Tag Archives: IoT

How’s Black Hat in 2015? It grows up (and leaves mom’s basement)

Blackhat grew! Not only did the hacker types leave their mom’s basement and get jobs, some even were forced to start explaining security to the CEO. A few succeeded in this new role, but enough to convince the execs that if something bad happens in IT, it happens to the execs shortly thereafter.

The post How’s Black Hat in 2015? It grows up (and leaves mom’s basement) appeared first on We Live Security.

Hello, Alexa. Amazon Makes Bold Move Into IoT

Amazon is among the technology companies trying to seize the IoT space, and voice activation technology is a key part of the puzzle – as is artificial intelligence.

With its newly enhanced product, Amazon Echo (with Alexa), the company may do the trick, based on rave reviews amidst its recent (July 14) roll-out, which included going beyond beta phase and adding services. The device is now available to anyone, not just Amazon Prime members, who were the first to give it a try.

Basically, Echo is designed around the user’s voice, and is a hands-free speaker system that connects you to the outside world. It gradually adapts to the user’s voice and inflection.

It has seven microphones and the device connects to Alexa, a cloud-based voice service, to provide information, answer questions, play music, read the news, check sports scores or the weather, and more. So think of it as a smartphone service without the smartphone and you begin to get the picture…

Echo plays music from Amazon Music, Prime Music, Pandora, iHeartRadio, TuneIn, and other systems. If you want to wake up in the morning to Eye of the Tiger, just say “Alexa” and ask.

But there is more. For example, it’s compatible with Philips Hue connected-devices so that you can control lights and switches with your voice. As industry analyst Tim Bajarin wrote in his review on PC Magazine: “You can expect Amazon to get light switches, door locks, appliances, and more connected to the Echo so it becomes the central control point for an eventual home information and automation system.

Amazon is throwing serious money behind its voice recognition plans in hopes to become a key player. It has put $100 million dollars into The Alexa Fund to “fuel voice technology innovation.” So, the race is on.

It’s fascinating to me how IoT, voice commands, technology, convenience, and modern ideas are all converging. It’s an exciting time to be in tech, to be sure.

Finally, on a side note: I find intriguing that Alexa is again molded in a woman’s voice, soothing like Siri. Is this because all the programmers (or marketers) are trying to reach the key decision makers in the smart home – or were so frightened by HAL in Stanley Kubrick’s Space Odyssey and his representation of an AI-based future? But I’ll save that as a topic for another day…

The Internet of Things (to be hacked)?

The Jetsons (via philosophymatters.org)

Soon, we’ll be living like The Jetsons (image via philosophymatters.org)

By the end of the decade, everyone on Earth will be connected.
–Eric Schmidt, Google chairman

As a rule of thumb, it’s good to keep in mind that anything and everything that can be connected to the Internet can be hacked. Poorly designed or implemented systems could expose serious vulnerabilities that attackers can exploit. Now, most of us are fairly familiar with certain gadgets that can be connected to the Internet, such as mobiles devices and/or laptops, smart watches, and cars, but what about the things that are still emerging within the Internet-connected world? Some of these new items include routers, sensors, and everyday gadgets such as alarm clocks, wearables, microwaves, and grills.

When dealing with the devices that we’ve come to know and love, such as our Android phones or iPads, we already encounter a multitude of shortcomings within privacy policies, unintentional data leakages, and the transmission of tracking and personal data in clear text. Taking this a step further, it’s both intriguing and frightening to think about the challenges we will face as the Internet of Things (IoT) becomes more and more of a reality. In a recent article published by the Guardian, author Marc Goodman paints an evocative picture of a world powered by the IoT:

Because your alarm clock is connected to the internet, it will be able to access and read your calendar. It will know where and when your first appointment of the day is and be able to cross-reference that information against the latest traffic conditions. Light traffic, you get to sleep an extra 10 minutes; heavy traffic, and you might find yourself waking up earlier than you had hoped.

