News Bites For April 14, 2015
I wrote about an attack on hotel routers a few weeks ago (see post). Today, I heard more details on the attack. ANTlabs InnGate router, used by many hotel chains (see advisory), was configured incorrectly. This configuration error allowed anyone to read or write any file in the router, thereby easily owning that router and doing whatever they want to do to its customers.
This means the attacker could push software to a user’s device, sniff traffic or insert traffic that would be thought to be from the user’s device. Pretty ugly.
###############
According to several sources that seem to have picked up the same article, Google and eBay have begun to move data of Russian users into Russian data centers, ahead of a law that takes effect on Sep 1, 2015 requiring that. The alternative would seem to be to close down Russian operations, which probably did not seem attractive to either organization.
How or if they will protect Russian user’s data is unclear. With their servers within physical control of the KGB/FSB, that may be difficult.
Update: Google is denying that they are doing that, but they are not saying anything about what they are doing, so it is unclear what they are doing. Things should become clearer by September 1.
###############