In-brief: The CEO of a company offering a $1 million bounty for a working exploit of Apple’s iOS operating system said two teams are closing in on the prize. The offer – for up to three iOS exploits – runs through October 31st.
iOS
Shadowy IT: Mobile Gambling Apps Pose Security Risks in Enterprise
In-brief: Mobile gambling applications are becoming common in enterprise mobile environments, posing a risk to enterprise security and the security of enterprise data, the security firm Veracode reports.
IoT Hackers: The FTC Wants You!
In-brief: The Federal Trade Commission announced this week that it is creating a new Office of Technology Research and Investigation to expand the FTC’s research into areas such as privacy, data security, connected cars, smart homes, algorithmic transparency, emerging payment methods, big data, and the Internet of Things.
Android in the Coal Mine: Open Source, Patching and Internet of Things
In brief: Google’s decision not to patch a security hole in versions of Android used by hundreds of millions of consumers is a bad omen for the Internet of Things and will likely push some Android users to alternative versions of the operating system.
Infographic: Possible Attacks on The Internet of Things
The folks over at Trend Micro have put together a nice infographic that reminds us that all those smart devices connected to the Internet communicate through some well worn channels, namely: standard communications protocols like Wi-Fi, Ethernet and Bluetooth that connect devices to each other and the global Internet, as well as HTTP that are used to transmit data to and from cloud based resources like management interfaces. Of course those standard protocols also leave IoT devices vulnerable to a wide range of commodity attacks: from brute force password cracking on web based management consoles to Man in the Middle attacks that can sniff out authentication credentials and hijack sessions. Trend’s infographic does a good job of depicting the various layers in the IoT stack and some of the likely attack vectors for each layer. It also gives advice on how to protect yourself (use encryption, patch software vulnerabilities, disable unused ports). Nothing ground breaking […]
