Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Why is my keyboard connected to the cloud?

January 13, 2019
in Internet Security
Why is my keyboard connected to the cloud?
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

(Image: Getty Images/iStockphoto)

Everything is becoming a thing connected to the internet, but some things really shouldn’t be.

First cab off that rank should be input devices, because what sort of maniac thinks the advantages of a roaming cloud-based configuration outweighs the potential explosion in surface area to attack and compromise? That maniac is called Razer, and it has been connecting keyboards to its Synapse software for years.

You might also like

Billions of smartphone owners will soon be authorising payments using facial recognition

PayPal rolls out new fraud management tools for merchants

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

At last week’s CES, Razer took it a step further when it announced it is adding support for users to use Alexa to control their peripherals.

“Alexa, ask Chroma to change my lighting profile to FPS mode,” Razer cheerily proclaims as an example of its upcoming functionality.

More from CES: CES 2019 Las Vegas (CNET) | CES 2019: A first look at the cool tech (TechRepublic)

For this to work, the software that usually controls keyboard and mice settings needs to be connected to Amazon Alexa.

It’s a 2-for-1 cloud connection, because once you embrace the idea of Razer’s servers being secure, then you’ve already accepted a more risky proposition than using just Amazon.

Last month, Razer faced blowback when it launched a cryptocurrency mining application called Cortex, where users would be rewarded with its Silver funny money.

“The new app to put[s] snoozing machines to work, solving blockchain puzzles in the background in exchange for sweet, sweet Silver,” Razer said at the time.

Enter Tavis Ormandy, security researcher for Google Project Zero and scourge of buggy software makers, who took a look at the software and was stunned.

“Holy moly, I just installed this. WHY IS CEF (chromium embedded) REMOTE DEBUGGING ENABLED AND LISTENING BY DEFAULT (!?!?!?!),” Ormandy tweeted.

“I don’t have any razer hardware to test, but they probably (like, *right now*) need to fix that.”

To Razer’s credit, the company fixed the issue within 24 hours; on the other hand, it allowed remote command execution in the first place.

Also in Razer’s favour is that it acknowledged it was responsible, which is more than can be said for Gigabyte.

On December 18, SecureAuth detailed an exchange of when it discovered that software utilities for Gigabyte and Aorus motherboards had privilege escalation vulnerabilities.

“There is ring0 memcpy-like functionality … allowing a local attacker to take complete control of the affected system,” SecureAuth said.

In trying to resolve what was clearly a serious issue, the security company could not locate a proper contact within Gigabyte, and headed over to its technical support team.

“Gigabyte is a hardware company and they are not specialized in software,” Gigabyte told SecureAuth on two different occasions in May.

In the end, SecureAuth said Gigabyte eventually responded by saying its products did not have any issues.

If a vendor with the experience and sales of Gigabyte responds by denying responsibility for its software, it doesn’t bode well for smaller players.

Gigabyte should stop distributing software as long as it keeps on throwing out the excuse that it is a hardware company.

And it is no small matter, because the utilities that the Taiwanese manufacturer puts out are built to manipulate hardware settings, and flash BIOSes.

If a bad actor was looking for a shortcut into a modern Windows system, trying to find your way in via Microsoft’s code will be time wasting when the camembert-like underbelly of a modern system is likely to be crap software from peripheral makers.

That tactic is not new, but with connectivity exploding, things are likely to get worse before it gets better, as with most things in the cyber realm.

ZDNET’S MONDAY MORNING OPENER:

The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.

PREVIOUSLY ON MONDAY MORNING OPENER:


Credit: Source link

Previous Post

Finding Your Voice Amongst the Din of the Robots

Next Post

Achieving high performance on IBM AIX using Coherent Accelerator Processor Interface (CAPI)

Related Posts

Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
PayPal rolls out new fraud management tools for merchants
Internet Security

PayPal rolls out new fraud management tools for merchants

April 12, 2021
Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Next Post

Achieving high performance on IBM AIX using Coherent Accelerator Processor Interface (CAPI)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
Caruso real estate to accept Bitcoin as rent payment in industry first
Blockchain

Caruso real estate to accept Bitcoin as rent payment in industry first

April 12, 2021
AI, Machine And Deep Learning: Filling Today’s Need for Speed And Iteration
Machine Learning

AI, Machine And Deep Learning: Filling Today’s Need for Speed And Iteration

April 12, 2021
WOMEN IN A.I. ~ Future is Female
Neural Networks

WOMEN IN A.I. ~ Future is Female

April 12, 2021
Stumbling blocks to digital transformation: Monday’s daily brief
Digital Marketing

Stumbling blocks to digital transformation: Monday’s daily brief

April 12, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Billions of smartphone owners will soon be authorising payments using facial recognition April 13, 2021
  • Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data April 13, 2021
  • Caruso real estate to accept Bitcoin as rent payment in industry first April 12, 2021
  • AI, Machine And Deep Learning: Filling Today’s Need for Speed And Iteration April 12, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates