CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Security group going to the dogs after hoax alert

In a parody of a security alert, an anonymous correspondent warns that hackers have devised a way to remotely take over Sony's Aibo robot dog and command it to attack.

Ordinarily it's hard to find people more serious than the technicians, academics and bug experts who vigilantly comb the world for potential attacks on computer networks. But not this week.

In a parody of the warnings issued by the Computer Emergency Response Team (CERT), an anonymous correspondent posted a joke warning on Bugtraq, an electronic mailing list frequented by computer security professionals.

The hoax alert, disguised as an official CERT announcement, warns that hackers have devised a way to remotely take over Sony's Aibo robot dog and command it to attack, among other unpleasant actions.

"The buffer used to hold the variable MyOwner in the functionprocess_face() can be overflowed, reverting Aibo into experimental AiboPitBull code," the mock warning said. Other malicious programs circulating on the Internet to exploit the compromised Aibo include "PeeOnRug(), ShoeChew() and KillTheCat()."

In addition, "owners who accidentally have left their television on late at night have reported incidents of AIBO attacking their small children and pets within minutes of the airing of 'Tom Vu's Real Estate Seminar,'" the parody said.

CERT, a serious organization not given to such levity, took the posting in stride. "This is, of course, a forgery, but nonetheless pretty amusing," replied Shawn Hernan, who noted that real CERT advisories are electronically signed.

While unsigned, the anonymous author had the terminology down. In reality, buffer overflows are a genuine way to take over computers. In a buffer overflow, an attacker types in too much text in an input area such as a password field.

Under some circumstances, a computer will execute the extra text as a program, a method that a clever programmer can use to run programs without authorization. Explosive reactions to Tom Vu, however, have been known to be generated by other methods.

But the Aibo joke didn't top a similar forgery in 1996, Hernan added. "The state of the art in forged CERT advisories remains the Independence Day Advisory from a few years ago," Hernan said.

The warning referred to the movie "Independence Day," in which actors Will Smith and Jeff Goldblum destroy a flock of alien spacecraft by infecting the fleet's main computer with a virus that disabled defense shields.

"The CERT Coordination Center has received reports of weaknesses in Alien/OS that can allow species with primitive information sciences technology to initiate denial-of-service attacks against MotherShip(tm) hosts. One report of exploitation of this bug has been received," the joke said.

"The vulnerability allows the insertion of executable code with root access to key security features of the operating system. In particular, such code can disable the NiftyGreenShield(tm) subsystem, allowing child processes to be terminated by unauthorized users."