Tag Archives: Internet of Things

When it comes to dangers on the internet, we are our own worst enemies

Today’s biggest threat to the normal consumer is the consumer themselves.

This bold statement was made by Avast CEO Vincent Steckler in an interview with German technology website Valuetech in Munich last week. That’s a daring position to take after this year’s revelations about NSA spying, the theft of tens of millions of customer passwords from major retailers like Target and Home Depot, the recent Sony Pictures hack, and the normal parade of Trojan horses, worms and viruses, but it’s one that Steckler stands behind.

Watch the interview here (04:00),

Mr. Steckler has good reason for his conclusion. Here’s a few of the main points he made during the interview.

Social engineering preys on human weakness

“A lot of attacks are still using social engineering techniques; phishing emails – ways of convincing the user to give up valuable information,” said Steckler.

An example of phishing emails just occurred after Black Friday, when cybercrooks sent millions of fake purchase confirmation emails to customers of major retailers. You can read about that, as well as what to do if you are a victim,  in our blog, Fake confirmation emails from Walmart, Home Depot, others in circulation.

The Mac misconception

Mac users are well-known for proudly touting that they don’t use antivirus protection because they never have a problem with viruses. But, it’s really a numbers game.

“There is no fundamental difference,” Steckler says of the security of PCs and Macs. “Mac is not inherently any safer, as a technology, than Windows is. What makes a difference there is what is more opportune for a bad guy to attack.”

He explains that malware written for Windows can attack up to 93% of the world’s PCs. Mac malware only reaches 7-8% of the world’s PCs. The safety then lies in the lower numbers of Mac devices rather than a technical safety advantage.

Households networks are as complicated as small business networks

With the interconnectivity of household devices from household computers, mobile phones, TVs and even refrigerators, Steckler compares the typical household network to that of a small business.

“The central weakness in this ‘Internet of Things’ will be that home router – the thing that connects everything together,” says Steckler, “and basically doesn’t have any security on it.”

Avast 2015 seeks to address this lack in security by including the new Home Network Security scanner.

Internet of Things is web’s next money spinner say small businesses

We all suspected it and now we know it to be true.  Most small businesses (57 percent) are expecting the Internet of Things (IoT) – IP-connected devices, machines with sensors and cloud-based services – to make a significant impact on their bottom line.  Yet almost three quarters (71 percent) admit they are not ready from an IT security and data protection point of view.

These are just two of the key findings in AVG’s latest independent research which polled 1,770 small businesses and MSPs in the United States, Canada, the United Kingdom, Germany and Australia on a number of issues related to monetizing IoT. Over half (55 percent) of MSPs taking part in the study confirmed that customers are demanding IoT-related services and 77 percent are planning to expand their service or product portfolio to meet it. Little surprise then that only 18 percent of the small businesses we spoke to thought their IT provider was ahead of the curve when it came to their capacity to manage IoT.

So just what is IoT’s potential as a money spinner?  Well, more and more devices with built-in sensors are being connected to the Internet.  By remotely monitoring the data on these devices a business can achieve much greater all-round efficiency through raised productivity, lower costs and reduced wastage.  And as cloud services become the default way to make sense of this data you no longer need heavy up-front investment so IoT starts to become affordable for small businesses.

Our research highlighted four industries in particular – IT/telecoms, pharmaceuticals, utilities and manufacturing – that are set to make money from IoT. The IT/telecoms industry, as might be expected, is especially upbeat on IoT. Among the IT decision makers surveyed 84 percent indicate that their organization would shift its product/service offering to make the most out of the rise of IoT.  The proportion of pharmaceuticals companies looking to expand product offerings using IoT was even greater (91 percent).   Three quarters (75 percent) of utilities companies and 73 percent of manufacturers are also expecting to benefit.

