Post Tagged with: "privacy"

Vint Cerf: CS Changes Needed To Address IoT Security, Privacy

April 2, 2014 16:140 comments
Cerf said that the advent of the Internet of Things poses a real challenge to the field of computer science. Namely: how to secure IoT devices. (Photo courtesy of Google.)

The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google’s Internet Evangelist. Cerf, speaking in a public Google Hangout on Wednesday, said that he’s tremendously excited about the possibilities of an Internet of billions of connected objects, but said that securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – and one that the nation’s universities need to start addressing. “I’m very excited,” Cerf said, in response to a question from host Leo Laporte. He cited the Philips HUE lightbulb as an example of a cool IoT application. “So you’re going to be able to manage quite a wide range of appliances at home , at work and in your car. Eventually, that will include things you’re […]

Read more ›

Web to Wheels: Tesla Password Insecurity Exposes Cars, Drivers

March 31, 2014 15:430 comments
Web to Wheels: Tesla Password Insecurity Exposes Cars, Drivers

We’ve interviewed security researcher Nitesh Dhanjani before. In the last year, he’s done some eye-opening investigations into consumer products like the Philips HUE smart lightbulbs. We did a podcast with Nitesh in December where we talked more generally about security and the Internet of Things. Now Dhanjani is in the news again with research on one of the most high-profile connected devices in the world: Tesla’s super-smart electric cars. In a presentation at Black Hat Asia on Friday, he  released findings of some research on the Tesla Model S that suggests the cars have a weakness common to many Web based applications: a weak authentication scheme. (A PDF version of the report is here.) Specifically: Tesla’s sophisticated cars rely on a decidedly unsophisticated security scheme: a six-character PIN. Dhanjani’s research discovered a variety of potentially exploitable holes that would give even an unsophisticated attacker a good chance at breaking into […]

Read more ›

Analysis Finds Blurry Lines Between Rovio, Advertisers

March 28, 2014 15:520 comments
Analysis Finds Blurry Lines Between Rovio, Advertisers

Rovio, the maker of the massively popular Angry Birds, makes no secret about collecting personal data from those who download and play its games. But an analysis from the advanced threat detection firm FireEye is helping to expose the extend of data harvesting, and also to sketch out the blurry line that separates Rovio and third-party advertising networks it contracts with. In a blog post on Thursday, FireEye analysts Jimmy Suo and Tao Wei described the findings of an investigation into the interaction between Rovio’s mobile applications, including the latest version of Angry Birds, and third party ad networks such as Jumptap and Millenial Media. Using FireEye’s Mobile Threat Prevention (MTP), the two gathered and analyzed network packet capture (PCap) information and analyzed the workings of Angry Birds and its communications with third-party ad networks. The two were able to reveal a multi-stage information sharing operation, tracking code paths from the reverse-engineered […]

Read more ›

Internet of Things and the Enterprise (InfoGraphic)

March 18, 2014 16:420 comments
Internet of Things and the Enterprise (InfoGraphic)

I’m a big fan of infographics – at least when they’re well done and present insightful facts. That’s why I’m always on the lookout for good ones – especially when the subject is The Internet of Things. So I was interested to come across the latest contribution from IoT firm Xively (part of the company LogMeIn), which pulls together some factoids on IoT’s potential in the enterprise. Among the interesting statistics gussied up in this one: an Economist Intelligence Unit data point saying that 95 % of C-level executives expect their company to be using the Internet of Things in three years time, while 74% of them predicting that it will play a ‘major role’ in their business in that time. That’s kind of astounding when you consider it: executives saying ‘Here is this new kind of technology that we barely use now. But in three years, it will be […]

Read more ›

Mobile Metadata, Google Dorking Expose Your Secret Life

March 13, 2014 12:230 comments
Mobile Metadata, Google Dorking Expose Your Secret Life

A study of more than 500 mobile phone owners by researchers at Stanford University suggests that call records and other “metadata” stored on our phones can easily be used to infer a wealth of sensitive information about phone owners – laying bare details of private lives that many would prefer to keep hidden. The findings of the study were outlined in a blog post by researcher Patrick Mutchler on Wednesday. Researchers concluded that the data collected from the phones was very accurate in painting a picture of the phone’s owner, including their work, social interests and medical conditions. That was true even across a small sample population monitored for just a few weeks. In the study, researchers placed an application, MetaPhone, on Android smartphones belonging to 546 participants and collected a wide range of information including device logs, social network information and call records for analysis. In all, researchers collected calls […]

