Anything connected to the Internet could be hacked and so is the Internet of Things (IoTs).
The market fragmentation of IoTs or Internet-connected devices is a security nightmare, due to poor security measures implemented by their vendors.
Now, the researchers at security firm ESET have discovered a piece of Malware that is targeting embedded devices such as routers, and other
Do you know that your daily household items can be turned into deadly weapons?
Yes, it’s possible to convert some of your everyday household appliances into explosives, weapons or surveillance devices.
DARPA – the agency which does research in various fields for improving the US Military and US Department of Defense capabilities – had announced a new project dubbed “Improv” to transform
More than a Billion of Android devices are at risk of a severe vulnerability in Qualcomm Snapdragon chip that could be exploited by any malicious application to gain root access on the device.
Security experts at Trend Micro are warning Android users of some severe programming blunders in Qualcomm’s kernel-level Snapdragon code that if exploited, can be used by attackers for gaining root
Mobile World Congress is the largest gathering of the mobile industry and takes place at the end of February every year. According to the latest attendance numbers, it was bigger and more attended than any previous congress. Every possible brand associated with smartphones you can think of was there and even some of the brands you may not know but they provide the stuff to make it all work behind the scenes.
There is a dramatic change afoot in this industry and it’s clear to see at MWC. The focus of this year’s show is very much about the Internet of Things (IoT). Most of us consider this to mean fitness trackers, a few connected fridges, and maybe for the select few, a car.
IoT is going to affect all of us in ways that we can’t yet imagine — everything will be connected and adding data to a world that will operate based on the analysis of everything around us. This may sound like a science-fiction movie, it’s not. There’s technology on its way that really does mean that there are very few things that won’t be connected.
There is a device for tracking everything from fitness to air quality. While they’re exciting toys and gadgets for us to own and play with, the bigger story is how these stepping stones are being placed for a far more connected world. We continually hear about self-driving cars and other cool innovations, but for many of us these are still news stories rather than reality. One such company is Seat’s connected car tech that allows drivers to check the availability of parking spaces, access breakdown services and connect to household appliances.
Do you ever leave home in the morning having missed a tooth when brushing? With Oral-B’s smart toothbrush it will be a thing of the past! A smartphone app connects to the toothbrush and detects which teeth are still dirty.
Visa announced their new payment system, the Visa Ready program, which will allow transactions to be made from any suitable connected device. For anyone traveling through London recently, they may have seen people waving their phones on the tube payment terminals to pay for their trip. With the new service from Visa, this facility will be extended to other devices and use tokens rather than card details. This means that personal data is never transmitted in a similar way that Apple Pay and Android Pay work and should be considered a security enhancement over the current process.
Honda has already signed up to the program to use an in-car fuel app that will be integrated into their vehicles dashboards. Once the car is running low on fuel the driver will be automatically be directed to the nearest gas station. The app will know the exact amount of fuel needed and pay for the fuel and calculate the cost. Of course, this does mean the pump needs to accept wireless payments and you will still need to get out and actually put the fuel hose into the car.
A technology that has been heard about for years is about to become both affordable and usable, and will soon establish itself as a normal part of our lives. I was lucky enough to get a full hands-on demo of Intel’s RealSense™ virtual reality technology that is being made available to developers in the next few months.
Put the headset on and be immersed in a virtual world where you can actually interact using your hands. Yes, they actually appear in the virtual world allowing you to move objects and to be part of what you are seeing. Or allow the headset to map, in real-time, the environment you are in and to add things to it — you can mix our physical world with a virtual one. For example using the demo headset I scanned a table and then a cat jumped up onto it. I moved away and the cat jumped off the table. The possibilities for this technology in our normal lives, especially if you are a gamer, are really exciting and I can’t wait to see them realized.
There is a common concern with all the new IoT devices and cool services that they deliver, that is one of security. With every connected device a new opportunity is created for hackers to attempt to breach the device and access your personal data. While many device manufacturers may create their products using a ‘secure by design’ approach, this may not be the case with the small innovative companies that have the hottest technology.
The concern should not stop with hackers. Devices are collecting data that we may not realize. This raises questions about who has access to our data and what is it being used for — did you read the privacy policy of every connected device you already own, and will you read the privacy policy of all the new ones? Unfortunately, the answer is most likely no. Besides presenting us with new and impressive connected devices, Mobile World Congress has also highlighted the need for us to be aware of the “what” and “who” is holding our data and for what intent.
While celebrating its computer’s fourth birthday, the Raspberry Pi Foundation has launched a brand new Raspberry Pi today.
Great news for all Micro-computing fans – A new, powerful Raspberry Pi 3 Model B in town.
Months after introducing just $5 Raspberry Pi Zero, Raspberry Pi Foundation has introduced its third major version of the Raspberry Pi, the successor of the Raspberry Pi 2
Here at AVG we have an innovation team (AVG Innovation Labs) that looks at future security risks and how technology can be deployed to manage it.
And when it comes to new IoT devices, special consideration is needed to ensure data is kept personal and private. AVG Innovation Labs undertakes research to allow us to understand how best to provide these services going forward.