Overall our study found the vibe from small businesses around IoT to be extremely positive.  If there was one note of caution it was the recognition that they need to do more about the security side of things.  They are right to be cautious. Many connected devices use the Linux operating system which has its own set of vulnerabilities as highlighted by the recent Shellshock event.  The lesson for companies is that they need to approach IoT just like the rest of their IT – by keeping them regularly updated and using identity management and user authentication.

Video

IoT Business Opportunities

A summary of the other key findings in the study were:

  • Almost half (46 percent) of SMBs think that the Internet of Things will be the IT trend that has the greatest impact on their organization over the next five years.
  • Around three fifths (62 percent) of SMB respondents report that their organization has budget specifically assigned over the next 12 months for the development of Internet of Things solutions. 49 percent have a moderate or substantial budget assigned for these solutions.
  • Only 18 percent of SMB respondents say that their IT provider is completely ahead of the curve with regard to the Internet of Things and the potential for their business. Of those with an IT provider, 68 percent feel that their provider could improve their service with regard to Internet of Things offerings and understanding.
  • The majority (84 percent) of SMB respondents say that their organization has purchased mobile devices within the last year, spending an average of over $6,500 on these devices. Of those who have purchased mobile devices within the last 12 months, SMB respondents estimate that their organization spends an average of around $4,500 in hidden costs annually.

In conclusion, the days when work was confined to an office with four walls and a locked door are gone for good.  Thanks to mobile technology and popular cloud-based applications today’s start-ups are already living in a world where doing business without walls is perfectly normal.  IoT is a further example of how small businesses are becoming more and more connected.  The flexibility and simplicity is great. But is it secure? AVG is ready to help businesses embrace IoT safely. A couple of weeks ago we announced that we will shortly expand AVG CloudCare’s capabilities to include breakthrough integration of Multi Factor Authentication, Secure Sign-On (SSO), Mobile Device Management and Mobile Application Management all managed through Active Directory to ease complexity and simplify management.

Internet of Things and Managed Workplace v9

Press Releases

IoT Video

Video

 

IoT Survey Results

Managed Workplace 9 Screenshots

 

70 Percent of MSPs Must Adapt Services to Capitalize on Internet of Things, AVG Study Reveals

AMSTERDAM and SAN FRANCISCO – October 22, 2014 – Roughly 1-in-4 (26 percent) small- to medium-sized businesses (SMBs) and managed services providers (MSPs) expect the Internet of Things (IoT) including multiple devices, wearables and Cloud-based services in general to generate more money for them than any of the other current big IT trends, according to a new survey announced today by AVG Technologies N.V. (NYSE: AVG), the online security company for devices, data and people. Almost three out of five (57 percent) SMBs agreed that IoT will help boost their revenues, a sentiment that was echoed by around two-thirds (67 percent) of MSP respondents. However just 18 percent of SMB respondents thought their IT provider was ahead of the curve regarding IoT management while 70 per cent of MSPs themselves admitted the need to adapt their services to meet customer expectations in this regard.

“Our MSP partners are telling us that the ‘Internet of Things’ is the one IT trend making an immediate difference to their bottom line and the business customers that they serve. A massive 7 out of 10 stated they need to amend their offerings to enable business growth.”  said Mike Foreman, AVG’s general manager, SMB

The study*, which interviewed 1,770 small businesses and MSPs in the U.S., Canada, the UK, Germany and Australia, also revealed more than half (55 percent) of MSP respondents say customers are demanding Internet of Things related services and over three quarters (77 percent) are planning to expand their service/product portfolio. However, they had better adapt quickly. Of those SMBs with an IT provider, 68% feel that their provider could improve their service with regard to Internet of Things offerings and understanding.

“The study shows clearly that as businesses grow to rely more and more on the Internet of Things and Cloud-based services to help generate revenue most MSPs are still some way short of being ready to help customers’ manage this,” continued Mike Foreman. “The research strongly indicates that MSPs need to significantly up their game and demonstrate enhanced levels of protection and control over their customers’ ever changing data and device needs.”

