Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Los Angeles Considering Census of Seismically Unstable Buildings
August 27, 2013 —
CDJ STAFFIn 1994, after the Northridge earthquake lead to the deaths of 57 people and $2 billion in damage, the Los Angeles City Council considered making a list of buildings that were vulnerable to failure in earthquakes and mandating that they be made seismically sound. The measure did not come to pass.
Tom LaBonge, a member of the council, is seeking to finally get that inventory done. According to the Los Angeles Times, thousands of buildings in Los Angeles were constructed with a ground floor level that is insufficient to support the rest of the building in the event of an earthquake. These “soft-story” buildings can be reinforced to better resist earthquakes, but first they need to be identified.
Owners of apartment buildings worry about the cost of the retrofits, suggesting that if the city is going to come up with mandatory retrofits, they should also “help property owners pay for it,” as Beverly Kenworthy, the executive director of the Los Angeles division of the California Apartment Association told the Times.
San Francisco recently did require retrofits, finding about 3,000 apartment buildings that were at seismic risk. Still, San Francisco doesn’t seem to have moved any faster than Los Angeles, as they were responding to the Loma Prieta earthquake of 1989, seven years before the Northridge quake.
Read the court decisionRead the full story...Reprinted courtesy of
U.S. Housing Starts Exceed Estimates After a Stronger December
January 04, 2018 —
Sho Chandra - BloombergOriginally Published by CDJ on February 16, 2017
Builders started work on more U.S. homes than forecast in January after an upward revision to starts in the prior month, a sign construction was on a steady path entering 2017.
Residential starts totaled an annualized 1.25 million, easing from a 1.28 million pace in the prior month, a Commerce Department report showed Thursday. The median forecast of economists surveyed by Bloomberg was 1.23 million. Permits, a proxy for future construction, increased at the fastest pace since November 2015 on a pickup in applications for apartment building.
Read the court decisionRead the full story...Reprinted courtesy of
Sho Chandra, Bloomberg
Court of Appeal Holds Only “Named Insureds” May Sue for Bad Faith Under California FAIR Plan Policy
May 10, 2021 —
Valerie A. Moore & Kathleen E.M. Moriarty - Haight Brown & Bonesteel LLPIn Wexler v. California Fair Plan Association (No. 303100, filed 4/14/21), Brooke Wexler’s parents insured their residence, which was located in a mountainous high-fire risk area, with a California FAIR Plan Association owner-occupied dwelling policy. The policy only listed Wexler’s parents and did not name Wexler, their adult child, under the policy’s “Insured Name” section. The FAIR Plan expressly disclaimed coverage for “unnamed people,” referred to by the court as the “no-coverage-for-unnamed-persons clause.”
FAIR Plan was created by the Legislature in 1968 and is a joint reinsurance association created to give homeowners in high risk areas access to basic property insurance and is a self-described “insurer of last resort.”
Reprinted courtesy of
Valerie A. Moore, Haight Brown & Bonesteel LLP and
Kathleen E.M. Moriarty, Haight Brown & Bonesteel LLP
Ms. Moore may be contacted at vmoore@hbblaw.com
Ms. Moriarty may be contacted at kemoriarty@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Motion to Dismiss Insurer's Counterclaim for Construction Defects Is Granted
June 29, 2017 —
Tred R. Eyerly - Insurance Law HawaiiThe court granted the insured's motion to dismiss the insurer's counterclaim arising out of construction defects. Centrex Homes v. Zurich Specialties London Limited, et al., 2017 U.S. Dist. LEXIS 77212 (D. Nev. May 19, 2017).
Centrex, the general contractor, was sued by homeowners in a residential development known as Liberty Hill Estates. The suit alleged that defective work had been performed by Centrex's subcontractors, one of which was Valley Concrete Company, Inc. The insurer had issued a policy to Valley and Centrex was an additional insured. The insurer agreed to defend, but only paid a portion of the defense fees and costs because the policy only covered Centrex as to liability arising from Valley's work. The insurer refused to pay defense costs incurred prior to March 28, 2012 the date of notice of claims arising from Valley's work.
