mobile software management

We talk with PAS Global about a Chatham House report on the hacking risk to nuclear weapons.

Episode 79: Hackable Nukes and Dissecting Naughty Toys

Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s Security Ledger Podcast episode, the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration. We talk with Eddie Habbibi of PAS Global about what can be done to secure hackable nukes. Also: with CES raging in Las Vegas last week, we go deep with security researcher Jay Harris on flaws in connected toys being sold to children.

Firmware used by BLU smart phones was observed transmitting sensitive data to a firm in China.

Experts Propose Standard for IoT Firmware Updates

Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded devices like Internet connected webcams. Filed on October 30, the “IoT Firmware Update Architecture,” establishes security requirements for device makers to implement when designing firmware update mechanisms for connected devices. A familiar list of features The proposed rules include features that have long been recommended by security experts to permit safe handling of software updates. Among them the use of cryptographically signed updates and public key cryptography to provide end-to-end security and verify firmware images, as well as the ability to work with low-power and resource constrained IoT devices. Firmware has been the source of widespread security issues. For example, low-cost […]

the U.S. Justice Department has formed a threat analysis team to study potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools.

Podcast – Smart Vehicle Security: A Report from the Lab

In-brief: In this Security Ledger podcast, Paul speaks with Sameer Dixit of Spirent Security Labs, a leading tester of connected (“smart”) vehicles. Truly secure, connected vehicles may be years away, he says. In the meantime, security flaws and poorly implemented features are a major issue, Dixit says, with many car companies still preferring bolt on security fixes over secure design.