Recap 2015 — A Year of Security Vulnerabilities


The time to make new year resolutions is here. The time to wave goodbye to 2015. The time of fresh beginnings. The time to look back on the good and bad of the past year. And the time to review all that happened and move on as a better version of yourself.

Contrary to popular opinion, it’s not always external hack attacks that do the most harm. Sometimes it is inherent flaws in the system unnoticed by users until the minute they are exploited. Techworld did a great piece on security flaws of the year 2016 detailing accidental flaws in services leading to attacks in 2015.

Google Android Flaws

Google’s Android platform for smartphones has spread far and wide. Stretching across several manufacturers has made it difficult to push updates to all devices at the same time, leading to multiple security issues. In the summer of 2015, many security flaws were made public, of which Stagefright was the most devastating. Followed by Stagefright 2.0, it had a way of beating Android 5.0 lockscreen’s security code.

Anti-virus Flaws

Of all the anti-viruses, the most flawed (yet popular) AVG was first singled out by an Israeli security firm enSilo which discovered a software flaw. It was patched in two days. However, later on a Google engineer found another flaw in AVG’s Chrome browser Web Tune-Up plug-in which allowed attackers to scour through entire browsing histories.

Juniper VPN ‘Back Door’ Flaw

Apparently the VPN part of Juniper’s NetScreen firewall kit has had a backdoor since 2012. A weakness in a piece of encryption furniture called Dual_EC_DRBG random number generator contained a software flaw that allowed the insertion of a back door.


TalkTalk attacked thrice

The telecommunications company was attacked not just once, but thrice! According to the company, ‘only’ 159,959 accounts were compromised, of which 15, 656 had their bank account details compromised.

Independent’s ransomware

Independent news blog was caught serving TeslaCrypt ransomware by Trend Micro. The site was attacked several weeks before Trend informed them.