Centrex then filed suit against the insurer alleging breach of contract and bad faith. The insurer filed a counterclaim seeking a declaration that it had no duty to defend. The insurer claimed that Centrex failed to cooperate by unilaterally switching counsel without prior notification to the insurer. This deprived the insurer of the right to control the defense and discharged the insurer's obligations under the policy. Centrex moved to dismiss the counterclaim.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly - Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Enforceability Of Subcontract “Pay-When-Paid” Provisions – An Important Update
June 15, 2020 —
Patrick McNamara - Porter Law GroupA California Court of Appeals opinion published earlier this month brings a change to payment bond claims brought by unpaid subcontractors and suppliers. The decision (Crosno Construction, Inc. v. Travelers Casualty and Surety Company of America) places limitations on a payment bond surety’s ability to rely on subcontract “pay-when-paid” language, stating that a payment provision typically found in subcontracts is contrary to the “reasonable time” statutory requirement and will not be enforced. This represents a major shift in California construction payment bond claim rights.
Plaintiff Crosno Construction, Inc. (“Crosno) was a subcontractor to general contractor Clark Brothers (“Clark”), who was principal on a public works payment bond issued by Travelers. The owner was a public agency district (“District.”) Crosno had completed most of its subcontract work when a dispute between District and Clark arose, causing the project to stop. Crosno then sought payment through a payment bond claim against Travelers. Travelers denied the claim, relying on the subcontract’s payment provisions and asserting the defense that it had no obligation to pay on the bond claim because the litigation between Clark and the District had not yet reached its conclusion.
Subcontract. The subcontract between Clark and Crosno contained a “pay-when-paid” provision stating that Clark would pay Crosno within a reasonable time after receiving payment from the District. In defining “a reasonable time,” the subcontract language provided that the time for payment “in no event shall be less than the time [Clark] and [Crosno] require to pursue to conclusion their legal remedies against [District] or other responsible party to obtain payment.”
Read the court decisionRead the full story...Reprinted courtesy of
Patrick McNamara, Porter Law GroupMr. McNamara may be contacted at
pmcnamara@porterlaw.com
Construction Defect Bill a Long Shot in Nevada
June 28, 2013 —
CDJ STAFFConstruction defect reform may still be on the table in Nevada, according to the Reno Gazette Journal. Assembly member Pat Hickey got a committee hearing for Assembly Bill 504 on Sunday. The bill is backed by the construction industry and opposed by trial lawyers. Hickey told the Assembly Commerce and Labor committee that “this bill is not perfect, I would like for it to do more,” and said that without changes Nevada will “continue to reward litigation over resolution.”
AB504 would, among other provisions, provide some protection to subcontractors from the actions of general contractors, though Ira Hansen, an assembly member from Sparks and the owner of a plumbing business, called it a “backhanded slap.” The Gazette noted that similar language pertaining to subcontractors was in AB367, which is sponsored by Democrats. Hickey and Hansen are both Republicans.
Read the court decisionRead the full story...Reprinted courtesy of
Best Practices: Commercial Lockouts in Arizona
April 10, 2023 —
Patrick Tighe - Snell & Wilmer Real Estate Litigation BlogIf a tenant defaults under a commercial lease, Arizona law permits the landlord to re-take possession of the premises by locking out the defaulting tenant. However, if the landlord’s lockout is wrongful, the landlord may be liable for the damages the tenant sustains because of the wrongful lockout. To minimize such liability, here are some general best practices to follow when locking out a defaulting tenant:
- Do Not Breach the Peace. It is vital when performing a lockout to not breach the peace. What constitutes a “breach of the peace” depends on the particular circumstances at hand. For example, if a tenant arrives during the lockout and becomes angry or threatens violence, the landlord should stop performing the lockout and return at a later time. As a general rule of thumb, it is best to perform lockouts in the early morning hours or in the late evening hours when the landlord is less likely to encounter the tenant.
- Provide A Notice of Default. Many commercial leases require the landlord to provide a notice of default before the landlord can lock out a defaulting tenant. Check, double check, and triple check that the landlord followed the lease’s notice of default provisions correctly, including that the landlord sent the notices to all required parties in accordance with the time requirements set forth in the lease.
Read the court decisionRead the full story...Reprinted courtesy of
Patrick Tighe, Snell & WilmerMr. Tighe may be contacted at
ptighe@swlaw.com