A summary of the other key findings in the study were:

SMBs

Almost half (46%) of SMBs think that the Internet of Things will be the IT trend that has the greatest impact on their organization over the next five years. An even higher proportion -around seven in ten (71%) – say that due to the Internet of Things their organization will need to take extra steps to secure and protect their data

  • Around three fifths (62%) of SMB respondents report that their organization has budget specifically assigned over the next 12 months for the development of Internet of Things solutions. 49% have a moderate or substantial budget assigned for these solutions.
  • Only 18% of SMB respondents say that their IT provider is completely ahead of the curve with regard to the Internet of Things and the potential for their business. Of those with an IT provider, 68% feel that their provider could improve their service with regard to Internet of Things offerings and understanding.
  • The majority (84%) of SMB respondents say that their organization has purchased mobile devices within the last year, spending an average of over $6,500 on these devices. Of those who have purchased mobile devices within the last 12 months, SMB respondents estimate that their organization spends an average of around $4,500 in hidden costs annually.

MSPs

  • Over half (55%) of MSP respondents state that customers are demanding Internet of Things related services and seven in ten (70% but only 56% Germany) say that they will amend their services based on the wants of the customer.
  • However, less than two fifths (38%) of MSPs say that their organization currently has an integrated remote monitoring and management platform.
  • Around three fifths (58%) of MSP respondents say that they will need to join up with cutting edge partners in order to successfully offer Internet of Things-related services. Currently only 38% of MSP respondents feel that the vendors they work with are cutting edge.
  • Furthermore around three in ten MSP respondents feel that their current vendor helps make efficiency savings (31%) or productive gains (25%) for their customers.

* AVG commissioned independent technology market research specialist Vanson Bourne to undertake this research.  1770 interviews were carried out during September 2014 with IT and marketing decision-makers of organizations with of 1 – 500 employees with and 85/15 per cent split between SMBs and MSPs. Interviews were performed across five countries: UK, US, Canada, Germany and Australia. Respondents to this research came from a range of industry sectors, with only the public sector excluded.

For more information, please see our video on the survey findings:

http://www.prnewswire.com/news-releases/70-percent-of-msps-must-adapt-services-to-capitalize-on-internet-of-things-avg-study-reveals-573155550.html

About AVG Technologies (NYSE: AVG)

AVG is the online security company providing leading software and services to secure devices, data and people.  AVG has over 182 million active users, as of June 30, 2014, using AVG’s products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVG’s products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.

All trademarks are the property of their respective owners.

Cyber Security Awareness Month: It’s on!

October is National Cyber Security Awareness Month in America and each year this program brings more and more attention to issues that should be of concern to anyone who uses a computer, plus a low of how-to information, security resources, and awareness-raising events.

The post Cyber Security Awareness Month: It’s on! appeared first on We Live Security.

What if smart devices could be hacked with just a voice?

Smartphones and wearable devices have introduced a brave new world in the way that humans and computers interact. While on the PC we used the keyboard and mouse, touch-based devices and wearables have removed the need for peripherals and we can now interact with them using nothing more than our hands or even our voices.

This has prompted the arrival of the voice activated “personal assistant”. Activated by nothing more than our voices, these promise to help us with some basic tasks in a hands-free way. Both Apple and Google added voice recognition technologies to their smart devices. Siri and Google Now are indeed personal assistants for our modern life.

Both Siri and Google Now can record our voice, translate it into text and execute commands on our device – from calling to texting to sending emails and many more.

However, these voice recognition technologies – that are so necessary on smart devices – are perhaps not as secure as we give them credit for. After all, they are not configured to our individual voices. Anyone can ask your Google Now to make a call or send a text message and it will dutifully oblige – even if it’s not your voice asking.

What if your device is vulnerable to voice commands from someone else? What if it could call a premium number, send a text message abroad, or write an email from your account without your knowledge. Over–the-air-attacks on voice recognition technologies are real, and they are not limited just to smartphones. Voice activation technologies are also coming to smart connected devices at home, like your smart TV.

