Daily Archives: July 12, 2016

Wendy’s Hack Bigger Than Originally Thought

wendys

Wendy’s, the famous fast food chain from Dublin, Ohio, originally announced in January that it was investigating a potential hack resulting in a breach of customers’ credit and debit card information. In May, Wendy’s company leaders stated that less than 300 restaurants were affected by the infiltration. However, this past week, Wendy’s officials announced over 1,000 restaurants nationwide were subject to this theft.

With over 5,700 restaurants in the United States, it is safe to say that
if you have visited a Wendy’s in the past year and used a credit or debit card it would be wise to check your accounts to make sure no fraudulent purchases were made. To see which Wendy’s locations were affected, check their website here. Wendy’s has stated it will offer free credit monitoring for one year for those who used a card at any of those restaurants.
“We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyber attacks involving some Wendy’s restaurants,” said Todd Penegor, President, and Chief Executive Officer. “We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures.”

How Did This Occur?
The variant of malware that caused the breach occurred due to Wendy’s service providers’ access credentials being compromised. This allowed criminals access to the
point-of-sale system at many locations. When this access was gained by the criminals, they were allowed to place a string of malware capable of removing customers’ personal card numbers.
The scariest thing is that most companies could not have prevented this type of attack.
Without Deception Technology and advanced forensic collection there would be no way to know that these attackers were on the network with trusted credentials.

What Can Consumers Do to Prevent This?
Free credit monitoring is available from companies like Credit Sesame, Credit Karma, and WalletHub. These sites offer credit scores, credit reports, and most important to this discussion, 24/7 monitoring. When abnormalities in spending occur, you will be notified.
Sadly, there is not much more you can do to completely stop a hack like this, other than not using credit and debit cards altogether. I know, I know, this sounds like torture to
some; we are all enamored with the bonus points, free miles, cheaper hotel rooms and other perks of credit cards as well as the ease of not carrying cash around. But the potential of having your accounts hijacked really should cause some pause when using such cards.
The key to it all is this – if you are going to use your cards, make sure you are checking your accounts frequently to make sure no fraudulent purchase are being made. And change your passcodes regularly.

Hackers Can Steal Your ATM PIN from Your Smartwatch Or Fitness Tracker

Here is something to think about:
Smartwatch

As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially.

A recent study from Binghamton University also suggests your smartwatch or fitness tracker is not as secure as you think – and it could be used to steal your ATM PIN code.

The risk lies in the motion sensors used by these wearable devices. The sensors also collect information about your hand movements among other data, making it possible for “attackers to reproduce the trajectories” of your hand and “recover secret key entries.”

In the paper, titledFriend or Foe?: Your Wearable Devices Reveal Your Personal PIN,” computer scientists from the Stevens Institute of Technology and Binghamton University used a computer algorithm that can guess your password and PIN with about 80% success rate on the first attempt, and over 90% of the time with 3 tries.

Retrieving Passwords and PINs Using this Algorithm

Researchers say their “Backward PIN-Sequence Inference” algorithm can be used to capture anything a person type on any keyboard – from automatic teller machine or ATM keypads to mobile keypads – through infected smartwatches, even if the person makes the slight hand movements while entering PINs.

“The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand’s pose,” reports Phys.org.

Although the researchers do not name specific wearable devices that are vulnerable, they note that attackers can record information about your hand movements…

…either directly by infecting your wearable device with malware or remotely by intercepting the Bluetooth connection that links your wearable device to your phone.

The bottom Line:
The team says it doesn’t have any robust solution to prevent this attack but recommends manufacturers and developers to confuse attackers by inserting “a certain type of noise data” that would allow the device to be still used for fitness tracking, but not for guessing keystrokes.