Posts tagged security

Terrorist in the machine: U.S. DOJ fears IoT security threat

Washington DC, United States landmark. National Capitol building with US flag.

The huge wave of Internet of Things (IoT) enabled devices has the U.S. government worried that the technology harbors lurking security threats.

According to a Defense One article, the U.S. Department of Justice has joined other agencies in evaluating IoT technology for national security risks

And with up to 50 billion connected devices coming online by 2020, the government is scrambling to assess threats from the fast evolving technology.

See also: Can ISIS hack the Internet of things? (Uh, no.)

U.S. Assistant Attorney General for National Security John P. Carlin said his division has a group dedicated to assessing IoT technology threats. He said it is critical to fully assess this new technology to properly combat next-generation terrorism tactics.

“Look at the terrorist attack in Nice,” said Carlin. “If our trucks are running in an automated fashion — great efficiencies, great safety, on the one hand — but if we don’t think about how terrorists could exploit that on the front end, and not after they take a truck and run it through a crowd of civilians, we’ll regret it.”

He says that the government moved overly fast in connecting its data store houses which left it vulnerable to state and non-state actors who have stolen valuable information for illicit use.

“We made that mistake once when we moved all of our data, when we digitally connected it, and didn’t focus on how … terrorists and spies could exploit it,” said Carlin. “We can’t do that again when it comes to the Internet of Things, actual missiles, trucks and cars.”

IoT security a theme around the capital

The Justice Department joins several other federal agencies which are delving into the potential risks presented by IoT.

The Defense Advanced Research Projects Agency (DARPA) launched a program in 2012 that to fix vulnerabilities threatening IoT devices.

In 2014 the Central Intelligence Agency admitted their IoT concerns. CIA Deputy Director Dawn Meyerriecks revealed that “smart refrigerators have been used in distributed denial of service attacks,” and discussed smart fluorescent LEDs that “are communicating that they need to be replaced but are also being hijacked for other things.”

The National Security Agency also has its sights set on IoT, which it has said both presents a security threat and a signals intelligence bonanza.

The post Terrorist in the machine: U.S. DOJ fears IoT security threat appeared first on ReadWrite.

View full post on ReadWrite

SearchCap: Google web reviews, security reports & Penguin update

Below is what happened in search today, as reported on Search Engine Land and from other places across the web.

The post SearchCap: Google web reviews, security reports & Penguin update appeared first on Search Engine Land.

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Google Search Console improves Security Issues reports

The revised security reports in the Google Search Console promise to provide more specific explanations and insights into the issues.

The post Google Search Console improves Security Issues reports appeared first on Search Engine Land.

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Could robots replace us in security jobs?


A Silicon Valley company called Knightscope has introduced a range of robots that eradicate the need for foot patrolling security guards in a range of workplaces and public spaces. These security robots are called the  K3 and K5 Autonomous Data Machines. The robots resemble a “Doctor Who” dalek, or maybe a large mobile rubbish bin depending on your point of view. This is not surprising as when the idea of a security robot comes to mind, you are inclined to think of robots like Robocop or Atlas rather than Pepper.

Knightscope was originally founded in response to the tragic events at Sandy Hook and the Boston Marathon. The founders believed that with a unique combination of hardware and software, they could greatly reduce crime by as much as 50%. They explain their rationale as thus:

“The human attention span during monotonous, boring tasks is only 5-10 minutes. And with employee turnover rates as high as 400%, the security industry is rightfully seeking innovative solutions. Knightscope’s primary goal is to allow customers to utilize the best of Silicon Valley to put machines to work in those routine, monotonous and sometimes dangerous situations, thus freeing up humans to do the more hands-on and strategic activities. Corporate campuses, data centers, shopping malls and big-box retail stores are among the many customers already engaged today (think employee safety, corporate espionage, rogue networks and asset protection).”

They also state:

“This technology changes everything and is especially needed as the world continues to become more and more volatile.”

Utilizing numerous sensors, lasers and a significant amount of code, the K3 and K5 can roam a geo-fenced area autonomously either randomly or based on a particular patrolling algorithm. The K5 is able to detect a vehicle backing up or tailing the machine in a parking lot setting. Further, the robots are programmed to detect suspicious and unusual behavior and can recall up to 300 number plates a minute, whilst monitoring traffic. The robots are equipped with a panic button for emergency scenarios when a real person is required.