The AVG team have been innovating their own IoT devices and applications to get a first-hand experience of the challenges that vendors go through when creating a device for the home.
One of those projects has been looking at air quality and how it can be an issue for many people, whether they suffer from allergies or maybe asthma. Breathing clean and acceptable air can improve our day to day experience, and by extension our personal security.
The device starts with measuring the Air Quality Index (AQI) which provides an overall rating of air quality. This is obtained by analyzing multiple sensor readings such as relative humidity, temperature, carbon monoxide, ammonia, and many more.
In conjunction with our vision of the future for AVG Zen and Family Graph, we’re demonstrating the importance of location as an impact on the safety of everyday family life.
Now imagine a scenario where we combine some of that future AVG Zen functionality with Air Quality monitoring and other connected devices in the home.
Through location sharing our devices know if we are home, travelling, or even en route from work or school. As we start our travel toward home, our smart connected device that we all carry could automatically connect with the home network to inspect the status of air quality and temperature remotely.
With that information at hand, and making decisions based on our preferences, the technology could automatically open vents or start de-humidification or air-conditioning units to change the air quality, or switch on the heating so that we have a warm house to welcome us home.
The potential for technology to improve our everyday lives and ensure that our environment is the best it could be is remarkable. There is also the life-saving benefit of avoiding toxic conditions caused when a gas powered heating system malfunctions, for example.
When IoT devices bring real value such as this, it’s important that they are not interfered with by hackers, and that the data analyzed remains private and secure. Imagine getting home to find the air quality has been made worse not better, or that the house is too cold or even too hot and you have a large energy bill coming your way.
Through innovation like this, AVG is able to understand the complex challenges of securing devices and services that will one day provide us all with truly connected homes and lives.
The 21st century is witnessing a great change over in the daily life of folks with the advent of IoT devices that are capable of talking to each other without any human intervention.
Yeah! Now you do not have to individually cascade an instruction to each of your home devices to accomplish a task. All have gone automated with the actuators and sensors which are infused into the home
If you are using a SimpliSafe wireless home alarm system to improve your home security smartly, just throw it up and buy a new one. It is useless.
“Unfortunately, there’s no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening,” Zonenberg explains.
“Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol,” Zonenberg adds. But, “this isn’t an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable.”
Virus Lab analysts can see real-time threats on the monitoring wall
“Computer security has been around for 25 or 30 years and the threats keep evolving,” Avast CEO Vince Steckler in a video interview with ValueTech.
The solutions keep evolving too. “If you go back 20 years ago, the big issue was script kiddies and big public splashes of viruses that frankly didn’t cause any harm. These days, things are much more complicated. You don’t have big flaws, big loopholes for bad guys to take advantage of. What this turned into is a cat and mouse game.”
Avast CEO Vince Steckler
To combat today’s cybercrooks, Avast Virus Lab analysts must study what the bad guys have done previously.
“You start trying to predict what the bad guys might be trying to take advantage of in the future and closing off those holes. At the same time, those guys are finding other little ways in and you have to catch up with them,” said Steckler.
Antivirus companies have done an excellent job at protecting the consumer and small business “endpoint” – such a good job that it’s actually very difficult to break into the endpoint itself. This forces cybercrooks to look for other entry points.
Avast experts agree that the likely path cybercrooks take is through the home router.
Consumer routers tend to be acquired based on price and they have a lot of flaws. Steckler estimates that, “We can break into probably about 70% of home routers in the world.”
The reason home routers are so vulnerable, he says, is that, “They are very poorly protected and the username-password on them is something that’s easy to crack. It’s not that difficult for someone to break in remotely over the Internet via the username and password or in a drive-by, in which case it’s even easier.” Most routers also have unpatched software leaving them with a number of vulnerabilities.
Recently the hacktivist group, Anonymous, launched a DDoS attack using compromised home routers so Steckler thinks that the frequency of those types of attacks will increase.
“The Internet of Things and 4.0 get a lot of press because they have nice catchy buzz words,” said Steckler. People have connected refrigerators, connected thermostats, door locks, security cameras, and baby cameras, but, “Right now a lot of internet-connected refrigerators don’t do anything. They are just a browsing tablet.”
“But when people start looking at what kind of protection is needed, you have to be thinking about what’s the risk. If my internet-connected refrigerator gets hacked, what happens? If my thermostat gets hacked, what happens?,” asked Steckler.
“The common thing with all of this is that none of these devices in the so-called Internet of Things really have any direct connection to the Internet. They are all connected, once again, through the home router,” said Steckler.
Since the home router is a vulnerable entry point that means that the risk for attack exists. “If you can harden your home router, that really goes a long way towards protecting the Internet of Things.”
“The Enterprise is a much different story, when you get into the BYOD (Bring Your Own Device). We all have mobile devices, and for many reasons it’s much more convenient to use one mobile device for both your personal and your business,” said Steckler. “Some businesses encourage it by providing a device, but the fact of the matter is most everyone is going to be using one mobile device for both.”
