The Nest Secure launched last year with a few cool features including all-in-one Detect sensors and NFC tags to disarm. It lacked one seemingly obvious feature—Google Assistant support. Nest is finally rectifying that oversight with an over-the-air update. You can arm the secure, check your security level, and (sometimes) disarm it by voice.
To get your Secure attached to Google Assistant, you have to open your Nest app and check the messages.
The Tor team unveiled its Messenger app in 2015 to boost the security of existing chat clients, but those plans are coming to an end less than three years later. The developers are ending support for Tor Messenger due primarily to a lack of support…. Engadget RSS Feed
In a rush to retain Apple as a smartphone display customer, Japan Display on Friday said it plans to raise more than $ 500 million that will be put towards manufacturing LCD panels for a next-generation iPhone. AppleInsider – Frontpage News
In situations where a visitor wants to use your Mac for a task, providing them access via your personal account may be an unwise move, especially if it isn’t someone you completely trust. AppleInsider explains how to set up a guest account in macOS that provides access without endangering your personal data. AppleInsider – Frontpage News
So, you just bought some crypto. Congrats! (Or: Congrats ?) But now you need a place to store it. But the safest place you’ve been told to store it…may not really be all that safe. Hi. Welcome to the wonderful world of crypto!
You could leave your new crypto on the exchange where you purchased it, but those are worthwhile targets for hackers. You could move it to a software wallet, or maybe a third-party website or an app on your phone. But, again, those are online, so they’re susceptible to hacking. A paper wallet — literally a QR code printed on a piece of paper — is also an option, but they’re such a pain to set up.
A hardware wallet it is, then. These are easy-to-use standalone devices specifically designed to hold crypto. They let you to access your funds without connecting to the internet. Super secure, right? Except: Maybe not.
On March 20, Saleem Rashid, a 15-year-old self-taught programmer, published a blog post detailing multiple ways a hacker could crack the Ledger Nano S, a popular crypto hardware wallet. Apparently, the device isn’t as “tamper-proof” as its makers claimed. In his post, Rashid explained how a hacker could use a vulnerability in the Ledger Nano S to steal any private keys stored on the device. They could do this by tampering with the device either before you bought it (a “supply chain attack”) or after you’d already loaded it up with your private information (an “evil maid attack”).
Ledger released a patch to address the hardware wallet vulnerability on March 6, and Eric Larchevêque, Ledger’s CEO, told TechCrunch the company hadn’t received any reports of hackers actually accessing the crypto of Nano S users.
So, why wasn’t that the end of it?
Because, apparently, Rashid wasn’t satisfied with the response from Ledger. Which is why he publishing his post two weeks after the release of the patch. He also threw shade directly at Larchevêque, writing:
“I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.”
The same day he released his post, Rashid noted on Twitter that he told Ledger about the vulnerability four months ago and the company had exhibited “pretty poor communication” in the interim.
Ledger and Larchevêque appear far less phased than Rashid by the whole situation. “All systems have vulnerabilities,” Larchevêque told TechCrunch. “That’s part of the life of any security system. It’s a game of cat and mouse.”
That may be true, but it’s also a good reason to think twice before slapping the “tamper-proof” label on any future devices.
We’re currently on the verge of the greatest human evolution possible. Where the shift is from Information Age to the Digital Age. Where intelligent devices can feel the presence of human and ask accordingly.
This phenomenal shift is due to a person’s desire to create efficiency, specifically with everyday tasks to automate the process. Additionally, the costs that are associated with these devices is no longer prohibitive, so companies of all sizes can bring products to market.
Many people laughed when in the year 2014, John Chambers mentioned, Cisco CEO mentioned “Internet of Everything” as a potential market of around $ 17 trillion, plus it will take over the whole market in the next 5-10 years. Two years down the lane and Chambers phenomenon came true in the form of the Internet of Things(IoT).
Although the shift from the Internet of people to the Internet of Things(IoT) initiated a new breed of innovation, on the other hand, there is even a greater chance that sensitive personal data is available online for anyone to access. Whether be it our health records, or family information or even our daily activities, we are all wired up with IoT.
The bad news is that with according to a survey by McKinsey cost of ineffective cyber security will rise up to $ 3 trillion by the year 2020. Given that the devices connected with humans will reach to 20.8 billion by the year 2020, there is a huge amount of risk associated with it.
Data has an entire lifetime
Throughout the 90’s, everyone was focused on data in motion – that is communication between two parties. However, companies have realized that with the advancement of data, there is a greater chance of data breach within the companies.
