Ynet joins Cybersecurity expert to plug hackers breach of Israel Postal Service | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

A serious security breach in the Israel Post’s computerized parcel delivery system exposed personal information of package recipients to risk of hackers. The breach was uncovered last August when hacker and Product Security Director at Playtika, Rotem Reiss, examined the system used by the service to coordinate package delivery from abroad.

He found the breach that allowed unauthorized access to the data of Israeli recipients, including the ability to manipulate it. The breach has now been addressed by the Israel Post IT division and with the assistance of Reiss and Ynet that was privy to the event.

Initially, the postal service believed the issue originated with usernames and passwords used by business owners also serving as package delivery points. The technical teams then began changing all login details and tightening cybersecurity measures – including using more complex passwords. Despite the post office setting a strong password as default in some cases, many Israelis would choose to change them to an easily remembered password like 123456.

The breach’s discovery led to a policy change that applied to all postal system users and prevented changes to passwords after it was installed at various delivery points. However, upon further investigation, it was found that the reported breach and the one the postal service addressed were different.

Reiss then instructed the postal workers on how to identify and resolve the issue he identified. It should be noted that although the breach put Israeli residents’ data at risk, the postal service said that access to payment information or full ID documents wasn’t available at any stage of the breach.

According to the Israel Post, the exposed breaches had not been exploited, however, there’s no way to fully verify this. Hackers could access systems without detection as soon as they had the login details, and it’s impossible to know whether breaches took place or not.

The issue with the Israel Post’s system isn’t specific to it but rather a widespread issue observed in Israel in recent years. Despite Israel being considered a cybersecurity power globally, the Israeli economy is still far from being as secure and protected as it should be.

Examples of cybersecurity incidents caused by vulnerabilities in data security are plentiful. In just the past year, numerous breaches have been exposed, including hacking into high-education institutions, government websites, and Iranian cyber-attacks seen on and before October 7.

Despite the Israel Post’s longwinded process to address the issue, it was ultimately addressed after coordination with Weiss and relevant technical personnel. However, it’s hard to ignore the amount of time that passed from the moment Reiss discovered the breach until it was dealt with.

“In recent years, I’ve helped numerous companies, from startups to Israeli government bodies to technology giants like Microsoft and Yahoo, by exposing security vulnerabilities in their digital assets before they were exploited by hackers,” Weiss said.

“Typically, critical vulnerabilities are fixed within hours to a few days from the moment they’re reported, but unfortunately, in this case, it took many months to issue a fix. Despite expecting that government bodies would tighten data security processes and take responsibility for the data stored there, the opposite is happening as we’ve seen with the hack of the Elector application.”

“Israelis expect that government companies will safeguard their personal information, especially in sensitive times like we’re experiencing right now,” he added.

The Israel Post said in a statement, “The application is an external one used by small businesses working with the postal service to deliver packages to recipients. The application contains limited information about the packages, primarily the item IDF and its location in the delivery center, the recipient’s name, and a phone number for sending messages.

“A few months ago, following an alert from the Israel National Cyber Directorate, an update was released to bolster the application’s security as a first step toward further upgrades. Subsequently, following Ynet’s inquiry and new information provided, another exploit was identified and recently addressed.”

(function (appid, lang) {
(function (d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id))
js = d.createElement(s); = id;
js.src = `//${lang ? lang : “en_US”}/sdk.js#xfbml=1&version=v5.0&appId=${appid}`;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));
})(646875168792966, “en_US”)


Click Here For The Original Story From This Source.


National Cyber Security