Tag Archives: IoT

A cat and mouse game: catch the bad guy if you can

A cat and mouse game with the government: catch the bad guy if you can, Regierung

In today’s connected world, governmental agencies spend tax money investigating new ways to breach software created to protect people, cyber-threats are getting more and more complex due to the diversity of devices, and users are less and less interested in protecting their privacy. Who’s the bad guy in this story and how can security vendors […]

The post A cat and mouse game: catch the bad guy if you can appeared first on Avira Blog.

Mobile World Congress 2017: Are Future Technologies Safe?

“Technology is very hard to predict.”

So said Reed Hastings, Netflix CEO, during his keynote at this year’s Mobile World Congress when asked what his forecast was for future technologies over the next five to twenty years.

This year’s Mobile World Congress (MWC) was full of tech that gets us excited about the future though. From 5G, which could be up to a thousand times faster than 4G, to new real-world VR applications, the event over the years has become so much more than just a showcase for mobile devices.

We were able to check it out, and have put together a list of some of the technologies that got us most excited, and that we feel will form a big part of our future lives.

As Hervé Lambert, Global Consumer Operations Manager at Panda Security, was quick to point out though, there is a flipside. As he put it, as these new technologies advance, cyber criminals “will become more specialized with each type of attack and will go deeper into the system.” For every new exciting piece of tech, there is of course, the question of cyber security.

How will this tech shape our future and will it be one where we can feel safe in the physical and digital world?

Robots / AI

Driving home the MWC’s futurist appeal, as well as the fact that the event is more than a simple mobile device exhibition, was the amount of robots on display this year. PaPeRo, the human companion robot was demoed by various companies. Its impressive face recognition capabilities can be utilized for public safety, even being able to track lost children in shopping malls.

At the Ubuntu stall, meanwhile, REEM and REEM-C were both on display. REEM-C, which was designed by Barcelona-based PAL Robotics, is a flexible full-size humanoid biped robot that is used for different types of research, including AI.

Being connected to the Internet of Things (IoT) obviously poses potential risks.

REEM-C, for example, weighs 80 kg. In a future where robots are more widely available, a malicious attacker could cause real damage by taking control of such a heavy piece of machinery.

AI and big data analysis is actually being used today to make people safer though. During a keynote speech at the MWC, Takashi Niino, CEO and president of the NEC Corporation, described how real-time analysis with face recognition technology is being used in Tigre, Argentina to reduce crime. The highly accurate face recognition technology can be used to identify criminals, and even to detect suspicious behavior. Since the “urban surveillance system” was implemented, vehicle theft has gone down by 80 per cent in Tigre.

“AI will soon become a reality of most people’s daily lives”

As always, there’s another side to the coin though. Whilst high-speed data analysis allows law enforcement to act more efficiently, it also does the same for cybercriminals. “Cyber crime is increasingly becoming automated and the number of incidents are escalating exponentially”, said Hervé Lambert. “AI will soon become a reality of most people’s daily lives, so it is very important that its development is overseen responsibly by engineers that are specialized in intelligent security.

Virtual Reality (VR) / Augmented Reality (AR)

Virtual reality has been touted for a while as the next big thing in entertainment. We’ll be able to fully immerse ourselves in distant locations and invented realities. Arguably, its close relative, augmented reality (AR), is where the most life-changing innovation is going to take place though.

Several new VR/AR applications were on show at the MWC. Relúmĭno –which was on show at Samsung’s C-Lab VR projects stall– demonstrated an impressive practical application for VR. The Relúmĭno app, designed for Samsung’s Gear VR headset, acts as a smart visual aid for visually impaired people by remapping blindspots. The effect, when using the headset, can be described as seeing the world as a cartoon with edges and surfaces in your surroundings rendered as sharp black lines.

Other separate standalone projects, like Inflight VR, aim to enhance our inflight experience with VR entertainment. Flight notifications will appear at the bottom of the screen as you navigate the hand-tracking controlled system. LiveRoom, on the other hand, will allow people a more immersive retail experience with its AR capabilities, and can also be used to enhance the classroom experience.

What dangers do we face when it comes to VR/AR though?