When your alarm does go off, it will gently raise the lights in the house, perhaps turn up the heat or run your bath. The electronic pet door will open to let Fido into the backyard for his morning visit, and the coffeemaker will begin brewing your coffee. You won’t have to ask your kids if they’ve brushed their teeth; the chip in their toothbrush will send a message to your smartphone letting you know the task is done. As you walk out the door, you won’t have to worry about finding your keys; the beacon sensor on the key chain makes them locatable to within two inches. It will be as if the Jetsons era has finally arrived.

So how can we use these space-age technologies to our advantage? Although most software is still in the process of being optimized for wearables and other emerging smart gadgets, there are three main things to be on the lookout for as we move into the IoT’s heyday:

  • Issues on devices that could result in device loss, poorly programmed apps, or attacks driven by social engineering
  • Transmission issues caused by low-level encryption on Wi-Fi or Bluetooth that could result in traffic sniffing, man-in-the-middle and redirection attacks
  • Storage issues in the cloud that could directly result in data breaches

The sure-fire way to defend yourself against these vulnerabilities is to use a VPN when connecting to open, unsecured Wi-Fi networks. Avast SecureLine VPN is available for Windows, Android and iOS.

More cybersecurity predictions for 2015

Yesterday, we looked at two hot areas to be aware of regarding your online security: Data breaches and mobile security. Today, we’ll look at two more areas that haven’t caused as much trouble or damage as the other two, but are likely to grow in importance.

Internet of (Every)Thing at risk

Secure your privacy by using avast! SecureLine VPNThe “smart” home has been in the works for some time now, and this year, we’ll see more and more gadgets from household appliances to wearables like fitness bracelets to industrial equipment becoming connected to mobile devices and social networks. This proliferation of inter-connected things will open up a whole new glorious space for hackers to play in.

We predict that from now on, devices will increase by an order of magnitude (not too bold a prediction, huh?), and of course, that will result in greater privacy and security concerns. A breach in the Internet of Things (IoT) will give cybercrooks the ability to install malware or ransomware on private networks – not only consumer, but corporate and government – steal personal information, or even cause physical harm to a space or a person.  But before you run around the yard yelling, “Skynet is falling, Skynet is falling”, we will see adware uploaded on our smart TVs.

What to keep your eye out for

  • New technologies and businesses around the IoT including

o   Increased demand for low cost bandwidth and processing

o   Expansion of infrastructure that carries Wi-Fi traffic

o   Start-ups focused on communication and sensors between devices, storage, data analytics

o   Home and factory automation

  • The rise of “fog” computing architectures, where data is closer to the source as opposed to residing in a data center somewhere

Room for improvement

  • Keeping multiple smart devices updated with the latest version of this-and-that software. You think it’s hard now with a couple of devices? Wait until your house, body, garage, and workplace are full of smart gadgets.
  • The fractured ecosystem will make it harder to identify threats or protect against security exploits.
  • Home routers are still unsecure and people are using open, unencrypted Wi-Fi. Start by securing your own home router by scanning with Avast’s Home Network Security scan, then follow whatever suggestions are given.

Social media world

ransomware note
By now, social media users know that sharing too much personal information can give strangers access to their personal life. To illustrate that point on a national scale, Allstate Insurance, aired a series of commercials about what happened to a couple who shared on social networks that they were away from their home for the weekend. Read about it on our blog.

Last year, we saw new privacy settings introduced on social media, and 2015 will see a rise in anonymous interactions via social media.

Hoaxes and scams spread by email and social networks were successful in 2014, as they have been for years now, so we see no reason that occurrences will decrease. Social engineering can trick unwitting victims and the rate of identity theft will increase.

What to keep your eye out for

  • Continuation of scams associated with important events like celebrity gossip or sporting events.
  • Watching videos on Facebook equaled watching videos on YouTube at the end of 2014, so we can expect hackers to take advantage of this by hiding malicious links in Facebook videos.
  • More fraudulent and malicious ads will appear on social networks.
  • Ransomware made the jump from PC to mobile in 2014, and it will likely hit social networks.

