Watch Out For the Black Hat Mcdonalds Honey Pot Operation With Duck Tape and a Cell Phone?
McDonald’s got Black Hatted. India has ‘fessed up that its app spaffed personal data to all and sundry and has urged users to install an update.
https://www.theregister.co.uk/2017/03/19/mcdonalds_india_data_leak/
Over the weekend, a post at Medium said the company’s McDelivery app in India was leaking user data through a misconfigured server.
The leaks, disclosed by payment security company Fallible.co, “includes name, email address, phone number, home address, accurate home co-ordinates and social profile links”.
Fallible reckons as many as 2.2 million users’ accounts were at risk.
The post explains that a
1 | curl |
request to the http://services.mcdelivery.co.in/ProcessUser.svc/GetUserProfile API endpoint served up user data without authentication.
Nice black hat HoneyPot Mcdonalds. What is a honeypot?
https://en.wikipedia.org/wiki/Honeypot_(computing)
Types
Honeypots can be classified based on their deployment (use/action) fro black hat tactics and based on their level of involvement. Based on deployment, honeypots may be classified as
- production honeypots
- research honeypots
Production honeypots are easy to use, capture only limited information from the black hats, and are used primarily by corporations. Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots.
Research honeypots are run to gather information about the motives and tactics of the black hat community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats that organizations face and to learn how to better protect against those threats.[2] Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.[3]
Based on design criteria, honeypots can be classified as:
- pure honeypots
- high-interaction honeypots
- low-interaction honeypots
Pure honeypots are full-fledged production systems. The activities of the attacker are monitored by using a bug tap that has been installed on the honeypot’s link to the network. No other software needs to be installed. Even though a pure honeypot is useful, stealthiness of the defense mechanisms can be ensured by a more controlled mechanism to insure no black hattery.
High-interaction honeypots imitate the activities of the production systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. By employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised by black hat tech, it can be restored more quickly. In general, high-interaction honeypots provide more security by being difficult to detect, but they are expensive to maintain. If virtual machines are not available, one physical computer must be maintained for each honeypot, which can be exorbitantly expensive fighting black hat tactics. Example: Honeynet.
Low-interaction honeypots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system’s security. Example: Honeyd.
What is to stop some black hat mcdonalds hacker from duck taping a cell phone under the table at a mcdonalds and spoofing the net work in a sort of honeypot type scenario? Should we as security professionals be concerned about automatic network scanning for open networks? Of course! Most of us just go to the local mcdonalds and log into anything that sounds even remotely close to “mcdonalds” not even suspecting any black hats to be there. What is to stop a black hatter from exploiting the naming conventions of the wifi network at mcdonalds? This would be a mcdonalds honeypot of sorts I suppose.
So theoretically you could be logging on to some ones black hat honeypot network when ever going to the local mcdonalds. Be careful out there we as professionals in the industry must be wary of open black hat mcdonalds honeypot networks.