Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Insurer's Motion for Summary Judgment on Faulty Workmanship Denied
June 04, 2024 —
Tred R. Eyerly - Insurance Law HawaiiThe court found that the insurer failed to meet its burden on summary judgment seeking a judgment that faulty workmanship precluded coverge. Auto-Owners Ins., Co. v. AAA Discount Homes, LLC, 2024 U.S. Dist. LEXIS 48463 (S.D. Ga. March 19, 2024).
Heather Way sued AAA Discount Homes, LLC and Delta Transport & Management, Inc. for manufacturing defects found in a manufactured home which was delivered and assembled by Delta. Way had contracted with AAA for the construction, delivery, assembly, setting, tie down with brick underpinning steps and construction of front and back porches. AAA, assisted by Delta, delivered the home and assembled it, including raising the roof, over the course of a few days.
Subsequently, Way discovered extensive water damage and mold in the home. Way alleged that AAA and its subcontractors made careless, unsafe, and unsuccessful attempts at removing the old and repairing the water damage. The presence of chemicals in the home made it uninhabitable. Way alleged the home was improperly assembled by Delta and its negligence resulted in damages.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Deadly Fire in Older Hawaii High-Rise Causes Sprinkler Law Discussion
July 19, 2017 —
David Suggs – Bert L. Howe & Associates, Inc.Last Friday, at least three people died and twelve were injured during a fire at a Honolulu high-rise that did not have sprinklers, according to CBS News. The fire began on the 26th floor and spread to at least the 28th floor and several units, the Honolulu Fire Department spokesman, Captain David Jenkins, stated.
“Without a doubt if there were sprinklers in this apartment, the fire would be contained to the unit of origin,” Captain Jenkins concluded, as reported by CBS News.
The Marco Polo development “was built four years before Honolulu required fire sprinkler systems in new residential high-rises,” the LA Times reported. “In 2005, the Honolulu City Council created a task force to estimate the cost of retrofitting and installing fire sprinkler systems in about 300 residential condominium buildings. A report estimated that retrofitting the Marco Polo would cost $4,305.55 for each unit.” A separate report estimated the cost would be $4.5 million to retrofit the entire building.
According to Samuel Dannway, chief fire protection engineer for Coffman Engineers in Honoloulu, stated that the owners “lobbied strongly against any retrofitting” due to cost.
Retrofitting sprinklers is more challenging in residential high-rises than office buildings, Glenn Corbett, associate professor of fire science at John Jay College of Criminal Justice in New York told the LA Times. “Wall after wall, you have to penetrate with piping, and that means moving people around in apartments,” Corbett said. “They can’t live there while workers are drilling holes in their walls.”
Mayor Kirk Caldwell stated that Honolulu “needs to look at passing a new law requiring sprinklers in older high-rises.”
Read the full story, CBS News...
Read the full story, LA Times...
Read the court decisionRead the full story...Reprinted courtesy of
Suffolk Pauses $1.5B Boston Tower Project for Safety Audit After Fire
April 22, 2024 —
James Leggate - Engineering News-RecordThe team building the $1.5-billion, 51-story South Station Tower in Boston voluntarily shut down the jobsite April 9 for a safety stand down and audit after a small fire broke out, according to contractor Suffolk Construction. No one was injured.
Reprinted courtesy of
James Leggate, Engineering News-Record
Mr. Leggate may be contacted at leggatej@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
In All Fairness: Illinois Appellate Court Finds That Arbitration Clause in a Residential Construction Contract Was Unconscionable and Unenforceable
August 22, 2022 —
Gus Sara - The Subrogation StrategistIn Bain v. Airoom, LLC, No. 1-21-001, 2022 Ill. App. LEXIS 241, the Appellate Court of Illinois (Appellate Court) considered whether the lower court erred in enforcing an arbitration clause in a construction contract between the parties and, as a result, dismissing the plaintiff’s lawsuit. The Appellate Court found that even if the arbitration clause was enforceable, the appropriate action would have been for the court to stay the lawsuit, as opposed to dismissing the case entirely. The Appellate Court then considered the language of the arbitration clause and found that several provisions were substantively unconscionable, which rendered the entire arbitration clause unenforceable. The Appellate Court reversed the lower court’s decision compelling arbitration and reinstated the plaintiff’s complaint.
