Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Construction Needs Collaborative Planning
January 20, 2020 —
Aarni Heiskanen - AEC BusinessWhat makes construction different from manufacturing is its dynamic nature. Unlike a systemized production plant, a construction site is a mesh of interconnected processes that are far from optimized. The traditional top-down planning practice does not solve problems on the construction site, as recent research reveals. Making planning collaborative is a necessary step in making construction less wasteful.
Everybody in the industry has felt frustration with inefficiencies in construction, but seeing the data is still disconcerting. I’ve had the pleasure of attending several workshops organized by the Finnish Aalto University’s research teams. These eye-opening events both revealed how much waste we have in construction today and suggested solutions to this problem.
Four Aalto University graduate students shared insights from their research at a workshop of the Waste Workgroup of the Building 2030 consortium. They focused on projects where takt production, a lean construction method, had been used. Takt production breaks the work down into equally timed work batches and typically shortens project lead time considerably—up to 50%. However, even these well-planned projects included waste and unnecessary movement, as the researchers found out.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
Suffolk Construction Drywall Suits Involve Claim for $3 Million in Court Costs
November 11, 2024 —
Richard Korman - Engineering News-RecordSuffolk Construction lost a breach-of-contract contract lawsuit in July with a former drywall subcontractor's surety—but the contractor's payout may dramatically increase if the presiding U.S. district court judge in Miami allows the surety to collect $3 million more in requested attorneys' fees and trial costs.
Reprinted courtesy of
Richard Korman, Engineering News-Record
Mr. Korman may be contacted at kormanr@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Condos Down in Denver Due to Construction Defect Litigation
November 06, 2013 —
CDJ STAFFA new report suggests that fears of construction defect litigation may be the cause of the slump in condo building in the Denver area. The Denver Business Journal reports that the Denver Regional Council of Governments commissioned the study by Economic & Planning Systems. The conclusion of the report was that the only type of condominium likely to be built is high-cost units with high profit margins. This is not good news for the DRCOG, which is seeking to create more affordable housing.
The report found that builders assess the likeliness of being sued “is nearly 100 percent,” that costs of addressing construction defects are 12% higher than at apartment complexes, and that preparing for litigation adds about $15,000 to the cost of a condo unit.
One possible remedy is to reform Colorado’s construction defect laws. Bob Muphy, the mayor of Lakewook and an advocate of construction defect litigation reform, said that he sees “this as a verification of what I’ve been talking about.”
Read the court decisionRead the full story...Reprinted courtesy of
Gen Xers Choose to Rent rather than Buy
February 05, 2014 —
Beverley BevenFlorez-CDJ STAFFDavid Crowe reported in Big Builder that the rate of home purchases by Gen Xers is low due to “challenges” they face caused by the recent recession. According to the article, “The headship rate rises from 16 percent to 48 percent in this age group—known as Generation X—as they finish college and become financially independent. There are 42.5 million people in this age range, and they are followed by 43.9 million in the 15 to 24 age cohort.” However, the recession forced many Gen Xers to postpone “independent living, marriage, and children. Birth rates hit all-time lows in 2012 (half the level of the baby boom), and marriage rates are the lowest they’ve been in a century.”
Unemployment seems to be the major factor in why many Gen Xers are choosing to live with parents or rent instead of buying a home. Crowe stated, “Young adults continue to express the goal of owning their own homes, but many are faced with challenges such as job availability, tight credit standards, inadequate savings for a down payment, student debt, and careers that are likely to require moves.” However, the “employment picture is expected to improve.”
Read the court decisionRead the full story...Reprinted courtesy of
Colorado House Bill 17-1279 – A Misguided Attempt at Construction Defect Reform
March 29, 2017 —
David McClain - Colorado Construction LitigationOn March 17th, House Bill 17-1279, concerning the requirement that a unit owners’ association obtain approval through a vote of unit owners before filing a construction defect action, was introduced and assigned to the House State, Veterans, and Military Affairs Committee. The bill is currently scheduled for its first committee hearing on March 29th, at 1:30 in the afternoon. While, on its face, this appears to be a step in the right direction towards instituting “informed consent” before an HOA can file a construction defect action, the bill actually restricts the ability of developer to include more stringent requirements in the declaration of covenants, conditions, and restrictions for an association, thereby lowing the threshold of “consent” required to institute an action.
House Bill 17-1279 would amend C.R.S. § 38-33.3-303.5 to require an association’s executive board to mail or deliver written notice of the anticipated commencement of a construction defect action to each unit owner and to call a meeting of the unit owners to consider whether to bring such an action. Any construction professional against which a claim may attend the unit owners’ meeting and have an opportunity to address the unit owners and may include an offer to remedy any defect in accordance with C.R.S. § 13-20-803.5(3). The conclusion of the meeting would initiate a 120-day voting period, during which period the running of any applicable statutes of limitation or repose would be tolled. Pursuant to this bill, an executive board may only institute a construction defect action only if authorized by a simple majority of the unit owners, not including: 1) any unit owned by any construction professional, or affiliate of a construction professional, involved in the design, construction, or repair of any portion of the project; 2) any unit owned by a banking institution; 3) any unit owned in which no defects are alleged to exist, and/or 4) any unit owned by an individual deemed “nonresponsive.”
Read the court decisionRead the full story...Reprinted courtesy of
David M. McLain, Higgins, Hopkins, McLain & Roswell, LLCMr. McLain may be contacted at
mclain@hhmrlaw.com
Top 10 Construction Contract Provisions – Changes and Claims
November 03, 2016 —
James R. Lynch – Ahlers & Cressman PLLCThis is the seventh post in our “Top 10 Construction Contract Provisions” series. Prior posts discussed
Price and Payment,
Liquidated Damages,
Consequential Damages – Part I and
Part II,
Indemnity,
Scope of Work, and
Flow-Down Provisions.
Today’s topic, Changes and Claims, is a contender for the top spot on our list, for both day-to-day impact on the job and importance in disputes. In fact, these provisions[i] are so variable and are involved in so many reported construction law decisions, that this post will not attempt to survey all their various forms, uses, or potential legal ramifications, but instead focuses on bottom line “best practices”—questions to consider as a general contractor, subcontractor, or owner when drafting, negotiating, or managing the Changes and Claims provisions of a contract. There is no “ideal” here, and the changes and claims procedures should be suited to the project, owner, contractor(s), likely issues, and other project-specific considerations. Key considerations include the following:
1. How prescriptive is the Change Order process? At one end of the spectrum, a Change Order provision may include requirements for written direction and request by the owner and formal response by the contractor, with pricing and specific supporting data or documentation, in addition to strict timelines for response, execution, and performance, precise methods to determine the resulting contract adjustment, limits on the type or extent of adjustment, or terms defining the effect of a signed Change Order, e.g. to what extent related claims or impacts might be extinguished. At the other end of the spectrum, the Change Order provision might simply recognize that the owner may direct changes, and the parties intend to document the directions and resulting compensation in a Change Order, with no further elaboration. There is no universal ideal on this spectrum. A highly defined and prescriptive process may be appropriate for a complex, high value, multi-stakeholder project on which significant changes are likely. The same process would be an inefficient waste of resources on a small and simple project where significant changes are unlikely and the parties would be unlikely to comply with more formal procedures.
Read the court decisionRead the full story...Reprinted courtesy of
James R. Lynch, Ahlers & Cressman PLLCMr. Lynch may be contacted at
jlynch@ac-lawyers.com
Contractual Waiver of Consequential Damages
January 02, 2019 —
David Adelstein - Florida Construction Legal UpdatesContractual waivers of consequential damages are important, whether they are mutual or one-sided. I believe in specificity in that the types of consequential damages that are waived should be detailed in the waiver of consequential damages provision. Standard form construction agreements provide a good template of the types of consequential damages that the parties are agreeing to waive.
But, what if there is no specificity in the waiver of consequential damages provision? What if the provision just states that the parties mutually agree to waive consequential damages or that one party waives consequential-type damages against the other party? Let me tell you what would happen. The plaintiff will argue that the damages it seeks are general damages and are NOT waived by the waiver of consequential damages provision. The defendant, on the other hand, will argue that the damages are consequential in nature and, therefore, contractually waived. FOR THIS REASON, PARTIES NEED TO APPRECIATE WHAT DAMAGES ARE BEING WAIVED OR LIMITED, AND POTENTIALLY THOSE DAMAGES NOT BEING WAIVED OR LIMITED, WHEN AGREEING TO A WAIVER OF CONSEQUENTIAL DAMAGES PROVISION!
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin NorrisMr. Adelstein may be contacted at
dma@kirwinnorris.com
