graham pointed out at Errata Security, the only increase in hacking while being in Sochi comes for the geolocation data given to Google through your IP address, increasing the chances of sketchy Russian sites appearing in your results. (This can also be disabled within your Google account settings.) Advice for avoiding hacking if you're in Sochi (and well, anywhere) is pretty straightforward: don't visit shady sites, patch your programs (from browsers to Flash), get rid of not-so-secure elements (like Java), and if you're particularly nervous, switch on a VPN when you connect to public WiFi. The threat researcher quoted, Kyle Wilhoit, is looking to clarify a lot of the questions surrounding the admittedly brief report, although according to his Twitter feed, it's turning from a blog post into an academic paper.
Update: Trend Micro researcher Kyle Wilhoit has posted his detailed blog post, confirming Graham's statements that the tests took place on devices operating without the latest updates, and that all attacks required some kind of user interaction. For the full layout of what did and did not happen in the demonstration -- despite any video edits to the contrary -- check out the post here.
Blog and paper are finally live, see it here: http://t.co/HmCbe9KOTC
- Kyle Wilhoit (@lowcalspam) February 7, 2014