X

Security group going to the dogs after hoax alert

In a parody of a security alert, an anonymous correspondent warns that hackers have devised a way to remotely take over Sony's Aibo robot dog and command it to attack.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
See full bio
Stephen Shankland
2 min read
Ordinarily it's hard to find people more serious than the technicians, academics and bug experts who vigilantly comb the world for potential attacks on computer networks. But not this week.

In a parody of the warnings issued by the Computer Emergency Response Team (CERT), an anonymous correspondent posted a joke warning on Bugtraq, an electronic mailing list frequented by computer security professionals.

The hoax alert, disguised as an official CERT announcement, warns that hackers have devised a way to remotely take over Sony's Aibo robot dog and command it to attack, among other unpleasant actions.

"The buffer used to hold the variable MyOwner in the functionprocess_face() can be overflowed, reverting Aibo into experimental AiboPitBull code," the mock warning said. Other malicious programs circulating on the Internet to exploit the compromised Aibo include "PeeOnRug(), ShoeChew() and KillTheCat()."

In addition, "owners who accidentally have left their television on late at night have reported incidents of AIBO attacking their small children and pets within minutes of the airing of 'Tom Vu's Real Estate Seminar,'" the parody said.

CERT, a serious organization not given to such levity, took the posting in stride. "This is, of course, a forgery, but nonetheless pretty amusing," replied Shawn Hernan, who noted that real CERT advisories are electronically signed.

While unsigned, the anonymous author had the terminology down. In reality, buffer overflows are a genuine way to take over computers. In a buffer overflow, an attacker types in too much text in an input area such as a password field.

Under some circumstances, a computer will execute the extra text as a program, a method that a clever programmer can use to run programs without authorization. Explosive reactions to Tom Vu, however, have been known to be generated by other methods.

But the Aibo joke didn't top a similar forgery in 1996, Hernan added. "The state of the art in forged CERT advisories remains the Independence Day Advisory from a few years ago," Hernan said.

The warning referred to the movie "Independence Day," in which actors Will Smith and Jeff Goldblum destroy a flock of alien spacecraft by infecting the fleet's main computer with a virus that disabled defense shields.

"The CERT Coordination Center has received reports of weaknesses in Alien/OS that can allow species with primitive information sciences technology to initiate denial-of-service attacks against MotherShip(tm) hosts. One report of exploitation of this bug has been received," the joke said.

"The vulnerability allows the insertion of executable code with root access to key security features of the operating system. In particular, such code can disable the NiftyGreenShield(tm) subsystem, allowing child processes to be terminated by unauthorized users."