Your daily round-up of some of the other security stories in the news
Food delivery robots take to the streets
One hungry Londoner got a bit more than she bargained for earlier this week when her falafel and lamb cutlets were delivered via Just Eat from a local Turkish restaurant not by a motorbike courier, but by a six-wheeled robot.
Just Eat, the home delivery service, has been running trials since July of the delivery robots, developed by Starship Technologies, which was set up by two co-founders of Skype, but the felafel delivery, to an address in south-east London, was the first real-life delivery.
But hang on. How secure is your takeaway if it’s trundling around the streets in a robot delivery vehicle?
Just Eat is keen to stress that only the customer can unlock the delivery robot via a link sent to their mobile phone, and adds that the robot is tracked by humans via GPS “to the nearest inch”, as well as being equipped with alarms so that “it’s not the kind of thing that would be very useful if stolen”. It’s a whole new meaning for “meals on wheels”.
Mirai blamed for new ISP attacks
Numerous customers of UK internet providers TalkTalk and the Post Office have experienced connectivity problems over the past few days, according to reports that blame the Mirai botnet. These attacks follow one that affected Deutsche Telekom customers in Germany, whose routers were kicked offline and unable to reconnect.
Deutsche Telekom traced its trouble to activity from the infamous Mirai botnet, which infects insecure network devices and uses them to scour the internet for new victims. Unfortunately, some of the devices that get probed during Mirai’s network scans end up crashing, leading to intermittent outages and related problems.
One way you can help is to turn off the remote management feature on your own home router, if you can, regardless of which ISP you use. That not only reduces the risk that a crook might login and co-opt you into the Mirai botnet, but also takes out one potential probe point that the Mirai botnet has been attacking lately.
Simply put, the best way to avoid being part of the problem is to become part of the solution. Paul Ducklin
Police bypass iPhone encryption the old-fashioned way
How to extract evidence from locked and encrypted devices has been posing problems for law enforcers around the world. London police however have come up with an effective, if old-school, way to get around that.
Rather than having to go cap in hand to Apple to open up an iPhone that Scotland Yard’s cybercrime team thought was being used by Gabriel Yew, who was under investigation as part of an operation cracking down on fake credit cards, officers decided on a much more low-tech approach.
Having looked into whether they could legally force a suspect to place his thumb on the device’s fingerprint sensor, they decided instead simply to snatch the phone from Yew while he was using it in the street.
Officers tailed Yew and then one grabbed the iPhone from him as he was making a call. Evidence found on the phone “was crucial to the prosecution” of Yew, said police. Yew pleaded guilty to fraud and weapons offences and was sentenced to five-and-a-half years earlier this week.
Catch up with all of today’s stories on Naked Security
John
How is a police officer snatching the phone from a suspect’s hand legal? Did they arrest him at that time and take the phone before he was able to lock it?
Paul Ducklin
I assume that if they had a warrant or sufficient cause to arrest him they were entitled both to nab him and to take control of any possibly related evidence at the same time.
If they thought he was holding a bag of drugs at the time of his arrest, for example, or some other crime-related paraphernalia, I’m sure they wouldn’t have to give him a chance to chuck them away first while they asked if he’d mind being busted, but could grab the property and the suspect at the same time.