As I demonstrate in this short video, the smart devices in my home do respond to my voice, however they also respond to ANY voice command, even one synthesized by another device in my home.

 

 

The convenience of being able to control the temperature of your home, unlock the front door and make purchases online all via voice command is an exciting and very real prospect. However, we need to make progress with the authentication of the voice source. For example, will children be able to access inappropriate content if devices can’t tell if it is a child speaking or a parent?

Being able to issue commands to my television might not be the most dangerous thing in the world but new smart devices, connected to the Internet of Things are being introduced every day. It may not be an issue to change the station on my television, but being able to issue commands to connected home security systems, smart home assistance, vehicles and connected work spaces is not far away.

Utilizing voice activation technology in the Internet of Things without authenticating the source of the voice is like leaving your computer without a password – everyone can use it and send commands.

 

 

There is no question that voice activation technology is exciting, but it also needs to be secure. That means, making sure that the commands are provided from a trusted source. Otherwise, even playing a voice from a speaker or an outside source can lead to unauthorized actions by a device that is simply designed to help.

 

An Emerging Threat

While we haven’t discovered any samples of malware taking advantage of this exploit in the wild yet, it is certainly an area for concern that device manufacturers and operating system developers should take into account when building for the future. As is so often the case with technology, convenience can come at a risk to privacy or security and it seems that voice activation is no different.

Car hacking – are one-third of thefts ‘electronic hacks’?

The UK government is to work with car manufacturers to prevent hackers using electronic means to break into increasingly hi-tech vehicles in Britain, after a spate of ‘car hacking’ in London, Computer World reports.

In a speech to independent think tank Reform, Home Secretary Theresa May said that thieves were using “sophisticated devices” to grab car key codes, and driving away in less than 10 seconds without using force, according to the Daily Mail.

The report claimed that “hackers” were behind a third of card thefts in London.

At the Black Hat security conference this summer two researchers launched a petition to change how car companies and technology companies work together. “We request that you unite with us in a joint commitment to safety between the automotive and cyber security industries,” the researchers said via Change.org.

Car hacking: A real risk?

In her speech to Reform, May said, “There have been reports that they could even use ‘malware’ to commandeer vehicle systems via satellites and issue remote demands to unlock doors, disable alarms and start car engines.”

“Because we have this understanding, we can now work with industry to improve electronic resilience, include this kind of resilience in the vehicle’s overall security ratings, and work out the extent to which the same threat applies to other physical assets such as building security systems.”

May’s speech echoes a series of presentations by security researchers which warn that as cars become increasingly ‘connected’, with up to 200 control units each, hacking such vehicles becomes easy.

Two researchers have concluded that this will become even easier once web browsers in cars become more common.

Hackers behind ‘third’ of crimes

Earlier this summer, a group of Chinese researchers showed off a hack which could open the doors on a Tesla S while in motion, as well as controlling other vehicle systems – and the car’s control panel, thought to run a modified version of Firefox, was claimed to be behind the hack.

Charlie Miller and Chris Valasek in their paper A Survey of Remote Automotive Attack Surfaces conclude that the danger of “hackable” cars is expanding – but is about to grow rapidly, as web browsers are added to cars.

“Once you add a web browser to a car, it’s open. I may not be able to write a Bluetooth exploit, but I know I can exploit web browsers.”

Last year a U.S senator urged auto manufacturers to change – and his open letter ignited a spate of commentary, with Market Oracle describing the crime as “cyberjacking”, and pointing out that the average family car contains 100 million lines of computer code, and that software can account for up to 40% of the cost of the vehicle, according to researchers at the University of Wisconsin-Madison.

On the researchers’ page, I am the Cavalry, they say, “Modern cars are computers on wheels and are increasingly connected and controlled by software. Dependence on technology in vehicles has grown faster than effective means to secure it.”

 

The post Car hacking – are one-third of thefts ‘electronic hacks’? appeared first on We Live Security.