If the growth of the Internet of Things has been a curiosity to enterprises and the IT security industry that serves them, it won’t stay that way for long, experts warned at a gathering in San Francisco. The rapid adoption of Internet of Things (IoT) technology is poised to transform the IT industry, vastly expanding the opportunities for cyber attacks against a much wider range of targets: from implantable medical devices to manufacturing plants to automobiles, according to participants in a panel discussion on “Shaping The Internet of Things” at The Amphion Forum event in San Francisco. While media attention on The Internet of Things has focused on products like the Nest Thermostat and connected automobiles, the IoT encompasses an almost limitless population of devices – many far more mundane, said Ralph Broom a Principal Engineer at the firm Noblis, and one of three panel members. The Internet of Things, in […]
Technologies
Open Source IoT Platform Would Boost Security
Interoperability (or the lack of it) stands out as one of the major obstacles to the expansion of the Internet of Things. As we’ve discussed on this blog, the lack of a common platform for Internet-enabled devices to communicate on has resulted in a balkanized IoT landscape. Nest’s smart thermometer and smoke detector communicate and share information famously, but if you want to link them with some smart appliance from GE or LG, you’re out of luck. But that may soon be changing. On Tuesday, The Linux Foundation announced a new, cross industry consortium of major IT infrastructure makers, software vendors and electronics firms. The AllSeen Alliance is tasked with developing a common, open source platform that allows hardware and software firms to unite their creations, regardless of their brand – and provide basic security features, to boot. The Alliance counts electronics giants like Panasonic, Qualcomm, LG and Sharp as […]
Obama Administration: Speak Up On Trusted ID Plans!
The Obama Administration is throwing its weight behind two federal efforts to increase the use of so-called “trusted identities” online as a way to combat consumer fraud and threats to critical infrastructure. Writing on the White House blog on Monday, Michael Daniel, the Obama Administration’s cyber security coordinator said that the current system for managing online identities (user IDs and passwords) is “hopelessly broken,” and that the stakes are getting ever higher for breaches. “While today it might be a social media website, tomorrow it could be your bank, health services providers, or even public utilities,” he wrote. Daniel said two federal initiatives aim to tip the scales in the direction of stronger and more secure online identities, but that more public engagement is needed to ensure that what is produced by those projects gets adopted. Specifically: Daniel highlighted two NIST-led efforts: the National Strategy for Trusted Identities in Cyberspace (NSTIC), […]
FTC Settles With Flashlight App Maker Over Geotracking
The Federal Trade Commission (FTC) announced on Thursday that it settled with the maker of a popular Android mobile flashlight application over charges that the company used deceptive advertising to collect location and device information from Android owners. The FTC announced the settlement with Goldenshores Technologies, LLC of Moscow, Indiana, makers of the “Brightest Flashlight Free” Android application, saying that the company failed to disclose wanton harvesting and sharing of customers’ location and mobile device identity with third parties. Brightest Flashlight Free is a top download from Google Play, the main Android marketplace. Statistics from the site indicate that it has been downloaded more than one million times with an overall rating of 4.8 out of 5 stars. The application, which is available for free, displays mobile advertisements on the devices that it is installed on. However, the device also harvested a wide range of data from Android phones which […]
Two Million Passwords Stolen From Facebook, Twitter, ADP
The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]