Room for improvement

    • Cut back on sharing too much on social media and through Internet of Things devices.

Adjust privacy settings in each social network.

Data breaches and more 2015 cyber security predictions

For a month now, I have been reading predictions for 2015. In the security field, something new and unexpected can always pop up – like the Point-of-Sale (PoS) breaches in early 2014 – but most likely what will happen is just a continuation, that is, a natural evolution, of what has already occurred.

crystal ball 1

So let’s take a look at some things that will probably happen this year and steps we can take to stay safer. Tomorrow, we’ll look at a few more.

Data breaches will continue

Data breaches made the news in 2014, and in 2015 we will continue to see security breaches of companies, irrespective of size or business sector. These breaches are often caused by software vulnerabilities, advances in data stealing malware, and as we have seen recently with the Sony breach, by states using cyber espionage against other states.

What to keep your eye out for

  • Heartbleed and Shellshock were successful at using vulnerabilities in software that we depend upon. We expect to see more of the same in 2015.
  • Increase in phishing and social engineering attacks on employees of big companies in order to break in.
  • Health care organizations are at risk because many of them use outdated software and have rudimentary security. Plus, there is so much valuable data to be stolen like sensitive patient records.
  • More revelations that governments and even companies are using cyber attacks against each other.

PoS-attacks2Room for improvement

  • Companies need to tighten up the security processes of their employees, vendors, and third party suppliers who have access to their systems.
  • Companies need to adopt advanced threat solutions to secure their PoS networks from breaches.
  • Enterprise breach detection methods need to be improved because cybercrooks will likely go after the bigger fish.
  • Passwords are not adequate protection for our personal or financial accounts. Two-factor authentication will be adopted more widely, as will new methods like ultra-sonic sound.
  • Consumers and companies should update from the old, vulnerable Windows XP.

Mobile is attractive to cybercrooks

Since our mobile phones are as powerful and can accomplish nearly all the things a regular computer can, that gives cybercrooks a relatively easy in-road to your private data and financial information. 2015 will see consumers becoming more aware of mobile security since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information. 

What to keep your eye out for

  • Increase in phishing attacks of mobile users. It’s worked successfully so far, so hackers will keep employing methods to trick employees or vendors into revealing login credentials like usernames or passwords, or installing malicious software. Targets will be more high profile.
  • iOS security breach on a wider scale. As companies allow executives and employees to use their own handsets, iPhones will become a more lucrative target. Add to that the iCloud Drive sync, ApplePay, and all those fancy new wearable gadgets, and cybercrooks have new attack vectors to explore for the future.
  • After the success of the stolen celebrity photos, the cloud has become a pretty interesting target for cybercrooks. Think of all the information we store in the cloud – especially company info. iCloud, Dropbox, Google Drive, and other cloud technologies are vulnerable.
  • Compromised Wi-Fi networks will lead to interception and redirection of mobile traffic like voice and SMS using Man-in-the-Middle attacks.

Room for improvement

  • Bring-your-own-device to the workplace means that IT security folks need to take a hard, long look at their policies or more data could be at risk.
  • Businesses need to work on a Mobile Security defense plan, or run the risk of

exposing the entire organization to threats.

  • Security for mobile apps needs to increase. Developers will agree on a way to secure the app’s code as well as the user’s data accessed by their application.
  • Comsumers will take responsibility for their devices security by installing software like Avast Mobile Security and Anti-theft.

 

Top Cyber Security Awareness Month themes, topics, and resources

National Cyber Security Awareness Month happens every October and NCSAM 2014 has seen more events and resources than ever. This recorded webinar discusses the top topics of NCSAM 2014, from the shortage of skilled cybersecurity workers to the Internet of Things (IoT).

The post Top Cyber Security Awareness Month themes, topics, and resources appeared first on We Live Security.