That co-existence of personal and business-related data on one device that the employee is responsible for causes a risk to the consumer and the business. To the business it means that their data can be lost if access to the internal systems is compromised. If the employee loses the device, the typical company response will be to remotely wipe everything on it including all their personal stuff – then they suffer a big data loss.
“A solution is really to virtualize the entire corporate usage of it and run all the corporate usage on the corporate servers,” said Steckler. “That’s why we’ve brought out a new solution this year that does exactly that.”
Avast Virtual Mobile Platform (VMP) addresses these security risks, helping IT organizations liberate their businesses from leaks of confidential data and minimize mobile device costs.
Watch the entire interview including Mr. Steckler’s opinion about when Artificial Intelligence will become a threat to humanity and why Avast built a Silicon Valley-style building for its headquarters.
What behavior could a smart appliance reveal about you?
Over the past year, we have seen a list of notable mobile threats that put people’s privacy at risk. Previously unseen vulnerabilities surfaced, such as Certifi-gate and Stagefright, both of which can be exploited to spy on users. Certifi-gate put approximately 50 percent of Android users at risk, and Stagefright made nearly 1 billion Android devices vulnerable to spyware. In 2015, for the first time, cybercriminals were able to attack users on a vast level.
Another mobile threat on the rise in 2015 was mobile ransomware, using asymmetric cryptography, making it nearly impossible to recover the encrypted data on a smartphone. The most common mobile threats in 2015 were adware — often apps disguised as fun gaming apps that provide little value and spam users with ads. We believe that 2016 will be the year in which we see threats moving from smartphones to smart homes — and beyond.
Total number of attacks on Android devices that Avast has detected in 2015
In 2015, society has gotten a taste of what the future might look like with the rise of Internet-connected devices. While we’ve now become accustomed to our smartphones, the possibilities for both users and hackers are growing exponentially when it comes to gadgets and systems that comprise the budding Internet of Things (IoT).
We often forget about many of the devices that, in reality, fit into the “smart” category. Smart devices and gadgets can include anything from thermostats to microwaves, smart locks to smoke detectors to children’s toys. Since we make use of these gadgets in our daily tasks and endeavors, an attack on their security could result in dire threats to our privacy and security.
Smart devices, such as household appliances, cars and wearables are basically our life companions. Unlike a smartphone, which holds information about our communications, contacts, photos and videos, smart devices reveal more specific information about our behavior, such as our driving, fitness, and cooking habits, or our children’s learning behavior.
This provides optimal opportunities for hackers to target personal data, including information collected by wearable, Internet-connected devices. What’s more, this data can be used by governments for law enforcement purposes and for businesses, like insurance companies, to restrict payments or medical procedures from people who may have previously made unwise financial or health-related decisions. This year, we could see the first country enact a law that would give certain industries authorization to exploit consumer data through information collected by smart devices.
We already know how dangerous ransomware can be — this aggressive malware family locks individuals out of their devices and renders them useless, leaving users with little choice other than to pay a specified amount of money demanded by hackers in order to regain access to their device. On a smartphone, a factory reset helps to remove the ransomware, and if the user has conducted a backup, the harm is minor. However, if and when ransomware makes its way into the IoT sphere, we must be prepared in order to prevent our own devices from being manipulated and turning against us.
But 2016 could be the year when we witness our first serious car hack. This year, Land Rover has recalled 65,000 cars from the market because of a software bug that could lead to car theft. Taking this point a step further, imagine if your car’s software actually locked you out of your primary mode of transportation. What lengths would you go to if your personal security system locked you out of your own home? There’s a good chance that these issues will need to be dealt with as we move into the heyday of IoT.
Now, people should think twice before buying their children the newest trinket that they see in the window — while seemingly harmless, children’s toys can be wolves in sheep’s clothing when it comes to security. This can be seen in the recent VTech scandal, around the toy manufacturer of network-enabled learning toys that stored email addresses, physical addresses, passwords, as well as names and birth dates of more than 6 million children without proper protection measures. Another example is the Internet-connected Hello Barbie doll that was vulnerable to hackers who could spy on children talking to their dolls.
These two examples could be the start of an uprising in hacks in 2016 that jeopardize kids’ privacy. No longer are parents the only ones taking photos of their children — with smart kids’ devices storing photo and video footage, leaked files could easily make their way into the wrong hands. These files are then sent to servers, and often, it remains unclear what happens to these files, how they are secured and whether or not they are shared with third parties.
Children’s toys even have the ability to potentially affect a child’s success later in life — if schools choose to examine data supplied and exploited by Internet-connected educational toys, admittance processes could change, resulting in children’s lives being directly affected.
When it comes to dealing with security threats in 2016, the rule of thumb is this: Consumers should always stay one large step ahead of their smart devices. As these gadgets continue to obtain more capabilities and gather more of our information, it’s important that we retain our common sense when managing our security and personal privacy. Making use of security solutions on both computers and mobile devices is a reliable way to ensure that consumers remain in control of what belongs to them. While staying protected, we can confidently look forward to what’s in store as the new year continues to unfold.
