The 10 weirdest, wildest, most shocking security exploits ever

Ditching Java and keeping your browser up-to-date can't protect against bad guys gunning for smart thermostats, smart TVs, and cybernetic implants.

This ain't your momma's Internet

Update your browser. Ditch Java. Don't click weird links from even weirder people. Ho-hum. The basic tenets of PC security are burned into the brains of most Web surfers by now. The old malware tricks just don't work as well anymore.

Surprise! Bad guys are getting creative. (Never underestimate the oh-so-powerful combination of greed, boredom, and cleverness.) Rather than targeting Internet Explorer, now they're gunning for your virtual machine, your video games, and your Web-connected thermostat.

"The more digital our lives become, the greater the number of potential nontraditional entry points for cybercriminals attempting to steal data and wreak havoc," says McAfee Labs security strategist Toralv Dirro, who referred us to some of the wild exploits highlighted here. Grab your tinfoil hat, and let's take a walk down wacky-hack lane.

The chamber of chaos

First things first: Many of the more exotic exploits in this collection have been identified by security researchers, but not found in the wild. But before you write off these dangers as tomfoolery confined to labs alone, consider the terrifying case of the U.S. Chamber of Commerce.

In 2010, the Chamber was the subject of a deep and complicated intrusion. The penetration was so thorough that once authorities discovered the problem, the Chamber found it easier to destroy some PCs completely rather than scrub them clean.

That's scary, but what happened after the problem was "eliminated" is even more frightening: One of the Chamber's thermostats was found to be communicating with Chinese servers, while one executive's printer began spitting out pages composed entirely in Chinese. And that brings us to the next wild exploit…

I peep at your printer

The convenience of network- and Web-connected printers can't be overstated—printing from anywhere is awesome—but many of those Web-connected printers sit outside of firewalls, just waiting for an enterprising hacker to say hello. A pair of January reports highlighted the potential peril lurking inside printers.

First, ViaForensics researcher Sebastian Guerrero identified vulnerabilities in HP's JetDirect technology that hackers could attack to crash the hardware or, even worse, gain access to previously printed documents. App developer Andrew Howard followed up with a blog post detailing how a "quick, well-crafted Google Search" can identify tens of thousands of Web-accessible HP printers. Ruh-roh, Raggy!

Printer exploits aren't new, but as traditional exploits become less effective, wide-open office devices become big fat targets.

Too smart for their own good

Bad things are starting to pop up on Internet-enabled "smart TVs," and no, I'm not talking about streaming episodes of Here Comes Honey Boo Boo.

"Modern TVs are also attractive targets, especially for advanced attackers," says McAfee's Dirro. "Of all the systems that are being checked if a compromise is suspected, TVs are probably the last place to look. In December, a security company in Malta that sells 'zero-day' exploits announced that they have a remote code execution vulnerability for [Samsung Smart TVs]."

Big deal, you say? Consider that some connected TVs sport integrated webcams and microphones, and that all of them can store login information for your Web-connected accounts. The aforementioned zero-day exploit gives hackers root-level access to your TV and can also help them snoop through a USB drive connected to your boob tube.

Why DRM sucks, part 3279

The lips of PC gamers across the world often curl into a snarl whenever the words "digital rights management" are uttered. In particular, gamers frequently single out Ubisoft's DRM implementations for the depths of their sucktitude. Said sucktitude reached new lows in July of last year, when it was discovered that Ubisoft's Uplay service silently installed a sloppily coded browser plugin that hackers could exploit to gain control of a gamer's computer. Gee, thanks, Assassin's Creed 2.

Fortunately, Ubisoft patched the hole mere hours after its discovery—with nary an apology, natch—and there's no evidence that anyone ever used it maliciously.


The Ubisoft flaw isn't the only unorthodox video game exploit around. Late last year, ReVuln—the same company that discovered the smart-TV exploit—found that the steam:// protocol of Valve's Steam application can be exploited to launch malicious code.