In 2018, the plaintiff, Ms. Bain, a disabled senior citizen, hired the defendant, Airoom, LLC (Airoom), to renovate her home. Airoom provided its “Cash Sales Contract,” which included a binding arbitration clause. The clause required that any dispute arising or relating to the contract be resolved by binding arbitration through the American Arbitration Association (AAA), using the Construction Industry Arbitration Rules and Mediation Procedures (Construction Industry Rules).
Read the court decisionRead the full story...Reprinted courtesy of
Gus Sara, White and WilliamsMr. Sara may be contacted at
sarag@whiteandwilliams.com
America’s Infrastructure Gets a D+
March 16, 2017 —
Garret Murai – California Construction Law BlogThe American Society of Civil Engineers (ASCE) has issued their 2017 Infrastructure Report Card, which assigns a letter grade to the nation’s infrastructure.
Our country’s grade in 2017? A disappointing D+.
Although, if you’re a glass half full kind of person (bless your soul) at least our grade didn’t fall since the last report card was issued in 2013, when our grade was a D+ as well.
In short, we suck. Although, apparently, we don’t suck evenly across the board.
ASCE has divided its cumulative GPA into grades for specific courses, if you will. Our transit systems received a grade of D-; our airports, dams, drinking water and waste water plants, inland waterways, levees and roads received a grade of D; our power plants, hazardous waste plants, public parks and schools received a grade of D+; our bridges, ports and solid waste plants a grade of C+, and our rail systems received a grade of B.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
In Real Life the Bad Guy Sometimes Gets Away: Adding Judgment Debtors to a Judgment
January 05, 2017 —
Garret Murai – California Construction Law BlogAs most litigators will tell you a plaintiff in a civil lawsuit needs to be able to prove both liability and damages to win a case. That is, you need to show both that the defendant is liable under the law and that you have suffered damages as a result. Proving one but not the other and you’ll lose the case.
But there’s one other consideration that is just as important, albeit often elusive, and that is, collectability. Even if you win the case, if you can’t collect on the judgment, you might as well have lost.
The following case, Wolf Metals, Inc. v. Rand Pacific Sales, Inc., California Court of Appeals for the Second District, Case No. B264002 (October 25, 2016), describes some of the remedies available, procedures to follow, and difficulties confronted when obtaining a default judgment against a judgment-proof defendant.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
Proposed Legislation for Losses from COVID-19 and Limitations on the Retroactive Impairment of Contracts
July 27, 2020 —
Shaia Araghi - Newmeyer DillionThe COVID-19 pandemic has caused most businesses to temporarily close and, as a result, sustain significant losses. Various states are contemplating the passage of legislation to require carriers to cover claims arising from COVID-19, but case law regarding the constitutionality of such legislation is conflicting. Depending on the facts surrounding retroactive legislation, states may be able to pass an enforceable law leading to coverage.
Pennsylvania’s Proposed Legislation for Business Interruption Losses
Pennsylvania is one of many states that has proposed legislation to override language in business interruption policies and require coverage from insurance carriers. Pennsylvania House Bill 2372 proposes that any insurance policy that covers loss or property damage, including loss of use and business interruption, must cover the policyholder’s losses from the COVID-19 pandemic.1 It applies to insureds with fewer than 100 employees.2 To enhance its chances to pass constitutional challenges, the House Bill also provides for potential relief and reimbursement through the state’s commissioner.3 Pennsylvania Senate Bill 1127 is broader than House Bill 2372 and most bills proposed in other states and would require indemnification for nearly all insureds.4 The Senate Bill makes important legislative findings and notes that insurance is a regulated industry.5 It essentially provides that an insurance policy insuring against a loss relating to property damage, including business interruption, shall be construed to cover loss or property damage due to COVID-19 or due to a civil authority order resulting from COVID-19.1 The proposed bill redefines “property damage” to include: (1) the presence of a person positively identified as having been infected with COVID-19; (2) the presence of at least one person positively identified as having been infected with COVID-19 in the same municipality where the property is located; or (3) the presence of COVID-19 having otherwise been detected in Pennsylvania.
Read the court decisionRead the full story...Reprinted courtesy of
Shaia Araghi, Newmeyer DillionMs. Araghi may be contacted at
shaia.araghi@ndlf.com