Your shiny new mall cop

Their clients including various shopping malls and Uber who rent the robots at a cost of $7 an hour, significantly less than a security guard would command in wages. However the robots are not without controversy with a recent case that a robot on duty knocked over a small child.  It’s claimed that Harwin Cheng, 16-month-old, was walking ahead of his parents in the Stanford Shopping Centre when the security robot bumped into and knocked him down. According to the toddler’s mother who witnessed the incident, the robot allegedly hit her son in the head which caused him to fall down face first. It then continued to keep moving along, running over the boy’s right foot, which left it swollen along with a scrape behind his knee.

The claim is contested by Knightscope who claim their robot veered to the left to avoid running into the toddler. It said that the young boy then ran backwards and consequentially directly in the front of the machine, which then caused it to knock him over. Knightscope quickly moved to apologize to the parents and is keen to avoid a repeat occurrence.


Should robots be used in emergencies?

The use of robots in safety situations requires some consideration before an extensive roll out, with a study earlier this year by Georgia Tech Research Institute revealing that people are too trustworthy of robots in an emergency. In a mock building fire, test subjects followed instructions from an “Emergency Guide Robot” even after the machine had proven itself unreliable in given previous directions – and after some participants were told that robot had broken down.

Engineer Paul Robinette said:

“We expected that if the robot had proven itself untrustworthy in guiding them to the conference room, that people wouldn’t follow it during the simulated emergency. Instead, all of the volunteers followed the robot’s instructions, no matter how well it had performed previously. We absolutely didn’t expect this.”

The researchers surmise that in the scenario they studied, the robot may have become an “authority figure” that the test subjects were more likely to trust in the time pressure of an emergency.

We’ve recently seen a scenario where a robot was used to detonate a bomb in response to a police killing, ultimately leading to the death of Micah Johnson who killed five police officers and wound seven others in Dallas. This makes it possible that robots will be deployed in future public emergency scenarios.

However it would be incorrect to surmise that robots will create unemployment. The need for skilled engineers, developers and control centre operatives to manage robots on the field and analyze the data they generate will create jobs, at least in the short term. The future will not be controlled by robots but rather, by humans with the assistance of robots.

The post Could robots replace us in security jobs? appeared first on ReadWrite.

View full post on ReadWrite

Will these Chinese satellites provide “hack-proof” data security?

Aqua satellite in space upon earth and rising sun, elements of this image furnished by NASA - 3D render

China has launched a quantum-encrypted satellite that could prove a major cybersecurity breakthrough if it proves truly “hack proof.”

The implications of the recent satellite launch was came via Abu Dhabi-based The National. The experimental technology in question is the Quantum Experiments at Space Scale, or QUESS satellite, which is component of a space programme under the aegis of China’s leader Xi Jinping.

“The satellite’s two-year mission will be to develop ‘hack-proof’ quantum communications, allowing users to send messages securely,” said China’s Xinhua news agency.

The QUESS satellite arrives just as the global battle heats up for domination over the lucrative market for cloud computing and securing data. On one side are Western tech powerhouses like Google, Amazon and Microsoft while on the other are Chinese players like Baidu, Huawei and Alibaba.

Amazon’s cloud computing arm, Amazon Web Services, demonstrated the profit potential of the space by posting revenues of nearly $8 billion in 2015.

And profits from the cloud computing space are only expected to go up.  Statista estimates global spending on cloud computing will grow at a compound annual growth rate (CAGR) of 19.4% between 2015 and 2019.

China’s QUESS technology is based on principals of quantum entanglement, an extremely complex physics theory where particles remain “entangled” regardless of distance apart. Xinhua claims that an encryption system based on such quantum entanglement principals is “impossible to wiretap, intercept or crack the information transmitted through it.”

Satellite-secured data an ambitious project

And if the experimental technology lives up to its promise of being truly hack-proof then China could have captured a major advantage in the global competition to completely secure data communication.

“There’s been a race to produce a quantum satellite, and it is very likely that China is going to win that race,” said University of Geneva physicist Nicolas Gisin. “It shows again China’s ability to commit to large and ambitious projects and to realise them.”

Fears that cloud-based data is vulnerable to cyberthreats remains an obstacle to the wider integration of cloud systems in the global economy.

“Data security is an issue everywhere and, as [customers] move from internal IT networks largely based on computers and software located inside their own facilities to a cloud model in which the firm’s employees can use cheap mobile devices to access their IT network anywhere in the world at any time, the threats to data security grow,” says Carnegie Mellon University’s Lee Branstetter. “But the shift to cloud computing will only succeed if firms believe their essential data to be reasonably secure.

“For this reason, major players are making very large investments in technology that can ensure reasonably secure access to IT networks,” adds Branstetter.

The post Will these Chinese satellites provide “hack-proof” data security? appeared first on ReadWrite.

View full post on ReadWrite

Great Bay Software strengthens IoT device security


Great Bay Software unveiled Beacon Suite 5.0 on Wednesday, a major security update to its Internet of Things (IoT) connections security platform that provides enterprises the ability to discover, monitor, and enforce changes across an entire network.

Since a lot of the smaller IoT devices have poor onboard security and cannot run security or access agents, enterprises have been unable to connect and protect most of their IoT network when deployed. Great Bay Software’s Beacon suite brings the low-power devices into the fold, while also enhancing the security of the entire platform.

See Also: AI adoption coming quickly to the enterprise sector

“Gartner predicts that by 2020, 25 percent of enterprise breaches will involve IoT, while only 10 percent or less of the enterprise security budget will be focused on IoT,” said Manish Rai, vice president of marketing and product management at Great Bay Software. “The new Beacon Suite 5.0 takes the industry lead in helping enterprises protect themselves against the growing threat posed by rapid adoption of IoT devices.”

Great Bay adds authentication layer

In the recent update, Great Bay has added “Beacon Endpoint Enforcement,” which simplifies authentication and enforcement for IoT devices. It also brings authentication to unmanaged devices.

Beacon is also able to identify a device with more accuracy than usual security platforms, according to the company’s press release, providing appropriate levels of security and access to devices.

The suite is able to quarantine, block, and remove faulty or hacked devices from a network, which is good for medical and military contractors that need assurances their devices are secure at all times.

Great Bay added more support for Cisco’s devices and platforms, announcing native integration with Cisco Wireless LAN controllers and support for Cisco Nexus VRF, which it claims will increase visibility.

For enterprise customers that like the sound of Beacon Suite 5.0, it can be yours for $21,500 annually.

The post Great Bay Software strengthens IoT device security appeared first on ReadWrite.

View full post on ReadWrite

Iot and toys: Connected toys require more security


In an age where it seems anything and everything can benefit from connectivity, the future of toys is changing rapidly.

Toys are becoming more intelligent, more connected and important assets among the Internet of Things.

U.S. domestic toy sales, according to industry association data, hit close to $22 billion in 2014, and that number has been growing steadily ever since, especially with the new connected opportunities for manufacturers.

Mattel, Fisher-Price and Sphero cashing in now

With the advent of sensors, chips, phones, apps and the cloud, the possibilities for what toys can offer is almost limitless.  Just look at Mattel’s Hello Barbie doll that works the same way Samsung voice operators do, sending children’s conversations into the cloud and returning verbal responses through a speaker in the doll.  Fisher-Price makes a WiFi-enabled stuffed animal, and Sphero has introduced an awesome little app-enabled droid toy, called the BB-8, that has an adaptive personality and evolves as an individual plays with it.  It can even create and display holographic recordings.   This toy can also connect with one’s phone, allowing for movement control.

As consumers change the way they are interacting with the connected world, all these IoT products enable toy manufacturers to leverage real-time data, collecting insights about customers to create more interactive and personalized devices that continue to impress and entertain.

But awesome toys present security issues

However, all these connected toys create concerns about security.  There are many gadgets these days that can be used to eavesdrop.  Part of the problem is that many hardware manufacturers offer poor security, and often times consumers are left vulnerable because of all the information they are sharing.

“One of my technologists has a phrase: ‘internet of other people’s things’,” says Lee Tien, senior staff attorney at the Electronic Frontier Foundation said. “Even if you bought it, it’s not necessarily truly yours – it may need to talk to the vendor’s machines to work, handing over data about you or those around you (if it has sensors); it may have features you don’t know about or don’t know how to control, or can’t control.”

The internet of things is quite helpful to eavesdroppers, both official and hacker types, for several reasons, with the main one being regular data leaks.

“One helpful feature for surveillance is that private sector IoT generally blabs a lot, routinely into some server, somewhere,” states Tien. “That data blabbing can be insecure in the air, or obtained from storage.”

To further complicate things, just look at video games, which require televisions and game systems.  New smart systems are equipped with cameras and voice monitors that are connected online and constantly sending information to the cloud.

But is someone watching through Barbie’s eyes?

Many people are concerned about what that can mean.  Can smart televisions spy on them? The US director of national intelligence says that is obvious. The ever-increasing variety of “smart” web-enabled devices, most recently dubbed the Internet of Things, is a blessing to intelligence officials and law enforcement, according to director James Clapper.

“In the future, intelligence services might use the Internet of Things for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper tells the Senate in public testimony.

Unfortunately, intelligence officials are not the only ones wanting to hack into hi-tech devices. Being aware of when people are home, what they own and where they store it is valuable knowledge for thieves.

A cyber-attack on toymaker VTech released the personal data of 6.4m children last year, and it was a scary reminder of the vulnerability of children on the internet. A similar thing happened to Sony, when hackers from North Korea stole users’ credentials, and online playing came to a halt during a major holiday.

However, even though a lack of privacy and security breaches are major concerns, it looks like connected toys are here to stay as long as consumers continue to happily purchase them.

The post Iot and toys: Connected toys require more security appeared first on ReadWrite.

View full post on ReadWrite

The spy who hacked me: Evildoers love IoT’s weak security

one secret service security bodyguard agent man in silhouette on white background

With the explosive growth of the Internet of Things (IoT), both spies and hackers are feasting on a new universe of poorly secured technology.

Recode quotes a top spy from the US National Security Agency who spoke with surprising candor about IoT’s security vulnerabilities. These vulnerabilities stem from the increasing complexity of the technology which, for cyberspooks like the NSA, offers a goldmine of eavesdropping potential.

“As my job is to penetrate other people’s networks, complexity is my friend,” said NSA deputy director Richard Ledgett at a Washington conference.

He added that the connected nature of these new IoT devices allow both spies and hackers a wireless window of opportunity. Indeed, hacking of connected technology is expected to send the IoT security market into overdrive in the coming years.

“The first time you update the software, you introduce vulnerabilities — or variables, rather,” Ledgett said. “It’s a good place to be in a penetration point of view.”

IoT offering spies more back doors?

And there is growing evidence that network penetration by intelligence agencies and cyber criminals alike is becoming easier thanks to the dramatic increase in IoT devices globally.

A Hewlett-Packard study from 2014 found that many IoT devices were shipped from the factory with low security passwords.  As well, a Veracode report from last year discovered many basic security weaknesses in such devices as hubs for home IoT networks and even garage door openers.

Ledgett even admitted that the NSA is researching potential security exploits in such biomedical equipment as pacemakers, as another “tool in the toolbox.”

In his unusually frank speech for an upper echelon NSA representative, Ledgett said that the agency finds it easier to track terrorism suspects or foreign spooks through other avenues of surveillance.

Meanwhile, others in the American intelligence community have broken silence about IoT’s as potential wellspring of actionable intelligence for both friendly and enemy spy agencies.

James Clapper, director of US national intelligence, said at a Senate hearing this year that foreign spy agencies may be specifically targeting IoT devices. They may be using the connected technology for eavesdropping, surveillance, recruiting moles or gaining network access.

So beware, your connected coffee pot may be spilling the beans to spooks with every steaming cup.

The post The spy who hacked me: Evildoers love IoT’s weak security appeared first on ReadWrite.

View full post on ReadWrite

Go to Top
Copyright © 1992-2016, DC2NET All rights reserved