The problem actually lies in browsers that automatically execute steam:// commands without a confirmation warning (Safari) or with minimal information (Firefox). Once malicious code gains permission to run, it can then use Steam's legit capabilities or known vulnerabilities to fill your hard drive with all sorts of nasty stuff. Moral of the story? Don't set your browser to automatically allow Steam protocol executions.

Bait-and-switch done wrong

Just a few weeks back, Kaspersky researchers discovered two apps in the Google Play Store—DroidCleaner and Superclean—that purport to restart all the running services on your phone, but get nasty when you connect your Android handset to your Windows PC as a disk drive (say, to transfer music or pictures).

If your PC has AutoRun enabled, code that the app hid deep in the root of your phone's SD Card executes and installs the malware. Once entrenched, the malware monitors your microphone. If it notices sound, it begins recording the audio, which it then encrypts and sends to the malware's master.

Devastating? Probably not. A novel twist on an old AutoRun vulnerability? Yes, indeed.

Yes, VMs can play Crisis

Enhanced security is one of the big benefits of running a virtualized PC—if the crud hits the rotating blades, you can simply wipe the disc image and start anew. But a piece of malware called Crisis turns that notion on its head.

Symantec reports that once Crisis settles in on your computer—you first have to download a malicious JAR file—it looks for VMware virtual machine images stored on the hard drive. If it finds one, it embeds itself in the virtual machine using the VMware Player tool. This isn't actually a VMware vulnerability, but rather an unfortunate side effect of the nature of virtual machines—they're basically lines of code stored on your physical machine. For its part, VMware says that encrypting VM images can thwart Crisis.

I'm in ur base, spying on ur d00dz

That fancy videoconferencing setup your company purchased could be the proverbial fly on the wall for bad guys. "Some videoconferencing systems are accessible via the Internet and present the perfect target for listening in on a company’s secret videoconference calls," says McAfee's Dirro.

In 2010, security researchers were able to take advantage of multiple vulnerabilities in Cisco's Unified Videoconferencing products to completely compromise the devices, granting full access to the hardware as well as to any networks the hardware was connected to. (Cisco quickly patched the flaws.)

In January 2012, security researchers found that as many as 150,000 videoconferencing systems are configured to answer calls automatically, which basically gives bad guys unfettered ears and eyes in your building—unfettered ears and eyes with strong microphones and zoom lenses. Check your settings!

Simon says 'Pwned'?

In 2007, ZDNet's George Ou discovered that it's possible to create an audio file that barks out Windows Speech Recognition commands, which your computer duly follows.

Why wasn't the Net deluged with websites whispering dulcet word-hacks? Because the exploit simply isn't practical. You'd have to have Windows Speech Recognition activated and paired with a working speaker and microphone, plus you'd have to sit by—silent and unmoving—while your PC spit out deliberate navigational commands. Even if all that happened, Windows' UAC protection would block the attack from running privileged functions.

As far as I can tell, the vulnerability hasn't been plugged, and it can delete your files or point your browser toward malicious websites. Even so, I agree with Microsoft's Security Response Team, which basically said not to sweat it.

Bad-news Borg

If Inspector Gadget ever tries to give you a hug, run away screaming. The cybernetics that seem so cool in games like Deus Ex and other works of fiction are open to the same exploits as any other electronic device, as evidenced by the ominous tale of Mark Gasson, the first human being to contract a computer virus.

Gasson, a cybernetics expert at the University of Reading, infected an RFID implant embedded in his hand with a custom-made virus, which jumped to his lab's computers and then infected the RFID swipe cards of any of his colleagues who entered the facility.

The scientist's proof-of-principle attack highlighted the need for caution in a society that already includes people walking around with mechanical hearts and deep brain stimulators. "A denial-of-service attack on a pacemaker, if such a thing were possible, would of course be very detrimental," Gasson told TechNewsDaily.

Today's Best Tech Deals

Picked by PCWorld's Editors