A research team from the University of Southern California and the US Postal Service has uncovered vulnerabilities in an American delivery system, potentially exposing customers to potentially fatal attacks.
The researchers, who presented their findings Monday at a security conference in San Francisco, said the problems were identified when they were conducting research for a book about the health effects of foodborne illness and the USPS.
The system, known as a delivery system for grocery items, has been used for about 60 years in the United States, and was built at a time when most people ate more prepared food, said Matthew Hohmann, a senior security researcher at the University’s Center for Information Systems Security.
The systems main flaw was in how the food was delivered, said Hohmans team, which included Matthew L. Lippman, an associate professor of information security and systems engineering at USC.
“We found that, in fact, the systems are not secure at all,” Hohman said in a statement.
“We found a few holes, but none of them could be exploited in any way.”
The researchers discovered two flaws that could have been exploited to remotely gain access to the delivery system and to obtain sensitive information.
They used two separate software programs to examine how the system was set up.
The first flaw was to take a snapshot of the data that was stored in a secure database on the delivery service’s server and then compare that with a copy of the database of customers’ private information stored on their devices.
The second flaw, the researchers said, was to find a way to obtain the customer’s email address, the address that the customer had given to the company to sign up for a delivery service, or the device’s MAC address, which uniquely identifies a device.
The delivery service was not immediately available for comment.
Hohmann said he was confident the problems would be fixed in a short time, but that it would take time for the companies to figure out how to fix the flaws.
“In general, we think it will take months before we are able to address these vulnerabilities and we think that they will take longer to fix,” he said.
Lippman said the researchers had already identified two flaws in the delivery systems that could be fixed.
“One was to make sure that the delivery process was secure,” he told reporters.
“And that’s what we’ve done.
That’s what our work is focused on.
And that’s the first problem that we found.
The second problem we found is that we’re not using any of the new software that was introduced in the last year or so to make that change.”