Feeling insecure? Then brace yourself, because when it comes to tech security, it’s already been a long week:
• You can’t even trust plugs anymore: Researchers say they’ve found a way to hack an iPhone through its charger. Forbes’ Andy Greenberg reported this week that a team from Georgia Tech say they discovered a way to inject malicious malware into a current-model iPhone through a modification of the phone charger. The team will explain the details at July’s Black Hat security conference in Las Vegas. In a summary of their presentation, they say the “alarming” hack is as simple as plug-and-infect. “All users are affected,” they say, “as our approach requires neither a jailbroken device nor user interaction.” The researchers have notified Apple, Greenberg says, but the Cupertino tech giant hasn’t gotten back to them yet.
• A very unfriendly virus capable of draining one’s bank account is finding new life on Facebook. The 6-year-old Trojan horse known as Zeus has infected millions of computers in the U.S., according to a New York Times report, and stays dormant until the user opens their online bank account. Then it steals their password and empties the account. The malware is reportedly linked to computers traced back to a Russian criminal gang. Consumer security advocate Eric Feinberg told the Times he alerted Facebook, but the company isn’t listening to the severity of the problem. “If you really want to hack someone, the easiest place to start is a fake Facebook profile– it’s so simple, it’s stupid,” he told the Times.
• Java’s security problems haven’t gone away, but Oracle says bolstering its defenses are a priority. In a blog post last week, Nandini Ramani, the leader of the software team than builds the Java platform, laid out three key steps that were being taken to improve the software’s security. Starting in October, security patch updates will come out at least four times a year, up from the current three (not including emergency fixes). Java is also improving default security settings, and is giving users more information about potential hazards, including enhanced security warnings for older versions of Java. They’re also moving to ease fears about server vulnerabilities, by removing unnecessary plugins from server software and allowing clients to restrict certain Java applets, reducing the risk of infection. “It is our belief that as a result of this ongoing security effort, we will decrease the exploitability and severity of potential Java vulnerabilities,” Ramani said.
• A new report by Kaspersky Labs has found that a cyber-espionage campaign has successfully hacked more than 350 targets in 40 countries over the past eight years. The malware, known as NetTraveler, has been aimed at a wide range of corporations, governments, oil companies, military contractors, scientific institutions and activist groups around the world. Its victims are mostly bunched in Russia, Central Asia and the Pacific Rim, including China, Australia and the U.S. Based on the fact that the virus was traced back to native-Chinese speakers and has targeted Tibetan activists, suspicion falls on the Chinese government.
• And speaking of whom . . . to end on a slightly upbeat note, experts say the pressure applied by the U.S. government over rampant hacking from China may be paying dividends. “The administration made a lot of progress,” cybersecurity expert James Lewis told the Associated Press, noting that China has finally acknowledged there is a problem and expressed willingness to engage in talks to address those problems. Cyber-security is expected to be a main topic later this week, when President Obama meets with Chinese President Xi Jinping in Southern California.