Verizon Wireless will pay a $1.35 million fine after the company inserted undeletable ‘supercookies’ into its users’ browsing sessions without consent.
The post Verizon Wireless fined $1.35m in ‘supercookie’ privacy settlement appeared first on We Live Security.
First we had keys that could remotely unlock the car door at the push of a button, an almost universal feature today. Then came keyless car systems, where you don’t even need to take the key out of your pocket as it communicates remotely with the car to open doors and start the engine with the push of a button on the dashboard. Most companies now offer this technology, though normally available in top of the range cars or at a price as an added extra.
So what will be next? It’s not hard to guess: keyless cars that can be opened and started using an app on a smartphone. At the Mobile World Congress in Barcelona, Volvo announced that it will be launching the first line of such vehicles in 2017, although trials will start this year through the company’s Sunfleet car-sharing firm based at Gothenburg airport (Sweden).
Other similar projects do exist (Tesla vehicles, for example, can be opened with an app if the owner loses the key), though this is the first that has a projected launch date and which intends to dispense entirely with physical keys.
As demonstrated at the event in Spain, and in the company’s promotional videos, the Volvo digital key app will be available for the three leading operating systems (Android, iOS and Windows Phone), and, thanks to Bluetooth technology, will provide all the same functions as remote or physical keys: opening or closing doors, starting the engine, etc..
In terms of convenience, the advantages of a vehicle that can be opened and started from a phone are more than apparent. The device itself will end up functioning more as a keyring than a key, allowing you to control more than one car, with highly useful applications for hire cars, families with several cars, or anyone who might occasionally borrow a friend’s car.
That said, whenever technological advances hand greater control over to our phones, the question of security becomes a subject for debate. The million-dollar question is what you might imagine: will keyless cars be easier or more difficult to steal?
We don’t have to go too far to find the answer. Today, smart keys are raising similar questions (as did remote keys, which have been with us since the 90s, in their day). Both the police and independent researchers have been warning for several years about the growing use of IT tools to steal cars with such systems.
Unfortunately, there are various ways of attacking keyless cars: devices designed to exploit vulnerabilities and impersonate the remote, signal boosters that enable the key to open the car from a much greater distance, signal blockers that prevent the owner from locking the car… And that’s not to mention the alarming number of people who confess to not switching off the car before leaving it.
In light of all these factors, handing the control over opening and starting our vehicles to a smartphone might appear just to aggravate the problem, yet we should consider the words of the experts: “By far the most common way of a car being stolen is still from thieves breaking into homes and stealing keys. The keys are still the weakest link in a car security chain. If someone has your keys, they have your car.”
Perhaps an app is not such a bad idea.
The post The first keyless car is on the way (with security in the hands of a smartphone) appeared first on MediaCenter Panda Security.
Welcome to this week’s security review, in which we’ll be assessing the buzzword-laden security startups of RSA, and rounding up the week’s biggest stories.
The post The security review: Security is ‘easy’ – just ask someone at RSA appeared first on We Live Security.
Most businesses now recognize internet security as a real concern, yet new research has found that just 1 in 7 security chiefs report directly to their CEO.
The post Just 1 in 7 security chiefs report to the CEO, despite boardroom concern appeared first on We Live Security.
Recently the FBI obtained a court order that compels Apple to create and install a backdoor into its iPhone software to intentionally disable certain security measures. Although benign on the surface, this raises serious and pressing questions about the relationship between the government and technology companies, public safety, and user security. These concerns are so pressing that the tech industry, device manufacturers, and civil rights groups have nearly unanimously registered their opposition to the FBI’s actions to force Apple to weaken and alter its software for the FBI’s criminal investigation.
Given the importance of this issue and the high stakes, we, like others have articulated our opposition in publications and through media channels. Today, we took an extraordinary step of filing an amicus brief, prepared by Andrew Bridges and Tyler Newby, leading tech attorneys at the firm of Fenwick & West. The brief is intended to further educate the court on the adverse consequences of the order and the proper application of the relevant laws to the facts in this specific case.
At issue is how much authority we, as citizens, are truly willing to cede to the government in the name of national security and public safety. We think this order goes too far. Strong technical security fosters strong public safety. In a world where everyone’s digital footprint is a potential point of physical vulnerability, strong public safety in fact isn’t even possible without strong technical security.
This case won’t change that, regardless of who wins. A secure product, digital network, and device ecosystem improves safety by making it harder for criminals and those with malicious intent to compromise users’ security and privacy. We understand this may make it harder for law enforcement at times, but we made that decision when we signed the Bill of Rights 225 years ago this December.
The Vice Chairman of the United States Joint Chiefs of Staff Admiral James A. Winnefeld, agrees, having recently remarked, “I think we would all win if our networks are more secure. And I think I would rather live on the side of secure networks and a harder problem … on the intelligence side than very vulnerable networks and an easy problem [for our intelligence agencies].” The benefits of strong security outweigh the costs.
