In brief: Google’s decision not to patch a security hole in versions of Android used by hundreds of millions of consumers is a bad omen for the Internet of Things and will likely push some Android users to alternative versions of the operating system.
Mobile
Have we been wrong about the Internet of Things all along?
I’m just slogging through all the articles I marked “to read” but never got around to during the relax-o-frenzy that is the holiday season. One of the better ones I’ve found comes from the Web site Techbitzz.com. On December 31, they ran a nice and succinct write up that addresses one of the most confusing nomenclature problems in the technology world today: the differences between “machine-to-machine” (or M2M) technology and the “Internet of Things” (or IoT). As the article notes, the tendency these days is to just conflate “M2M” and “IoT” – as if the latter is just a newer, cooler term for the former. But that’s not the case. In fact: the two terms refer to very different things. According to the article: “M2M can be defined in simple terms as, ‘Machines’ (can be a sensor, meter, valve etc) using network resources (can comprise of core telecom network, back-end […]
Cyber Resilience? Sony Employees Back To Faxes and Face to Face
There’s a fascinating article on TechCrunch that cites a current (anonymous) Sony Pictures Entertainment employee talking about life at the company in the wake of a crippling November 24th cyber attack that wiped out thousands of computer systems and stole terabytes of data from the company. According to the story, Sony employees have resorted to using circa 1990s fax machines to transmit documents and – horror – having face to face communications in lieu of texting, e-mail or social networking, all of which are disabled within Sony’s environment. [Read more Security Ledger coverage of the Sony Pictures hack here.] “We had barely working email and no voicemail so people talked to each other,” the source tells TechCrunch. “Some people had to send faxes. They were dragging old printers out of storage to cut checks…It was crazy.” “That is what a major corporate security breach sounds like,” TechCrunch writes. “The squeal […]
BitDefender Finds Phone to Smart Watch Communications easy to Snoop
Researchers from the security firm BitDefender have found that it is possible to snoop on wireless communications sent between smart watches and Android devices to which they are paired. The researchers, led by Liviu Arsene, captured and analyzed raw traffic between the Nexus 4 Android device running Android L Developer Preview and the Samsung Gear Live smart watch. The traffic was captured on the Android device before it was transmitted to the associated smart watch using a baseband co-processor that it standard on most Android devices. According to BitDefender, the wireless traffic is secured using a six digit PIN code. That leaves the device vulnerable to computer-enabled “brute force” attacks that can try the million possible six digit codes in short order. BitDefender noted that the problem exposed wasn’t limited to smart watches. Using baseband co-processors on Android devices to handle encryption is “not a fool-proof security mechanism,” Arsene wrote. Attackers might also be […]
Security Needs Context in IoT| SC Magazine
SC Magazine has a worthy editorial on IoT and security by John Barco, VP of product management at the firm ForgeRock on how Internet of Things (IoT) technologies requires both security and a better understanding of what Barco calls “context.” “It’s not just about protecting IoT devices but the entire ecosystem, from the customer to the partner, the web page, mobile device, mobile app, the cloud and everything else in between,” he writes. Organizations that do not grasp the complex interactions between static devices, mobile devices and (of course) the cloud risk leaving sensitive, regulated data or intellectual property at the mercy of malicious actors. Barco’s recommendations? More and better user authentication to support IoT use cases outside the firewall, and future-proofing your IoT deployment by eschewing proprietary platforms and technologies. To quote Barco: “open source gives IT a platform it can build on and customize, while open standards offer the flexibility to adapt to future […]