What we need is to consider data as for the entire lifecycle, not just when being transmitted among out devices, which becomes meaningless if the device itself is compromised.
For now, data is not just for a day, or a decade, it is for a lifetime. Whatever you do or store over the internet stays there forever. Whether be it your customer data, your personal information, or even your business secrets.
Considering the above, you need to make the necessary changes as per the advancement of the there comes a strong breed of hackers that can take your data and use it for their benefit.
Personal does not mean secure
It is a clear deceptive assumption that machines have data that is secure over the internet. Information security has three components:
Confidentiality: Here the data is restricted & protected.
Integrity: It is assured that there is no compromise on data & information.
Availability: Those authorized to access this information can do anything with the data.
There are some major security protocols you can make to strengthen your security – encryption, firewalls, tokens, and two-factor authentication – we need to target data confidentiality, secured barriers against unauthorized access and developing effective business dashboard.
But machines, have their own protocols, software, rules & exposed APIs will have exposed vulnerabilities.
What will happen when the data will have these weak points and breach points that will surely compromise the security.
Unfortunately, there is not even a single security expert that think that we can build IoT networks without vulnerabilities. For that, we need a new approach. We need to know how is data changing and what can we do to stop the breach.
This is called the integrity issue – and it should be focused on modern security where everything relates to everything.
Data integrity is a different subject. Schemes such as scalable provable data possession (SPDP), the blockchain, and Merkle hash trees, and dynamic provable data possession (DPDP) are great places to start off your research.
To scale these technologies, we can make them reliable for the large networks. For this, we need to train our team how to tackle these types of issues.
To wrap it all up
The Internet of things(IoT) is not a new thing anymore. With great data comes greater responsibility to encrypt that data and save it from the eyes of the hacker.
Whether you’re an individual or a company that is struggling on the road to success, you need to secure your data. You need to develop strategies that can prevent you from great loss.
Finding the cheapest flights can be tricky, especially since prices tend to fluctuate rapidly and so many third-party services like Expedia, KAYAK and Priceline exist and are vying for your business. There’s an innovative new tool on the block now though, and according to Business Insider it’s specifically designed to exploit 100% legal loopholes in an effort […] Read More… iDrop News
Kate O’Flaherty speaks to a panel of experts who warn that we are in the uncharted territory of network slicing and mass service takedowns. 5G’s low latency and high bandwidth enable multiple IoT use cases, but a new approach is needed to secure it, she warns.
5G will enable IoT applications such as autonomous vehicles, healthcare solutions, and robotics. But the technology also poses a much larger security risk than the 2G, 3G, and 4G networks that came before it. Why is this?
Significantly, 5G represents an overhaul in the way that networks are run and managed. In contrast to the hardware-based networks of the past, the technology takes advantage of virtualisation and cloud systems, leaving it more vulnerable to breaches if not properly secured.
In addition, 5G’s low latency and high bandwidth capabilities could be used to increase the potential scale of a distributed denial of service (DDoS) attack, where IoT devices are targeted by hackers and used to form a botnet.
With more and more hackers accessing network resources to mine cryptocurrency, for example, it stands to reason that this will be just one form of attack.
According to Michael O’Malley, vice president of carrier strategy at Radware, 5G-connected devices that become infected would have the ability to perform much bigger and more complex attacks than we have witnessed before.
He cites the example of the 2016 Dyn IoT botnet cyber-attack, which “took down the East Coast of the US”, by preventing users from accessing websites. “Now take that threat and add a 5G network, which is faster and with lower latency: you could take down more than just the East Coast,” he says.
A significant change
Taking these risks into account, 5G will demand a significant change in the way security is managed, says Adrian Scrase, CTO at standards organisation ETSI. “It’s a move towards a service-based architecture. In other words: opening up the network through application programming interfaces (APIs) and allowing people to provide services,” he explains.
Adding to this, it is a complex challenge to secure 5G IoT high-data-rate devices with larger battery and computational resources – such as machines in factories –while ensuring that their functionality is unchanged. This is in direct contrast to many other IoT 5G use cases, which require a long battery life of up to 10 years, and are expected to work at very low data rates.
At the same time, says Scrase, 5G is no longer a ‘singular network’: it will include new elements such as network slicing, which will see mobile operators offering different levels of performance and varying contractual agreements.
This gives the operator the ability to “pretty much copy and paste a network instance”, explains Paul Bradley, Gemalto’s 5G strategy and partnerships director.
“There will be different configurations of the network: one might be concentrated on high speeds and low latency for autonomous driving; and another might have a normal level of security for a sensor network. Those slices will be configured by use case and isolated from each other.”
Adding to the complexity, network slicing is “completely new” to 5G and standards are not yet formalised, says Patrick Donegan, founder and principal analyst at HardenStance.
He describes the risk: “You need an individual instance of software in 5G: it can only go onto the slice –and not other slices. If my instances of virtualised software can appear on your slice, then someone can put malware onto your slice and corrupt it.”
Finding the solution
There’s no doubt that securing 5G is complex, but standards bodies are already examining these issues. Scrase points out that the 3rd Generation Partnership project’s (3GPP’s) TS33.501 specification around 5G security is due for approval in the coming weeks.
Technology itself can also help. In order to mitigate 5G-based IoT attacks, 451 analyst Ian Hughes says that artificial intelligence (AI) and machine learning will be useful when applied to anomaly detection at a fast rate across a complex environment.
Gerald Reddig, head of security at Nokia, says automation is integral, citing the vendor’s adaptive architecture that automates security.
“Our customer base is protecting its own customers’ networks and needs to adapt its security architecture for threats, including DDoS attacks and ransomware,” he says. “The value is in automaton in an orchestrated way to relieve the pressure on existing security teams.”
At the same time, network slices should be secured depending on the use case.
In addition, Bradley says data needs to be segregated in the device if it is being linked to multiple network slices. Meanwhile, he says: “The user needs to be authenticated to the device, and the network itself is important.
Virtualised network functions should be secured, with confidentiality and integrity protected. You need to look at where the weak links in the chain are.
It’s a complex environment, but in the end, strategy is key. As part of this, experts recommend taking a holistic approach to security, taking into account the entire ecosystem –including device manufacturers, mobile operators, and service providers.
And, while it’s important to consider the implications now, there is time to act before 5G really starts to impact on the IoT.
Indeed, different waves of 5G are expected over time from standards body 3GPP. The first release in December 2017 was around the technology’s consumer use cases, such as high-speed access.
The network side – including the core network and edge computing –is coming in the middle of this year. Meanwhile: “In 18 months, the next phase will arrive with standards around ultra reliability, low latency, and really high speed,” says Bradley. “They will start to look at IoT then.”
So, it is still some way off. But despite that, businesses should consider how they will be impacted by the technology now. Donegan advises: “You need to look at the security of the network, the content, and the device; where you put security controls depends on the use case.”
For example, he points out that some sensors don’t have the power and footprint to run security software. “So, you need to secure the network locally, accepting that the device has no security. And communications need to be interfaced by a secure gateway that takes account of this.”
In addition, the 451’s Hughes says that firms should enlist the help of penetration testers to find holes in their 5G IoT deployments. “You can trust your providers, but each enterprise will have a unique security risk that no one has thought of – such as an interface between two systems – so every company needs to have these people onboard.”
And in the end, says Donegan, securing 5G-based IoT consists of adapting well-worn principles. But he warns: “It is cheaper to get security sorted right at the outset: retrofitting after the event will cost more than getting it done at the start.”
5G networks might seem to be a future consideration, but tests and experimental rollouts have been gathering pace in recent weeks. Given the new forms of risk, organisations should consider the security aspects now. With AI and machine learning, for example, these technologies are going to become even more intelligent as virtualised telecoms networks develop.
However, the experts’ warnings should ring some alarm bells. A number of recent reports have suggested that IoT security is already lax, with non-expert device manufacturers rushing gadgets to market with basic security flaws built in. Meanwhile, organisations are giving little strategic thought to the unique challenges of IoT security. Factor in 5G and there is every chance things could get messy.
White-hat hackers are valuable in a changing security landscape, and firms such as Google and IBM have long known this. Google is among those offering cash ‘bug bounties’ to those who are able to find holes in their systems.
Standards and specifications will certainly help on the way to securing 5G-based IoT use cases, but in the end it will come down to strategy. Robust cybersecurity must include the network, the device, and the data, taking into account the unique issues that 5G networks bring.
• We welcome Kate O’Flaherty to our regular team of contributors.
Kate O’Flaherty is a freelance journalist with over a decade’s experience reporting on business and IT. She has held editor and news reporter positions on titles including The Inquirer, Marketing Week and Mobile Magazine, and has written articles for titles including the Guardian, the Times, the Economist, SC UK Magazine, Mobile Europe and Wired UK. She is also a contributing analyst at Current Analysis covering wholesale telecoms.