Robert Graham, writing at Errata Security:
Yesterday NBC News ran a story claiming that if you
bring your mobile phone or laptop to the Sochi Olympics, it’ll
immediately be hacked the moment you turn it on. The story was
fabricated. The technical details relate to going to the Olympics
in cyberspace (visiting websites), not going to there in person
and using their local WiFi.
The story shows Richard Engel “getting hacked” while in a cafe at
Sochi. It is wrong in every respect.
- They aren’t actually in Sochi (they are in Moscow).
- The “hack” happens because of the websites they visit (Olympic
themed websites), not their physical location. The results
would’ve been the same in America.
- The phone didn’t “get” hacked; Richard Engel initiated the
download of a hostile Android app onto his phone.
One of the devices was a brand new MacBook (which they opened like an animal), which was “hacked” when a website they visited told them to download some sort of malware masquerading as an antivirus utility. They downloaded it, launched it, and granted it an exception to Gatekeeper’s default rules, which would have prevented it from running. Pretty much the same “attack” as on the Android phone.
★ Thursday, 6 February 2014