VR and AR can be compared to social media, but on a whole other level. This means that when it comes to online privacy, the stakes will be much higher. An unfortunate example has already been seen of this in real life. Users have reported sexual harassment on VR, with inappropriate gestures by some gamers towards other players. Much like with social media, some users sadly see the anonymity afforded by their digital avatars as allowing them to act inappropriately in the digital world.

This type of problem could reverberate beyond just VR gaming though. It’s very likely that our digital avatars will become an even more important part of our lives in VR than they are now in the likes of Twitter and Facebook. If hackers can carry out ransomware attacks after retrieving information on social media, it’s possible that this type of attack will be an even bigger danger with VR in the future.

Connected and Autonomous Cars

One of the visions of the future presented at the MWC was one of people sitting back on their commute to work, in their driverless cars, as the vehicle safely takes control of everything.

Whilst this future may still be in the distance, some cars on display at the MWC are certainly taking us in that direction. Roborace showed off its “robocar” at the even, whilst Peugeot revealed its Instinct concept car, a futuristic and stylish vehicle that wouldn’t look out of place in a sci-fi movie. One of the Instinct’s capabilities is that it can change the ambience inside the vehicle, depending on the passenger’s mood. Stressed out after work? It’ll put you into a relaxed seating position and change the lighting to ‘ambient’.

As the car will connect to the IoT using Samsung’s Artik cloud platform, it will be able to seamlessly integrate your vehicle’s operating system with other devices. This could make your car remind you that a drive to the supermarket is in order, for example. Haven’t been keeping up with your fitness regime? Your car could encourage you to stop and jog the rest of your journey.

Potential risks

Of course there are potential risks when it comes to this technology. Though the technology doesn’t exist yet, there were many 5G demonstrations at the MWC. Most of these focused on reduced latency speeds, meaning that we’ll have a future where almost anything can be controlled in real-time. Could hackers take control of a vehicle that’s connected to the IoT and take it off course without the passenger realizing? It’s a scary prospect.

“Online security’s Achilles’ heel is the Internet of Things”

According to Panda Security’s Hervé Lambert, “online security’s Achilles’ heel is the Internet of Things”. It’s important for cyber security experts to keep up with tech innovations, as there’s no doubt that cyber criminals will too.

Lambert says that hackers aren’t the only worry though. It’s a possibility that in the future, “insurance companies could exploit driving data. This could include data about the way people drive and it could be used to increase insurance prices based on new criteria.” Insurers could have access to a huge amount of data, including where people drive and where they park.

Third-party data gathering could be taken to a whole new level. The IoT will massively benefit our lives, but sadly, it could also open a door to hackers and companies that are looking to financially exploit its users.

Honorable Mentions

“Smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.”

There was so much tech on show at this month’s Mobile World Congress that will undoubtedly shape our futures and improve our lives in many ways.

Just as autonomous cars look to be brining sci-fi predictions to real life, IIT’s grapheme electrode prosthetic is set to change people’s lives in a way that was previously only imaginable on the big screen. Think Luke Skywalker’s robot hand in The Empire Strikes Back. Graphene, a material that is invisible to the naked eye, will allow electrodes to be embedded comfortably into a robot-like prosthetic hand; a big advance in prostheses.

Drones were also a big draw at the MWC. Though they can be used for games as well as to record things from a distance, their most prominently discussed capacity at the MWC was for use in security systems. Whilst the flying machines will allow efficient surveillance, we also face the Orwellian prospect of drone surveillance as a means for law enforcement. Will they keep us safe or be used to control us? Only time will tell.

When pushed to give an answer for his forecast of the future, Reed Hastings said, “[at Netflix] we’re not sure if we’ll be entertaining you or AI.” While such advances in artificial intelligence are still a long way away, the Mobile World Congress has shown this year that technology will increasingly become a seamlessly integrated part of our very existence. Though future predictions are largely positive when it comes to new technologies, there’s a negative side that also merits attention.

As Hervé Lambert puts it, “smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.

Cyber security is undeniably a big part of the puzzle when it comes to a future of safe, smart, integrated cities.

The post Mobile World Congress 2017: Are Future Technologies Safe? appeared first on Panda Security Mediacenter.

