A non-profit group that represents prominent computer security researchers has issued an open letter to the automotive industry calling for more collaboration on cyber security issues. The group, I Am The Cavalry said the automotive industry needs to elevate cyber security to put it on par with other vehicle safety issues. The announcement, on Friday at DEF CON 22 in Las Vegas – an annual hacker conference – included a letter to CEOs in the automotive industry, calling for the adoption of “five key capabilities that create a baseline for safety relating to the computer systems in cars.” The letter asks for safety to be built into the design of computer systems in vehicles. “Increasing reliance on computer systems and internet connectivity in cars is opening up a whole new area of consumer risk, much of which is still being investigated and understood,” the group said. “Modern cars are computers […]
Mobile
Vulnerable Mobile Software Management Tool Reaches Into IoT
You could be forgiven for never having heard of Red Bend Software. The company is small – just 250 employees- and privately held. Red Bend’s headquarters is a suite of offices in a nondescript office park in Waltham, Massachusetts, just off Route 128 – America’s “Silicon Highway.” But the company’s small profile belies a big footprint in the world of mobile devices. Since 2005, more than 2 billion devices running the company’s mobile management software have been sold worldwide. Today, the Red Bend is believed to control between 70 and 90 percent of the market for mobile software management (MSM) technology, which carriers use to service mobile devices. The software enables mobile carriers to do critical tasks, including firmware-over-the-air (FOTA) software updates, mobile device configuration and other on-device changes. Red Bend counts many of the world’s leading companies in the mobile, enterprise and manufacturing sectors as clients, including Intel, Qualcomm, Samsung, Sharp, LG, Sony, Huawei, China Mobile and Lenovo. For the most part, Red […]
Report: CIA Fears the Internet of Things | Nextgov.com
A story by Patrick Tucker over at Nextgov.com picks up on some comments from Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology regarding the agency’s thinking about the Internet of Things. Meyerriecks was speaking at The Aspen Institute’s Security Forum on Thursday of last week in a panel on “The Future of Warfare.” Speaking about the topic of cyber warfare, she said that current debates about the shape of cyber war don’t address the “looming geo-security threats posed by the Internet of Things.” Meyerriecks cited the now-debunked Proofpoint report about smart refrigerators being used in spam and distributed denial of service attacks.” She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.” Those might be some sensational (and dubious) examples, but Meyerriecks main point was more pedestrian: that we’re on the cusp of disruptive […]
Old Apache Code at Root of Android FakeID Mess
A four year-old vulnerability in an open source component that is a critical part of Google’s Android mobile operating system could leave mobile devices that use it susceptible to attack, according to researchers at the firm Bluebox Security. The vulnerability was disclosed on Tuesday. It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was introduced to Android by way of the open source Apache Harmony module. It affects Android’s verification of digital signatures that are used to vouch for the identity of mobile applications, according to Jeff Forristal, Bluebox’s CTO. He will be presenting details about the FakeID vulnerability at the Black Hat Briefings security conference in Las Vegas next week.
ARM Eyes Role as Supplier to the Internet of Things
Writing for Fortune this week, Katherine Noyes has an interesting piece that looks at how ARM is looking to parlay its success in the mobile phone market into a dominant role as a supplier for the Internet of Things (IoT). “There’s a real opportunity here,” Noyes quotes Ian Ferguson, ARM’s vice president of segment marketing saying. AMD licenses designs to silicon makers like Qualcomm and AMD. Already, some of those designs are showing up in IoT products like fitness bands. That could expand – and mobile phones are the management interface for many IoT products, which also stokes ARM’s business. But the company thinks the real opportunity lies in commercial technology for verticals like infrastructure (smart cities), manufacturing and oil and gas exploration. “You’ve got highly valued assets, so preventative mechanical services can help improve efficiency by detecting problems before they break down,” Ferguson said. ARM acquired Sensinode Oy in August, 2013. Sensinode pioneered software and […]
