Subscribe: Apple Podcasts | Google Podcasts | Spotify | Stitcher | Email | TuneIn | RSS
People Are Clamoring to Buy Old Insulin Pumps
Malware Infests Popular Pirate Streaming Hardware
Chinese dev jailed and fined for posting DJI’s private keys on Github
Transcript:
[00:00:01] Good morning friends It is Tuesday, April 30th and here is today’s security news. [00:00:05][4.5]
[00:00:06] First off from the Atlantic dot.com not your traditional security article that we’ll discuss here but the title is “People are clamoring to buy old insulin pumps.” Written by Sarah Zhang on the Atlantic. So this is an interesting article, and there’s a lot of you know sort of medical terminology, and you know a lot about insulin and type 1 diabetes. But it’s interesting because it has to do with hacking of a Medtronic insulin pump. So essentially what they’ve done is they’ve used this pump to create a process that they call looping so that this software that runs on an artificial pancreas can then talk to this insulin pump and regulate the amount of insulin that is put into the person’s body. This is interesting because they stopped making these Medtronic pumps I think in 2014. So you have all these people running around on eBay and Craigslist and Facebook trying to grab these things so that they can build these systems and use them instead of having to count everything all day and do all kinds of different insulin shots and it makes their life a little bit easier so much. This is used across the industry quite a bit so much so that the CEO of JD RF the Jew Juvenile Diabetes Research Foundation actually does this himself. So a very interesting article. Not your usual security but hey it’s hacking. So we’re going to talk about it. [00:01:41][94.3]
[00:01:42] All right. Next from the threat post dot com Malware infests popular pirate streaming hardware. This should come as no surprise to anybody. So some researchers have gone and grabbed a Cody streaming box and essentially determined that every one of the add ons that is on there was to take it back. Not everyone. A large majority of the pieces of software an add on that are in this Cody box contain malware. Some of the things that it’s doing it is taking all of the wireless information your SS I.D. password and such from that box and sending it to a server in another country. Somebody had one point five terabytes of data was uploaded from a device that shared the same network of the Kodi box. So they were able to move laterally on the network and extract one point five terabytes of data. I know what you guys but that would flag my ISP pretty quick as going over my limit. So that just a lot of interesting things here. I mean this should not be a surprise at all. I mean why would if you were developing free quote unquote apps that allowed you to stream illegally wouldn’t you try and take advantage of that to all these people trying to do that. So apparently it’s quite a bit of talk about it on the dark web. I mean they’re the developers of these things literally discuss this with each other on how to do this effectively. So an interesting thing. Stay away from it. I mean at the end of the day I mean at least make sure you’re protected somehow if you’re going to use this stuff. [00:03:22][100.5]
[00:03:23] All right. Next one A. This one I when I first started reading it. I got a bit of a chuckle then it got pretty serious pretty quick. So this one from the registered Kota U.K. Chinese Dev jailed and fined for posting DGA. Excuse me. D.J. I’s private keys on GitHub so DGI makes drones for those that don’t know. So he ended up posting two extremely important keys on get hub one of them was the ASG for the firmware. So that’s why I saw it first got a little bit of a chuckle. You know people were allowed to go. You know they can now modify the firmware to their needs but the second one this was a big deal. He dropped a wildcard SSL key for star dot DJI dot com and oh I can’t say that. And that’s a big deal. I mean in the world of keys. That’s a big one especially an SSL keys. So you know any subdomain of D.J. icon. Now hopefully they’ve gone and revoked that key. And you know they’ve gone through that process but who knows at this point that’s a that’s pretty dangerous. So he ended up getting fined just under 23000 pounds two hundred thousand. You on what I end up being so he, of course, is very sorry. “I was born in a very poor village I studied hard all the time I finally gotten to university was very happy thing to me and my parents. But now all the things are done I am done. I will go to jail. I have to take this stain in my life. My girlfriend began to break up with me. Wow. Woo. My family are broken. F bomb. What are terrible things. Maybe the only thing I can do now is to die. It is so hard I need to be free.” I feel for this guy. That’s a pretty big deal. Sound. People who say those kinds of things about how we want to die and girlfriend breaking up don’t sound like it was intentional to me so. [00:05:26][122.9]
Chris Adkins: [00:05:29] All right. Normally we do for, but we’re already over our time for the day. So thank you for joining us. It is what day is it’s Tuesday Tuesday, April 30th 2019. Everybody have a wonderful day. [00:05:29][0.0]
[322.3]