Over a Hundred Thousand Printers Simultaneously Ghost Printed Goofy ASCII Art

http://www.pandasecurity.com/mediacenter/src/uploads/2017/03/IMG-MC-bromaimpresoras-300×225.jpg

 

Printers are everywhere, but they’re not exactly the sort of device that we pay especial attention to when it comes to our businesses IT security infrastructure. In reality, corporate networks of printers that are not properly protected could end up being one of the company’s biggest security gaps.

A spectacular example of this can be found in an apparently mysterious event that recently affected more than 160,000 printers all over the world. Without warning, every one of them printed the same document, which warned that the printer in question would now be part of a bot network. In short, the printer had been infected and now seemed to respond only to orders coming from its new cybercriminal master.

A Warning in the Form of a Joke

As it turns out, behind this singular attack was Stackoverflowin, an enigmatic hacker who explained that the whole thing was a joke intended to raise awareness of printers’ vulnerabilities. “It was kind of on impulse,” he acknowledged. As he explained, he was looking to raise awareness of how dangerous it is to expose connected printers to the public internet without a firewall or other tools.

In order for the humor of this singular attack to be noticed, the hacker’s warning came with a fun robot drawn with ASCII art. But jokes aside, the situation really is quite serious: printers of every kind and from all over the world have fallen into Stackoverflowin’s trap.

To achieve this, the hacker developed a script able to track printers connected to the Internet with one of its ports open. Using the open port, he was able to order the device to print the enigmatic document.

However, it is actually quite simple to heed Stackoverflowin’s warning and fix the problem. Just make sure that the ports on the printer network have a secure password and that all devices on your corporate network are covered by the right protection to avoid cyberattacks that, next time, may not be so friendly.

In case this wasn’t enough, a group of German researchers has published a study that shows that numerous printer security flaws can be exploited to access the memory of these devices and steal data such as passwords or even confidential documents. So check your printers! This is an issue that we collectively need to take more seriously, and these potentially vulnerabilities are worth looking into.

The post Over a Hundred Thousand Printers Simultaneously Ghost Printed Goofy ASCII Art appeared first on Panda Security Mediacenter.

Exploring the boundaries of routers – securing the connected home

At Avast Labs, we started to look at the home router, since our homes today have more Internet of Things (IoT) devices running on our network than we may realize.

 

We believe routers can and should be at the heart of the connected home yet we know that they are subject to vulnerabilities.

Routers are often overlooked devices, capable of more than we might realize – more than just connecting our homes and devices to the Internet. However, as they are the central connected point, they are susceptible to the same attacks as any IoT device. Using the Avast Wi-Fi Inspector product, we performed 132 million unique scans last month of our global Avast users base to check the security status of their connected products and found:

  • 22% of Avast users have some sort of router software vulnerability (Rom-0, CWE-79, etc.)
  • 73% of Avast users have either router software vulnerability or weak/default password or open network

The concept of what we call ‘Chime’ started from the idea that a router could add an extra layer of security to your smart home and also act as connecting hub between your smart home devices.  Chime is a platform that sits on top of the router and makes it smart so that it can protect itself and all devices connected to it.

We already have a partner in the US using it with their router. Amped Wireless’ new ALLY Smart Wi-Fi System, which recently won a CES Innovation Award, offers users an extra, to offer an extra layer of security to their IoT devices, parental controls and content filters to all their customers through an easy to use mobile app.

Chime can also do more. In our prototype demo shown here at Mobile World Congress 2017, we are exploring how we can make the router also act as a smart home hub, facilitating the interaction between the smart devices in your home. Our scenario is where a Chime-enabled router acts as a liaison between an IP camera and your smart TV.

Here’s how this works. Imagine you are at home sitting and watching TV when someone comes at your front door. Then the motion enabled camera (which might also be a smart doorbell) will start streaming the video of your visitor to your Chime router. The router will take this video and will show it as overlay on top of whatever you are watching on the TV, enabling two previously separate devices to communicate and making it simple for you to control both from a single screen.

This short demo is just a hint of what a Chime enabled router will be able to do for the IoT home of the future. By enabling your smart home devices to communicate with each other, the router will allow you to create any customized scenario you might think of, limited only by the devices you own.

For more information, please visit: http://www.chimewifi.com/

Smart Meters Can be a Threat to Homes and Offices

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/light-100×100.jpg

For some time now, a large majority of buildings have made use of smart meters to record their electrical consumption. Besides the potential impact on the electric bill, which some consumer groups have already denounced, the widespread adoption of this apparatus carries along with it some lesser known security risks.

