mobile software management

BLU smart phone

BLU settles with FTC over unauthorized transmission of personal customer data to China

Florida-based mobile device maker BLU has settled with the Federal Trade Commission (FTC) over charges it allowed a Chinese partner to collect detailed personal customer information from some of its devices without authorization or consent.

Updated: A New Lobbying Group is fighting Right to Repair Laws

Consumer advocates and proponents of right to repair laws in 17 states have a new enemy to worry about. The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers.*

Hacked Nukes

Episode 79: Hackable Nukes and Dissecting Naughty Toys

Podcast: Play in new window | Download (Duration: 35:43 — 40.9MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s Security Ledger Podcast episode, the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration. We talk with Eddie Habbibi of PAS Global about what can be done to secure hackable nukes. Also: with CES raging in Las Vegas last week, we go deep with security researcher Jay Harris on flaws in connected toys being sold to children.

BLU smart phone

Experts Propose Standard for IoT Firmware Updates

Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded devices like Internet connected webcams. Filed on October 30, the “IoT Firmware Update Architecture,” establishes security requirements for device makers to implement when designing firmware update mechanisms for connected devices. A familiar list of features The proposed rules include features that have long been recommended by security experts to permit safe handling of software updates. Among them the use of cryptographically signed updates and public key cryptography to provide end-to-end security and verify firmware images, as well as the ability to work with low-power and resource constrained IoT devices. Firmware has been the source of widespread security issues. For example, low-cost […]

IoT’s Cloud Risk on Display with Flaws in Fuze Collaboration Platform

In-brief: Rapid7 said it found a number of flaws that leaked data on users of collaboration technology by Fuze. In an increasingly common finding: poorly secured cloud resources, not the handsets, were the problem.