Tag Archives: Privacy

AVG

Can a plane be hacked and controlled through inflight Wi-Fi?

Leave a comment

A number of leading publications jumped on the report and within hours, it had become a viral sensation.

Like most, when I first saw the article I had a brief moment of serious concern, especially as I travel frequently on business. On further consideration, I decided to investigate further as there is extensive regulation and compliance in the aircraft industry.

We have seen many industries struggle with security as more services move to digital and connect to the Internet of Things. One example is the medical industry where devices handle sensitive data. This article in The Atlantic gives a great summary of the points.

So based on what we’ve seen in other industries, would a vulnerability on an aircraft seem farfetched? Probably not.

However, as I mentioned, aviation is a highly regulated industry with security standards and safety at its core. It would therefore surprise me if someone left the backdoor open and the aircraft’s avionics were accessible through the Wi-Fi.

The following diagram is probably what made this report go viral.

Plane Wi-Fi

 

The government report and its diagram may be highlighting an area of concern but according to Dr Phil Polstra, as stated in a Forbes article ‘The GAO report was put together by people who didn’t understand how modern aircraft actually work’.

Based on Dr Polstra’s comments and his credibility as an expert in this area I think we can rest assured that the frightening nature of the article that went viral is a false alarm.  The real risk here is someone publishing a report when they may not have fully understood the subject matter.

I will be getting on a plane soon and will not be concerned that the person in the seat next to me might be hacking the flight system. However, if they could adjust the temperature and lighting around my seat, that would be useful.

Follow me on twitter @tonyatavg

Title image courtesy of ArsTechnica

AVG

Why Netflix is spending millions on encryption

Leave a comment

The popular streaming service Netflix recently announced in their quarterly letter to shareholders that they plan to secure their entire service with HTTPS.

While some parts of Netflix already use encryption, such as the registration and payment services, the intention is now to encrypt the entire service for users on all platforms. This includes the data sent and received as part of the streaming service.

Significant costs

In October last year, Netflix said that they were investigating encrypting their entire service but claimed that it could cost them “$100’s of millions a year” to implement.

Netflix hasn’t explained exactly why they’ve done decided to roll out HTTPS, although sources speculate that the Snowden revelations have some part to play.

2014 was a watershed year for security with a number of high profile companies and individuals suffering cyber-attacks. The trend continued in 2015 and Netflix has followed the likes of Google to adopt HTTPS across more of their services.

Improving user privacy

As Netflix explained in their letter, the wider adoption of HTTPS “helps protect member privacy, particularly when the network is insecure, such as public wifi, and it helps protect members from eavesdropping by their ISP or employer, who may want to record our members’ viewing for other reasons.”

AVG

‘Future Crimes’ – A New Book That Takes on the Future of Cybercrime

Leave a comment

“If you control the code, you control the world. This is the future that awaits us.”
– Marc Goodman

As anyone who reads this space knows, I’m a big fan of the Internet of Things, and yet equally worried about security in this brave new world.

A new book “Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It” emphasises these points and makes some suggestions.

What struck me is that many of what crimes Goodman labels as “future crimes” are already happening all around us. From the recent ISIS hack of French TV station to the epic hacks of the past year on major brands from Sony to Target, Home Depot and Chase. We’re definitely already at the intersection of connected technology and cybercrime.

“We’ve gone ahead and wired this world but failed to secure it,” Goodman said in a tweet. “We can but it’s going to be hard.”

Goodman writes about identity theft, stolen data, smartphone hacks, and speculates worryingly about the future. He sees this getting worse, of course, with the advent of smart houses, smart cars, and an increasingly wired world.

The recent wave of cybercrimes illustrates his warnings, and is one of the reasons it’s become a hit. The book was rated as Amazon’s Best Book of the Month in March and is a bestseller on the New York Times “Crime and Punishment” list.

When he writes about the future of technology, from smart pacemakers to 3-D technology, and the shadowy figures out to exploit the weaknesses of these devices, it can read like science fiction. But, as we’re fully aware at AVG, a connected future is rapidly approaching and it’s reality, not fiction.

Goodman does offer some positives, which is what made the book interesting to me: Without action this would be a litany of gloom and doom. He suggests the sharing of information between public and private sectors, something President Obama has been strongly advocating. Goodman also envisions  a “Manhattan Project” type organization combining the best and brightest from the private and governmental sector.

Goodman also says it is crucial to increase the technical knowledge of ordinary people, who use technology on an everyday basis. I think this is a very good idea. From our Clinton Global Initiative Smart User Mission to our Magda and Mo ebook series for children, at AVG we view it as part of our mission to we teach internet safety to the new generation of users coming online.  As Goodman points out, being tech savvy is only going to increase in importance.

Security

Google Moving Toward Encrypted Ad Services

Leave a comment

Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well. Google’s ad networks are pervasive […]

Security

DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud

Leave a comment

It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]