Online Backups Hema USB sticks were publicly accessible




The files that users of USB + -geheugensticks HEMA through the appropriate back-up program put online, were for everyone to see, discovered the Hague hackerspace Revspace. HEMA has reached the sticks from the market.

Who online storage used in the USB stick, has in theory its name, address, telephone number, password and contents of files thrown on the street, claiming Revspace based on its own research. Users must, according to the hackers consider identity theft.

Buyers of the USB + -geheugensticks could stick with a program on the online back-up files. The software was previously the folders on the drive to which the content synced automatically. Users had to sign up for it through a site whose connection was not properly secured. The registration details are mailed remarkably to a Gmail address from the address The domain is actually in the hands of Apple, which has nothing to do with the procedure.

The installed Windows application communicated internally at all unencrypted with the Amazon’s servers, whose S3 Storage ended up files. “Anyone who can connect bleeding, so can read along: your network administrator, your ISP, investigative services, but also people with your Wi-Fi password,” writes Revspace.

The software on the server contained multiple vulnerabilities and was among others vulnerable to SQL injection. Download user files was already ‘child’, in the words of Revspace, for anyone who knew the username and filename or could guess: https addresses were to reach them.

Lastly, it was the source code of the server application, including important password, street. HEMA employs the services of a supplier to the USB sticks. The HEMA would already have been informed in July, but still would occur several security issues with the supplier. However, the USB sticks have been withdrawn from the market and stopped the registration of new users. Opposite reports the HEMA to have contact with the supplier and an independent consultant “to take steps to ensure that this product meets the requirements that we and our customers can adjust to it.”



In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »