The buzz around The Internet of Things (IoT) is growing, and it is growing at a great pace.
Every day the technology industry tries to connect another household object to the Internet. One such internet-connected household device is a Smart Doorbell.
Gone are the days when we have regular doorbells and need to open the door every time the doorbell rings to see who is around.
<!– adsense
Here are six things to think about for this year, with business security strategy top of mind…
1. Artificial Intelligence keeping us safe online
Artificial intelligence and machine learning isn’t just about robot dogs and self-driving cars. The latest AVG Business anti-malware products contain a number of sophisticated neural learning and cloud-data collection techniques designed to catch malware earlier and more often. Expect to hear more through 2016 about how artificial intelligence will help transform security solutions to help keep malware at bay.
2. Certificate Authorities: beginning of the end
SSL continued to be a big talking point in 2015 with further vulnerabilities being disclosed. This year the debate will continue around certification, development of new open standards and easier choices for website owners. Every news story about certificate mismanagement, security mishaps, and data breaches puts Certificate Authorities under increasing scrutiny. For many small businesses, the website owners paying a Certificate Authority and submitting themselves to what can sometimes be an arduous verification and checking process, is cumbersome and unnecessary.
This is where technical alternatives like Let’s Encrypt (currently in beta) are bound to flourish.
Additionally, Google’s Certificate Transparency project will continue to identify rogue SSL Certificates through detections built into modern day web browsers, as Google continues to hold Certificate Authorities to account – helping keep us all safer.Lastly, with the promise of other solutions such as the Internet Society’s proposed DANE protocol, offering the ability for any website owner to validate their own SSL certificate and therefore bypass a Certificate Authority altogether, 2016 will be an interesting year to watch!
3. Malvertising, Ad Networks: shape up, or ship out
Malvertising is what happens when malware is served up to innocent web site visitors; it’s happening all too frequently and is caused by questionable third party relationships and the poor security of some online advertising networks. At the root of this problem is the “attack surface” of ever-growing, ever-complex advertising and tracking “scripts” provided by ad networks and included by publishers (often blindly) on their websites. The scripts are slowing the browsing experience and anyone who has installed an ad blocker recently will tell you they can’t believe how fast their favourite websites are now loading. Research conducted by The New York Times showed that for many popular mobile news websites, more than half of the bandwidth used comes from serving up ads. That’s more data from loading the ads, scripts and tracking codes, than the content you can see and read on the page!
Whatever the solution, one thing is for certain, Ad Networks need to shape up and address their security, otherwise 2016 may well be remembered as the year of Malvertising.
4. Augmenting passwords with extra security steps in 2016
The need for strong passwords isn’t going anywhere in 2016. There were reminders in 2015 that even having the world’s longest smartphone passcode doesn’t mean someone can’t figure it out.
This year, there will be growing use of extra steps to make accessing data safer. In 2015, Yahoo announced a security solution using mobile devices rather than a password for access, and we even saw Google include Smart Lock features that can use the presence of other nearby devices to unlock your smartphone. Two-factor authentication – using two steps and ‘something you have and something you know’ to verify someone’s identity – will continue to be popular for use by many cloud-based providers looking to avoid data breaches.
5. The Internet of Things needs security by design
Every device seems to be getting smart – in the home and in the office. You’re likely going to be using your smartphone as a “lifestyle remote” to control a growing array of devices. Being able to set the office temperature remotely, or turn on the kettle in the communal kitchen without leaving your desk may sound helpful, but the devices have the potential to give up WiFi keys. Every unprotected device that is connected to a network is open to hacking. Cyber criminals are probing hardware, scanning the airwaves, and harvesting passwords and other personal identity data from wherever they can. So the advice is simple: every connected innovation needs to be included in your business-wide security.
6. Update and upgrade or face the financial and legal consequences?
Upgrading and updating all your software, devices, gadgets and equipment remains a vital business issue. The Internet of Things is raising new questions about who is responsible for what in a legal sense. Who owns data? What happens when machines take “autonomous” decisions? Who is liable if something goes wrong? To take one extreme example, a police officer pulled over one of Google’s driverless cars in November for causing a traffic jam on one Californian highway by driving too slowly. Again, the lesson is clear. The simple rule this year is to ensure that your business software and systems are always using the latest update. Your life may not depend on it, but your livelihood might.
So these are my six “thinking points” as we head into 2016.
Here at AVG, we look forward to helping you keep security front and center for your business this year. For more information on AVG Business security solutions that keep devices, data and people protected every day, across the globe, visit http://www.avg.com/internet-security-business.
It is a common problem: Home Wireless Router’s reach is terrible that the WiFi network even does not extend past the front door of the room.
My house also has all kinds of Wi-Fi dead zones, but can we fix it?
The answer is: YES. The problem will improve with a future, longer range version of Wi-Fi that uses low power consumption than current wireless technology and specifically targets
While the hype around the Internet of Things (IoT) is warranted in many respects, consumers are nevertheless cautious about adopting the technology, a new survey suggests.