Read more ›

RSA Perspective: Outrage With A Side Of Salsa

March 7, 2014 14:280 comments
RSA Perspective: Outrage With A Side Of Salsa

Let the record show that one of the most dramatic expressions of discontent over rampant government surveillance of U.S. citizens and private companies during last week’s RSA Conference in San Francisco went down at a taco joint. As the world’s cyber security elite gathered in San Francisco’s Moscone Center for the RSA Security Conference, a group of privacy and online rights activists that go by the name “Vegas 2.0” used donated funds to rent out Chevy’s, a popular Mexican food restaurant located next to the exhibit halls and frequented by conference goers. As reported by ZDNet’s Violet Blue, paying RSA attendees and speakers – identifiable by red badges – were refused entry to Chevy’s and handed flyers explaining the protestors’ grievances against the Conference’s parent company, RSA Security, which is alleged to have colluded with the NSA to weaken encryption standards in its products. Among those reported to have been […]

Read more ›

Repo Scan: License Plate Readers Fuel Private Surveillance Industry

March 6, 2014 18:490 comments
Repo Scan: License Plate Readers Fuel Private Surveillance Industry

The privacy issues surrounding the use of license plate scanners isn’t exactly a new story. After all, none other than the ACLU published a report on the topic last year. The title of that report: “You Are Being Tracked” left little to the imagination.   But The Boston Globe presents a troubling picture of how far and fast license plate scanning has come, and how the combination of super-efficient scanning with cloud based applications and Big Data analytics are empowering private companies to surveil law abiding citizens across much of the country. OnTuesday, reporter Shawn Musgrave reported on the phenomenon of automobile repossession firms in Massachusetts using powerful, car-mounted license plate readers to troll mall parking lots and commuter stations for cars whose owners are behind in their payments. The cameras scan the plates of all vehicles that they pass – delinquent or not – and send the images to […]

Read more ›

SOHOwned: 300K Home Routers Hacked

March 4, 2014 11:270 comments
SOHOwned: 300K Home Routers Hacked

A string of reports in recent weeks has focused a spotlight on rising attacks against an often-overlooked piece of equipment that can be found in almost every home and business: the wireless router. Just this week, the security firm Team Cymru published a report (PDF) describing what it claims is a widespread compromise of small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. Cymru claims to have identified over 300,000 SOHO devices (mostly in Asia and Europe) that were compromised. According to the report, the compromises first came to light in January, after Team Cymru analysts noticed a pattern of SOHO routers with overwritten DNS settings in central Europe. The affected devices are from a range of manufacturers, including well-known brands like D-Link, Micronet, Tenda and TP-Link. The devices were vulnerable to a number of attacks, including authentication bypass and cross-site […]

Read more ›

Update – Virtual Vandalism: Firm Warns Of Connected Home Security Holes

February 18, 2014 11:351 comment
Update – Virtual Vandalism: Firm Warns Of Connected Home Security Holes

[This story was updated to include response from Belkin describing its response to the vulnerabilities identified by IOActive, including firmware updates. - PFR Feb 19, 2014] A researcher with the respected security firm IOActive says that he has found a number of serious security holes in home automation products from the firm Belkin that could allow remote attackers to use Belkin’s WeMo devices to virtually vandalize connected homes or as a stepping stone to other computers connected on a home network. In a statement released on Tuesday, IOActive researcher Mike Davis said that his research into Belkin’s WeMo technology found the “devices expose users to several potentially costly threats, from home fires with possible tragic consequences down to the simple waste of electricity.” IOActive provided information on Davis’s research to the US Computer Emergency Readiness Team (CERT), which issued an advisory on the WeMo issues on Tuesday.  Belkin did not […]

Read more ›

Snowden RSA Controversy Just One Of Many Facing Security Industry

February 17, 2014 12:25Comments Off
The RSA Conference is facing criticism over actions of parent company RSA Security. But the controversy will do little to lessen the importance of the show, says Mark Stanislav, security evangelist at DUO Security.

In a little more than a week, executives from world’s leading technology firms will gather in San Francisco for the RSA Conference, the cyber security industry’s biggest show in North America. No hacker con, RSA is something akin to corporate speed dating for companies in the security industry. But, like so much else in the technology world, this year’s conference has become mired in controversy stemming from Edward Snowden’s leak of classified documents related to government surveillance. In December, Reuters broke the story that, among the documents leaked by Snowden was evidence that RSA, the security division of EMC and parent company to the conference, accepted a $10m payment from the NSA to implement what turned out to be a vulnerable encryption algorithm as the default option for its BSafe endpoint protection product. RSA, the security division of EMC, has denied the allegations that it accepted the money while knowing that […]

Read more ›

Security Ledger Uses: