A Right to Repair the Internet of Things? Spear Phishing Detection and Nonstop Attacks on DVRs

In-brief: In the latest Security Ledger podcast we talk about pending right to repair laws and their impact on the Internet of Things. Also:  Facebook’s Internet Defense Prize went to a better method for spear phishing detection. We talk to a member of the winning team. And, Johannes Ullrich of The Internet Storm Center joins us to talk about a study he did to measure the frequency of attacks on a common IoT device: digital video recorders.



With the Labor Day holiday here, Summer has unofficially ended. That means returning to a long list of items put down and marked “to do” back in May and June.


LEARN TO SECURE THE INDUSTRIAL INTERNET OF THINGS 

Trusted Computing Group has how-to and demos with Microsoft, GE, Infineon, OnBoard Security, Wibu-Systems at IoT Solutions World Congress. Get your free expo pass code 111B9B47 or discount conference pass code 526E24AF


In at least five state capitols, that list includes legislation to create a right to repair a wide range of electronic devices that have become indispensable to modern like including smart phones, automobiles and appliances. This might sound like a simple thing, but in an increasingly technology and software-driven world, an act as simple as repairing a broken something has become something of an act of defiance.

A state that’s at the top of the list is Massachusetts, which passed the nation’s only right to repair law – covering automobiles – in 2014. A bill to expand that law to cover a wider range of devices was shelved last Spring, but is expected to be heard again this Fall.

Repair shops for televisions and other appliances have largely disappeared in recent decades. A lack of after market parts and tools is one big reason says Kyle Wiens of Repair.org.

In this episode of the Security Ledger podcast, we talk with Kyle Wiens of the group Repair.org about efforts to pass right to repair legislation, why its important and about industry opposition to the legislation.

Also: McEwan University in Edmonton, Canada reported last week that it got duped out of $11.8 million dollars. The culprit: scammers who used spear phishing email messages to impersonate a local construction firm the University was working with and direct transfers from the University into a bank account controlled by the hackers.

Technically unsophisticated, spear phishing emails are one of the most potent tools in a cyber criminal’s arsenal. They’re also notoriously difficult to stop. Spear phishing emails arrive in small numbers, bypassing spam filters and are tailored to look and sound like regular correspondence, so they often trick users, as well.

But that doesn’t mean that spear phishing emails can’t be stopped. Facebook last week awarded $100,000 to a team from UC Berkeley for inventing a novel method of spotting spear phishing emails. We talk with Vern Paxson, part of that team and a Professor of Electrical Engineering and Computer Sciences about what his team developed.

And finally: the Mirai botnet taught the world that small, inconsequential devices like IP cameras and digital video recorders can command tremendous power when working collectively as part of bonnets. The cyber criminal world has taken note, and focused their attention on loosely protected, Internet connected devices. We talk with Johannes Ullrich of the SANS Internet Storm Center about research he did to measure attacks on digital video recorders. The results will shock you.

Check our full conversation in our latest Security Ledger podcast below or over at Soundcloud. You can also listen to it on iTunes.  As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.

Security Ledger wants to hear your thoughts! Leave a reply.