Robot Vacuums Targeted in Hacking Spree, Call of Duty’s Ricochet Anti-Cheat System Exploited: Your Cybersecurity Roundup
Robot Vacuums Targeted in Hacking Spree, yell slurs at owners
A recent wave of hacking incidents has compromised robot vacuums in multiple US cities. The attacks have allowed hackers to control the devices remotely, leading to bizarre and disturbing behaviours.
One notable incident involved a robot vacuum that began shouting racial slurs at its owner. Other reports include vacuums chasing dogs around homes and accessing sensitive information. The Chinese-made Ecovacs Deebot X2 has been identified as a vulnerable model. Researchers have discovered security flaws that allow hackers to exploit Bluetooth connections and remotely control microphones and cameras.
Despite these vulnerabilities, Ecovacs has been slow to address the security concerns. The company has issued a patch but has not provided a comprehensive solution to protect users from hacking.
Call of Duty’s Ricochet Anti-Cheat System Exploited
Activision’s Ricochet anti-cheat system has faced criticism after it mistakenly banned a number of legitimate players. While Activision claims to have resolved the issue, there are concerns that the problem may be more widespread than initially reported.
Cheat developers have alleged that a simple exploit could be used to trigger a permanent ban by simply typing certain phrases like “Trigger Bot” in-game chat. This suggests that Ricochet’s detection mechanisms may be more susceptible to manipulation than previously thought.
The incident raises questions about the effectiveness of anti-cheat systems and the potential for unintended consequences. While Activision has taken steps to address the issue, it remains to be seen if further measures will be necessary to prevent future incidents.
Internet Archive Hit Again: Exposed Credentials Lead to Zendesk Breach
The Internet Archive has suffered another blow in a series of cyberattacks. This time, threat actors exploited exposed GitLab authentication tokens to gain access to the organization’s Zendesk email support platform.
The attackers sent emails to users who previously submitted support requests, claiming the Internet Archive failed to rotate stolen authentication tokens. These emails originated from authorized Zendesk servers, potentially exposing user data including personally identifiable information attached to removal requests.
This incident follows an earlier report of a data breach affecting 33 million users and a DDoS attack. Both attacks stemmed from exposed GitLab tokens, highlighting the Internet Archive’s security lapses.
Alabama Man Arrested for Hacking SEC’s X Account in SIM-Swap Bitcoin ETF Hoax
Eric Council, a 25-year-old from Alabama, was arrested by the FBI for his alleged role in hacking the U.S. Securities and Exchange Commission’s (SEC) X account (formerly Twitter) to post a fake announcement about Bitcoin ETFs being approved.
The fake tweet, posted on January 9th, 2024, included a fabricated quote from SEC Chairman Gary Gensler, falsely praising the decision. In response, Bitcoin briefly surged by $1,000 before Gensler publicly refuted the tweet, causing the price to drop by $2,000. The SEC later confirmed that the hackers gained access to the account through a SIM-swapping attack, tricking the mobile carrier into porting the phone number of the account holder to a device controlled by the attackers. This allowed the attackers to reset the account’s password and post the fake announcement.
While the hackers did not breach the SEC’s internal systems or data, the fraudulent tweet caused a significant market reaction. Council was later indicted by a federal grand jury in Washington, D.C., and charged with conspiracy to commit aggravated identity theft and access device fraud
