GOT(IT) #6: John Kelly’s phone compromised, Home Mini listened several users, plus Equifax hacked (again)

John Kelly Phone.jpgBYOD (Bring Your Own Device) can cause security headaches if not handled properly, and this time, White House’s Chief of Staff John Kelly caused a heavy migraine to the States’ tech support.

However, GOT(IT) #6 isn’t all about security breaches inside the White House; we also have Google living up to their similarities with Skynet (their new Home Mini actively recorded several users); and a recurrent visitor of IT Security headlines, Equifax, who has yet again suffered an attack.

Equifax’s Website Injected Adware to Visitors

EquifaxHack2.jpgEarlier this year the credit reporting agency Equifax was breached in one of the most sensible data losses of all time. The attackers gained access to Social Security Numbers, names, addresses, and credit cards of millions of US clients.

This Thursday the company took down part of its website, which reportedly was infected with malign adware that tricked users into installing the crapware Adware.Eorezo. Randy Abrams, an independent security analyst, triggered the event while browsing Equifax’s website and found himself facing a bogus website that pretended to be a Flash Player update.

The company explained on its official statement that “the issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content”.

To the already shocked customers’ relief, Equifax emphasized that their systems were not compromised by this malicious code. However, the series of security flaws is starting to affect the firm’s reputation: the IRS has temporarily suspended a $7.2 Million no-bid contract with Equifax.


Google’s Home Mini Listened and Recorded Several Users.

Home Mini.jpg

We all make the Skynet-Google similarity joke once in a while, it’s a classic. But when personal privacy is at stake, chuckled turn into concerns. Google recently presented its latest voice assistant, the Home Mini, which they then sent to several reviewers for proper testing.

The gadget stands strong against Amazon’s Alexa in functionality, though upon review, a staggering privacy fault was discovered by the reporter Artem Russakovskii. The Home Mini which he received in Google’s launch event was, well… Listening. A lot.

Normally, to interact with the device you’d say the words “OK, Google” to catch his attention; alternatively you could also touch the device’s top button. However, when browsing his personal activity page, Russakovskii discovered the Home Mini was listening, recording, and interacting with Google’s Cloud servers without his consent.

What’s more, the reporter found out that the Mini was being triggered randomly, sending thousands of recorded “interactions” to Google.

The company’s reaction was swift: after a quick investigation, Google blamed faulty buttons on several devices Home Minis; and, in favor of their user’s privacy concerns, a massive patch was released to disable the top button on all devices and remove the activity queries created by these interactions.


John Kelly’s Personal Phone Compromised


It’s already hard to contain the risk generated by an employee who uses his own devices at work, but if business leaks sound bad, imagine how big state BYOD concerns are. Unluckily, it was reported that Chief of Staff John Kelly’s personal mobile has been compromised, probably since December 2016, when he was still Secretary of Homeland Security.

The breach was discovered by the White House’s Tech Support, after the official handed in his phone due to update-issues and several malfunctions. According to his feedback, the device wasn’t “working properly” for several months.

In the context of the recently revealed attack to the NSA by Russian hackers, this incident raises concerns about current state-sponsored actors that might be focusing on United States’ intelligence agencies and personnel.

The misuse of personal devices and email accounts has also been troubling Trump’s administration since it was reported that Senior Officials like Jared Kushner had used their personal email accounts for government issues in several instances.


What’s your headache? BYOD or the lack of regulation in IoT devices? Both matters are still being developed and defined as concepts, but IT already suffers the risks they involve.


Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.