This debate is not new; it has been going on with the tech industry since at least the 70s, in various forms. The tech industry has also largely cooperated with law enforcement in the past, as did Apple in this case. But to cooperate here asks too much. To do so would be to take an action most companies would never willingly take—one that is antithetical to their very business.
Regardless of what happens in this case, we foresee that the tech industry response will be to adopt even more rigorous security measures, including ones they themselves cannot even exploit, balanced only by the business need to provide users data-based services. We are committed to continuing these vital conversations with fellow tech companies, legal experts, consumer advocates, and anyone else affected by this issue, one whose importance we cannot overstate and whose ramifications we likely cannot even yet conceive.
By Harvey Anderson, Chief Legal Officer and Justin Olsson, Product Counsel
A new vulnerability could leave as many as one-third of HTTPS websites open to decryption.
The post One-third of HTTPS websites left vulnerable to DROWN attack appeared first on We Live Security.
Mobile World Congress is the largest gathering of the mobile industry and takes place at the end of February every year. According to the latest attendance numbers, it was bigger and more attended than any previous congress. Every possible brand associated with smartphones you can think of was there and even some of the brands you may not know but they provide the stuff to make it all work behind the scenes.
There is a dramatic change afoot in this industry and it’s clear to see at MWC. The focus of this year’s show is very much about the Internet of Things (IoT). Most of us consider this to mean fitness trackers, a few connected fridges, and maybe for the select few, a car.
IoT is going to affect all of us in ways that we can’t yet imagine — everything will be connected and adding data to a world that will operate based on the analysis of everything around us. This may sound like a science-fiction movie, it’s not. There’s technology on its way that really does mean that there are very few things that won’t be connected.
There is a device for tracking everything from fitness to air quality. While they’re exciting toys and gadgets for us to own and play with, the bigger story is how these stepping stones are being placed for a far more connected world. We continually hear about self-driving cars and other cool innovations, but for many of us these are still news stories rather than reality. One such company is Seat’s connected car tech that allows drivers to check the availability of parking spaces, access breakdown services and connect to household appliances.
Do you ever leave home in the morning having missed a tooth when brushing? With Oral-B’s smart toothbrush it will be a thing of the past! A smartphone app connects to the toothbrush and detects which teeth are still dirty.
Visa announced their new payment system, the Visa Ready program, which will allow transactions to be made from any suitable connected device. For anyone traveling through London recently, they may have seen people waving their phones on the tube payment terminals to pay for their trip. With the new service from Visa, this facility will be extended to other devices and use tokens rather than card details. This means that personal data is never transmitted in a similar way that Apple Pay and Android Pay work and should be considered a security enhancement over the current process.
Honda has already signed up to the program to use an in-car fuel app that will be integrated into their vehicles dashboards. Once the car is running low on fuel the driver will be automatically be directed to the nearest gas station. The app will know the exact amount of fuel needed and pay for the fuel and calculate the cost. Of course, this does mean the pump needs to accept wireless payments and you will still need to get out and actually put the fuel hose into the car.
A technology that has been heard about for years is about to become both affordable and usable, and will soon establish itself as a normal part of our lives. I was lucky enough to get a full hands-on demo of Intel’s RealSense™ virtual reality technology that is being made available to developers in the next few months.
Put the headset on and be immersed in a virtual world where you can actually interact using your hands. Yes, they actually appear in the virtual world allowing you to move objects and to be part of what you are seeing. Or allow the headset to map, in real-time, the environment you are in and to add things to it — you can mix our physical world with a virtual one. For example using the demo headset I scanned a table and then a cat jumped up onto it. I moved away and the cat jumped off the table. The possibilities for this technology in our normal lives, especially if you are a gamer, are really exciting and I can’t wait to see them realized.
There is a common concern with all the new IoT devices and cool services that they deliver, that is one of security. With every connected device a new opportunity is created for hackers to attempt to breach the device and access your personal data. While many device manufacturers may create their products using a ‘secure by design’ approach, this may not be the case with the small innovative companies that have the hottest technology.
The concern should not stop with hackers. Devices are collecting data that we may not realize. This raises questions about who has access to our data and what is it being used for — did you read the privacy policy of every connected device you already own, and will you read the privacy policy of all the new ones? Unfortunately, the answer is most likely no. Besides presenting us with new and impressive connected devices, Mobile World Congress has also highlighted the need for us to be aware of the “what” and “who” is holding our data and for what intent.
Less than a month after it “renewed a consumer alert” for phishing scams, the Internal Revenue Service (IRS) in the US has delivered another warning aimed this time at payroll and human resources professionals.
The post IRS issues warning to HR professionals over phishing scam appeared first on We Live Security.
Snapchat has said that is “impossibly sorry” after a data leak exposed payroll information for some of its current and former employees.
The post Snapchat staff payroll data leaked in phishing scam appeared first on We Live Security.
Highlights from the past seven days in information security include porn clicker trojans at Google Play, digital childhoods and the security/privacy debate.
The post The security review: porn clicker trojans at Google Play appeared first on We Live Security.