The post Consumers ‘cautious about IoT device security’ appeared first on We Live Security.
We can use devices to monitor our health and fitness, our houses, our environment, and our factories and cities.
Using internet-connected devices expands our ability to control and monitor in the real world. The IoT is literally changing our lives.
The Internet of Things has the potential to fundamentally shift the way we interact with our surroundings. The ability to monitor and manage objects in the physical world electronically makes it possible to bring data-driven decision making to new realms of human activity – to optimize the performance of systems and processes, save time for people and businesses, and improve quality of life.” ~ McKinsey Global Institute study
The potential economic impact of the IoT is astounding – as much as $11.1 trillion per year by 2025 for IoT applications, projected by the same study.
But is there a downside?
In many people’s minds, surveillance, privacy issues, and data breaches seem to be someone else’s problem. “Should I be concerned about all of this?,” people who have “nothing to hide” think. Recently, we published how the Internet of Things can be hacked and what issues arise from the fact that we’re almost 100% online and connected.
Nowadays, all this technology passes through very well-known and yet problematic points: Our home network security. When our early version of Avast 2015 was released, we published many articles about Home Network Security. During the past year, we gathered lots of proof and conducted social experiments to show that…
To protect your security and privacy, you must assure that your network and communications are safe. Although this seems like rocket science, some basic – but effective – measures can and should be taken. It’s really not rocket science, so even us common folk can follow the steps below to make sure we’re prepared to a secure our IoT life.
Avast premium versions include all the protection you need including Home Network Security. You can download and test them for free from the Avast website.
Follow Avast on Facebook, Twitter, YouTube e Google+ where we keep you updated on cybersecurity news every day.
What’s the coolest part of the Iron Man movies?
The hyper-intelligent Artificial Intelligence that helps Tony Stark by doing data analysis, charging his armor, presenting information at crucial times and doing other business operations.
That’s right — we are talking about J.A.R.V.I.S., Iron Man’s personal assistant.
<!– adsense –>
We all dream of having one of its kinds, and
Back in the good ol’ days of the early 2000s until just a few years ago, all we had to be concerned about was security on our desktop computers and laptop. In the intervening years, mobile devices have become so ubiquitous that hackers have turned their sights on them, especially Android devices.
But starting in 2015, everyone began to realize just how close to home cybersecurity really is. Home networks are the new gateway, and 2016 will be the year that vulnerabilities in the Internet of Things (IoT) and wearable devices combined with weak home router security will lead to personal attacks.
Our internet-connected world will be increasingly difficult to secure
“The security situation with home routers is actually pretty bad,” Ondrej Vlcek, COO of Avast told Fast Company. “Most of the companies do a relatively good job of . . . patching the vulnerabilities, but the problem is that no one updates the firmware in the routers. The user doesn’t at all, and usually the ISP doesn’t either.” He added that we saw the most attacks on routers by far in 2015.
“Right now, attackers are targeting routers en masse,” said Pavel Sramek, an Avast Virus Lab research analyst. “It’s highly probable that they’ll expand their target list to network-attached storage and “smart” TVs as well, since the security aspect of these devices has been almost completely neglected by their manufacturers so far.”
“Many of the companies and engineers don’t really think about security,” says Vlcek. Data, for example, is often transmitted without any encryption, making it easy to steal or fiddle with.
Since this is the time of year to look forward, I asked several of our Avast Virus Lab research analysts about what to expect in 2016 for home networks, wearable devices, and all the gadgets that make up the Internet of Things.
2015 was the biggest year for router attacks
Is it easy for hackers to break into home networks and is there enough motivation at this time to go to the trouble?
As it stands now, home networks are still not the easiest way for cybercrooks to hack into people’s lives, our team of experts agreed. “Not the easiest way, but too easy to be comfortable with,” said Sramek.
“As more and more devices are becoming smarter and connected to the net, through the Internet of Things, cybercrooks will have more chances to get into the personal home network,” said Sramak’s colleague in the Virus Lab, Nikolaos Chrysaidos.
The motivation is already there too.
“For years, (PC) viruses were the ultimate goal for the bad guy. The goal was to get their hands on users’ data, like credit card information, or to create botnet networks to allow them to send out spam or to do DDoS (distributed denial of service) attacks,” said Vlcek. In a similar manner, cybercrooks have already started to turn internet-connected home devices into “zombies to collect data.”
“The amount of attacks will rise rapidly in 2016,” said Sramek. “Turning IoT devices into zombies is half of their plan. The other is hijacking the network connections of users with devices that are difficult to attack otherwise, like iPhones.”
How do regular people make their home gateways smarter and more secure?
“As a bare minimum, people need an automated vulnerability scanner on a PC in their network, like Avast’s Home Network Security, to check for the most common issues leading to cyberattacks,” said Sramek.
Since we’re still in early days, can threats for IoT devices be eliminated before it gets out of control?
Just like with PC and mobile security, home users can prevent many attacks by applying safe practices and using existing solutions like Avast’s Home Network Security to understand what the vulnerabilities are.
Jaromir Horejsi adds that in addition to educating users about badly configured and insecure home IoT devices, we could use “more secure web browsers, because Firefox, Chrome, and IE are so easy to hack.” He predicts that cybercrooks will create DDoS malware to infect various IoT devices with weak passwords and it will take a combination of home user’s knowing what they’re up against along with manufacturers and ISPs taking more responsibility for safety to overcome the looming threat.
Do you expect to see an increase in attacks through wearable devices?
“In 2015, we have seen many vulnerabilities in wearables. Those vulnerabilities could be used by attackers to extract stored data and use them in personalized social engineering attacks,” said Chrysaidos.
“Today we are seeing a big shift toward social engineering attacks which are ingenious and sophisticated,” said Vlcek. Social engineering uses techniques to trick people into installing malware or adjusting settings that they don’t fully understand.
The biggest target for 2016 is mobile
Phones and tablets are the data collection points for most wearables and Internet of Things devices, so they are targeted for the data they store or the data that passes through them. Mobile devices – smartphones and tablets – are where people are now, and the bad guys know this.
“Bad guys today realize that most people are moving their computing to mobile,” said Vlcek. “They are catching up by coming up with new techniques that gets the job done even without malware.”
“Phones store a lot of personal information nowadays that can be monetized in underground forums. As valuable data exist in our devices those can be treats, and targets, for the cybercrooks,” said Chrysaidos.
Visit our blog tomorrow to read about the upcoming mobile threats for 2016.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
Over the last few years, technology’s merger with the auto industry has materialized in the form of advanced digital dashboards and mobile OS integration. While adoption has been slow, car manufacturers have been attempting to fill dashboards with Silicon Valley-grade technology, including Apple’s CarPlay and Google’s Android Auto.
Defying the status quo, Tesla has continuously outperformed traditional automakers since its inception. The fully electric sedan comes standard with a gigantic screen on the car’s console, resembling the cockpit of commercial airliners. Additionally, and perhaps most similar to the mobile OS’s consumers have grown accustomed to, the Tesla performs over-the-air software updates. Most recently, Tesla rolled out (and rescinded parts of) its ‘Autopilot’ feature in Model S sedans. The feature allows drivers to sit back and watch as the car drives itself using various sensor and GPS technologies.
Tesla isn’t the only company integrating this technology, among others, into their cars. Even before they released the ‘Autopilot’ feature, Google unleashed a squadron of driverless cars that can be seen testing their abilities (and getting pulled over for going too slow) around Silicon Valley. Apple has owned technology headlines for months as rumors of car development continue to surface for the first time since Walter Isaacson’s biography on late CEO Steve Jobs hit the shelves back in 2011. But it’s not only Silicon Valley giants like Tesla, Apple and Google that are developing technology and cars for the driverless era as automakers like Volvo and Ford have also thrown their names into the ring.
Other IoT features continue to make their way into consumers’ driveways. Many cars in the new Chevrolet lineup offer 4G connectivity on the road. Third-party dashboard accessory makers like Pioneer, Kenwood, and Alpine are developing add-ons for older cars wishing they had access to Apple’s Carplay and Google’s Android Auto. And several automotive giants are capitalizing on new device categories like smartwatches to provide a more simple and technological experience for their car-owners.
With the addition of connectivity in cars, drivers and passengers alike need to think about their physical safety and digital safety. As we’ve seen in the news recently, namely in a July Wired article, certain cars can be hacked and completely controlled remotely. Scary, yes, but that covers just the surface of security threats. Like every other IoT device, the data a connected car will produce is vulnerable to cybercrime. Picture driving down Main St. and passing your favorite pizza shop on your way to work in the morning, the same route you take every day. It’s Thursday, which means Pizza Night for the family. As you drive by, a coupon for two free extra toppings and a 2-litre soda bottle with any large pizza order appears on your dashboard or windshield, valid only tonight. Seemingly magically, based on past patterns, your IoT car knew to offer you a coupon for this pizza parlor on the night you’d need it.
A connected car has the potential to be your smartphone’s biggest and greatest accessory, but it also inherently comes with major security vulnerabilities, like the rest of the IoT, that need to be addressed. Currently, traditional car companies are researching and developing their own self-driving/connected cars. Technology companies like Apple and Google, along with other rumored giants, are following suit. But a recent poll out of WEF and Boston Consulting Group, showed that 69 percent of consumers (6,000 polled from 10 different countries) want automakers and tech giants to work together to create the next big thing in automobiles. As awareness of the IoT, its vulnerabilities and connected cars grows, I see this number rising. What’s important is that the integration of security also grows, so we can help usher in the future we all want, as safe as it can be.
The current hype, this Christmas and beyond, is the connected toy. Not sure what that means? Well, here are seven things you need to know about this increasingly popular plaything.
The post 5 things you need to know about connected toys appeared first on We Live Security.
Meet an all-new Hacker’s Search Engine similar to Shodan – Censys.
At the end of last month, security researchers from SEC Consult found that the lazy manufacturers of home routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking.
But how did the researchers get this