As researcher Netanel Rubin explained during the last edition of the Chaos Communications Congress held in Hamburg, Germany, these meters pose a risk on several fronts. First, these devices record all household and office consumption data and send it to the power company. An attacker with access to the device could see its data and use it for malicious purposes.

For example, a thief could find out whether a house or office is empty in order to burgle it. And since all electronic devices leave a unique footprint on the power grid, such a thief could even analyze variables to find out what valuable devices they could potentially have at their fingertips upon entry.

A thief could find out whether a house is empty or not, and what valuable objects it contains

 

In a few years, when smart homes become more widely popular, the scenario could end up being even more serious. The attacker could actually enter the home or office without having to force the lock. If there is a smart lock installed, all they would need is access to the system to enter the house.

As serious as this is, smart meters are open to even more grievous lines of attack. As Rubin explained, meters are at a critical point in the power grid because of the large amount of voltage they receive and distribute. An incorrect line of code could cause serious damage. For example, an attacker who took control of the device could “cause it to literally explode” and start a fire, according to the researcher.

This is all pretty alarming.  But the biggest weakness of smart meters is in the way they communicate with each other and with power companies. Normally they do it through the GSM protocol, the standard of 2G communications for mobile networks. The insecurity of this protocol has been well demonstrated.

According to Rubin, some companies are not using any sort of encryption in such communications. Among those that do, weak algorithms or very simple passwords are sadly run-of-the-mill. You might just as well serve it up to attackers on a silver platter.

The fact of the matter is many of these devices are insecure by default. As Rubin points out, they do not have a CPU with enough power and memory to use strong encryption keys.

The post Smart Meters Can be a Threat to Homes and Offices appeared first on Panda Security Mediacenter.

Smart Cities and Open Data

With the constant advancement of technology, we are already witnessing the phenomenon of smarter cities.

According to Anthony Mullen, research director at Gartner, the next couple of years will be crucial for smart cities and open data as people will continue to “increasingly use personal technology and social networks to organize their lives, and governments and businesses are growing their investments in technology infrastructure and governance.” Even though the term ‘smart city’ means different things to different people, generally cities are considered ‘smart’ when its citizens are benefiting from open data sources converted into solutions that ease people’s lives. The solutions are developed by government and private companies.

How do smart cities work?

There are all sorts of reporting devices placed around every town, as well as IoT devices, which communicate with each other. The information is then converted into a solution such as the ones that ease traffic or control traffic lights. To some extent, smart cities also rely on people who voluntarily share their data. To experience the benefits of a smart city, you may need to have a subscription or rely on data democracy, i.e. sharing your data with third party grants you access to the solutions they are offering.

Smart city examples

Have you noticed all the people texting or looking at their phones on your last trip to Europe? Yes, people are surely checking their Facebook feeds but what they also do is informing themselves when the next bus or train is going to arrive. Buses and trains are now connected to make public transport more predictable and decrease traffic congestion. London’s TFL, in particular, encourages app developers to integrate the open data that TFL is sharing to help the city circulate better.

The situation is similar in New York – imagine how helpful it would be if we knew when and where there would be parking slots available. Smart city perks are saving time and money to millions of folks every day, and the trend will continue to grow. Research firm Gartner claims that by 2019, fifty percent of citizens in million-people cities will benefit from smart city programs by knowingly sharing their personal data.

How to stay safe in a smart city?

Regular cities are going ‘smart’ because governments are making an effort to make your life easier. It surely helps knowing when your bus is going to arrive, and how to get from point A to point B avoiding traffic saving yourself some time and money. However, all these connected devices and the mass sharing of both usable and unusable data could be dangerous. Hackers are getting creative, and the safety of millions of connected devices has been compromised already.

Panda Antivirus software protects you from sharing more than you have to. In a recent report by a tech giant Hitachi, a staggering 95% of respondents rated the role of technology in ensuring public safety as ‘important’ or ‘very important.’ A smart city wouldn’t be smart if it is not safe.
Panda Security offers various solutions that will help you stay protected and remain smart even when you are not in a smart city. The more protected you are, the better.

The post Smart Cities and Open Data appeared first on Panda Security Mediacenter.