In Pictures: The 10 weirdest, wildest, most shocking security exploits ever

This ain't your momma's Internet Update your browser. Ditch Java. Don't click weird links from even weirder people. Ho-hum. The basic tenets of PC security are burned into the brains of most Web surfers by now. The old malware tricks just don't work as well anymore. Surprise! Bad guys are getting creative. (Never underestimate the oh-so-powerful combination of greed, boredom, and cleverness.) Rather than targeting Internet Explorer, now they're gunning for your virtual machine, your video games, and your Web-connected thermostat. "The more digital our lives become, the greater the number of potential nontraditional entry points for cybercriminals attempting to steal data and wreak havoc," says McAfee Labs security strategist Toralv Dirro, who referred us to some of the wild exploits highlighted here.
The chamber of chaos First things first: Many of the more exotic exploits in this collection have been identified by security researchers, but not found in the wild. But before you write off these dangers as tomfoolery confined to labs alone, consider the terrifying case of the U.S. Chamber of Commerce. In 2010, the Chamber was the subject of a deep and complicated intrusion. The penetration was so thorough that once authorities discovered the problem, the Chamber found it easier to destroy some PCs completely rather than scrub them clean. One of the Chamber's thermostats was found to be communicating with Chinese servers, while one executive's printer began spitting out pages composed entirely in Chinese. And that brings us to the next wild exploit…
I peep at your printer The convenience of network- and Web-connected printers can't be overstated—printing from anywhere is awesome—but many of those Web-connected printers sit outside of firewalls, just waiting for an enterprising hacker to say hello. A pair of January reports highlighted the potential peril lurking inside printers. First, ViaForensics researcher Sebastian Guerrero identified vulnerabilities in HP's JetDirect technology that hackers could attack to crash the hardware or, even worse, gain access to previously printed documents. App developer Andrew Howard followed up with a blog post detailing how a "quick, well-crafted Google Search" can identify tens of thousands of Web-accessible HP printers. Ruh-roh, Raggy!
Too smart for their own good Bad things are starting to pop up on Internet-enabled "smart TVs," and no, I'm not talking about streaming episodes of Here Comes Honey Boo Boo. "Modern TVs are also attractive targets, especially for advanced attackers," says McAfee's Dirro. "Of all the systems that are being checked if a compromise is suspected, TVs are probably the last place to look. In December, a security company in Malta that sells 'zero-day' exploits announced that they have a remote code execution vulnerability for [Samsung Smart TVs]." Big deal, you say? Consider that some connected TVs sport integrated webcams and microphones, and that all of them can store login information for your Web-connected accounts.
Why DRM sucks, part 3279 The lips of PC gamers across the world often curl into a snarl whenever the words "digital rights management" are uttered. In particular, gamers frequently single out Ubisoft's DRM implementations for the depths of their sucktitude. Said sucktitude reached new lows in July of last year, when it was discovered that Ubisoft's Uplay service silently installed a sloppily coded browser plugin that hackers could exploit to gain control of a gamer's computer. Gee, thanks, Assassin's Creed 2. Fortunately, Ubisoft patched the hole mere hours after its discovery—with nary an apology, natch—and there's no evidence that anyone ever used it maliciously.
Steam-soured The Ubisoft flaw isn't the only unorthodox video game exploit around. Late last year, ReVuln—the same company that discovered the smart-TV exploit—found that the steam:// protocol of Valve's Steam application can be exploited to launch malicious code. The problem actually lies in browsers that automatically execute steam:// commands without a confirmation warning (Safari) or with minimal information (Firefox). Once malicious code gains permission to run, it can then use Steam's legit capabilities or known vulnerabilities to fill your hard drive with all sorts of nasty stuff. Moral of the story? Don't set your browser to automatically allow Steam protocol executions.
Bait-and-switch done wrong Just a few weeks back, Kaspersky researchers discovered two apps in the Google Play Store—DroidCleaner and Superclean—that purport to restart all the running services on your phone, but get nasty when you connect your Android handset to your Windows PC as a disk drive (say, to transfer music or pictures). If your PC has AutoRun enabled, code that the app hid deep in the root of your phone's SD Card executes and installs the malware. Once entrenched, the malware monitors your microphone. If it notices sound, it begins recording the audio, which it then encrypts and sends to the malware's master. Devastating? Probably not. A novel twist on an old AutoRun vulnerability? Yes, indeed.
Yes, VMs can play Crisis Enhanced security is one of the big benefits of running a virtualized PC—if the crud hits the rotating blades, you can simply wipe the disc image and start anew. But a piece of malware called Crisis turns that notion on its head. Symantec reports that once Crisis settles in on your computer—you first have to download a malicious JAR file—it looks for VMware virtual machine images stored on the hard drive. If it finds one, it embeds itself in the virtual machine using the VMware Player tool. This isn't actually a VMware vulnerability, but rather an unfortunate side effect of the nature of virtual machines—they're basically lines of code stored on your physical machine.
I'm in ur base, spying on ur d00dz That fancy videoconferencing setup your company purchased could be the proverbial fly on the wall for bad guys. "Some videoconferencing systems are accessible via the Internet and present the perfect target for listening in on a company’s secret videoconference calls," says McAfee's Dirro. In 2010, security researchers were able to take advantage of multiple vulnerabilities in Cisco's Unified Videoconferencing products to compromise the devices, granting access to the hardware as well as to any networks the hardware was connected to. (Cisco quickly patched the flaws.) In January 2012, security researchers found that as many as 150,000 videoconferencing systems are configured to answer calls automatically.
Simon says 'Pwned'? In 2007, ZDNet's George Ou discovered that it's possible to create an audio file that barks out Windows Speech Recognition commands, which your computer duly follows. Why wasn't the Net deluged with websites whispering dulcet word-hacks? Because the exploit simply isn't practical. You'd have to have Windows Speech Recognition activated and paired with a working speaker and microphone, plus you'd have to sit by—silent and unmoving—while your PC spit out deliberate navigational commands. Even if all that happened, Windows' UAC protection would block the attack from running privileged functions. As far as I can tell, the vulnerability hasn't been plugged, and it can delete your files or point your browser toward malicious websites.
Bad-news Borg If Inspector Gadget ever tries to give you a hug, run away screaming. The cybernetics that seem so cool in games like Deus Ex and other works of fiction are open to the same exploits as any other electronic device, as evidenced by the ominous tale of Mark Gasson, the first human being to contract a computer virus. Gasson, a cybernetics expert at the University of Reading, infected an RFID implant embedded in his hand with a custom-made virus, which jumped to his lab's computers and then infected the RFID swipe cards of any of his colleagues who entered the facility.

Show Comments

Follow PCWorld: