LOOK WHO'S LURKING AT YOUR FRONT DOOR
Here’s the physical security that the Wi-Fi enabled, Internet of Things Ring smart doorbell gives you:
1) automatic activation and notification on your mobile phone when people come close to your home or loiter around it, and 2) a CCTV camera and high-quality intercom to talk to whomever comes knocking, even if you’re miles away.
Here’s the physical hole it was putting in your Wi-Fi: somebody could easily pop it off your front door (it’s secured with two standard screws), flip it over, retrieve the Wi-Fi password, and Presto! own your network.
To set it up, you have to connect the Ring to your Wi-Fi router, which means that you have to give it the password.The set-up button is connected to a back plate that attaches the doorbell to the wall providing power from an AC source. After you set it up, you attach it to the house with two screws.
If thieves are more interested in intruding into your Wi-Fi network than grabbing a $200 doorbell, they can turn it over and press the setup button, which sets the doorbell’s wireless module and creates an access point that’s simple to connect to.
In sum, an attacker can gain access to a homeowner’s wireless network by unscrewing the Ring, pressing the setup button, and accessing the configuration URL, all without any visible form of tampering..
Pen Test Partners, the company that found the vulnerability, did however, hand out kudos to Ring for responding to the vulnerability alert “within a matter of minutes,” with a firmware update released to fix the issue just two weeks after it was disclosed privately.
Internet of Insecure Things?
From kettles to intruder alarms, baby monitors, and drug pumps, anything that is part of the Internet of Things needs security built in right from the start.
Excerpt from Naked Security by Sophos, LLC by Lisa Vaas
Labels:
Cybersecurity,
internet of Things,
IoT,
Pen Test Partners,
Ring,
Ring Doorbell
YOUR PAYPAL ACCOUNT IS WORTH $6.43
Online criminals are more interested in getting their hands on stolen Uber, PayPal and even Facebook accounts, than credit card numbers and other personally identifiable information.
The price of these stolen identifiers on the underground marketplace, or “the Dark Web,” shows the value of credit cards has declined in the last year, according to security firm Trend Micro.
Last week, stolen Uber account information could be found on underground marketplaces for an average of $3.78 per account, while personally identifiable information, such as Social Security Numbers or dates of birth, ranged from $1 to $3.30 on average – down from $4 per record in 2014, reported CNBC.
Furthermore, PayPal accounts – with a guaranteed balance of $500 –were found to have an average selling price of $6.43. Facebook logins sold for an average of $3.02, while Netflix credentials sold for about 76 cents.
By contrast, U.S.-issued credit card information, which is sold in bundles, was listed for no more than 22 cents each,
“It’s an incredible underground ecosystem. There is a high level of competition for these criminal buyers and there are a lot of different types of forums. It’s incredibly diverse, but incredibly mature,”Said Ed Carbera, Trend Micro’s vice president of cyber security strategy.Cyber criminals will often use stolen Uber credentials to book “ghost rides,” in which they create a fake driver account and charge nonexistent rides to stolen accounts, experts say.
Another way fraudsters leverage this information is to simply build a fuller picture of a victim for identify theft.
“They are doing their own market research or where they can find the data that’s most valuable in the criminal underground and they develop their attacks accordingly,” said Cabrera.
Meanwhile, Forrester research analyst Andras Cser adds these incidents highlight the need of these service providers to be more cognizant of sudden changes in user’s account behavior.
“If a user suddenly takes a cross country ride versus following their usual movements, that should spark an alert,” notes Cser
To address the issue of fraudulent transactions, Uber is reportedly testing its version of two-step authentication, which would require users to enter additional credentials when logging in from an unknown device.
The time has come to move away from passwords.
“Firms should be looking at behavioral biometrics solutions to authenticate users — how the user actually behaves, how they hold a phone, how big their fingers are and how hard they press the touch screen."
Labels:
Biometrics,
CNBC,
Facebook,
Forrester,
Hackers,
Netflix,
PayPal,
The Dark Web,
Trend Micro,
Uber
THE BIG DATA GRAB
What follows is an article by Joshua Kopstein, journalist at Al Jazeera America. The piece is sending a caution signal concerning the ubiquitous machine to machine connections that will track our very existence, minute by minute, second by second. You should be concerned.
Of all the attractions at Walt Disney World, none is more dogmatic
than the Carousel of Progress, a rotating stage show originally
presented at the 1964 World’s Fair in New York. The Carousel of Progress
is an animatronic history of consumer technology, as told by an unaging
American family expressing starry-eyed wonder at the ever-increasing
conveniences available to them — from modern plumbing and electricity to
television, washing machines and home automation.
The show has undergone several updates since its debut, but its techno-utopian message remains clear: No matter the era, the entirely white robot family sings, there’s always a “Great Big Beautiful Tomorrow” promising ever greater convenience and contentment — thanks, of course, to General Electric, the Carousel of Progress’ original sponsor. (The company briefly forced the creation of a much less catchy theme song for the show called “Now Is the Time” because it was worried Americans would gaze off into tomorrow instead of buying appliances today.)
Disney’s consumer fantasy proved alive and well at last week’s Consumer Electronics Show, an overwrought annual spectacle where tech executives appear on unnecessarily large stages to unveil often unnecessary products that nobody asked for. This year, companies were more determined than ever to pitch the so-called Internet of Things, the questionable (and often perilous) trend of adding Internet connectivity to every mundane household item imaginable. It’s a stupidly simple racket: Just take anything that exists (shoelaces, refrigerators, toothbrushes, toasters) put a computer chip or camera in it, connect it to the Internet and — voila! Who wants boring old things when you can have smart things?
The appropriately named Twitter account Internet of Shit highlights some of the most cringeworthy examples from the 2016 Consumer Electronics Show. Sick of having to walk over to your refrigerator and open it? Smart refrigerators now have cameras that let you see inside using your smartphone. Tired of tying your own shoelaces? Try on a pair of smart shoes that loosen and tighten themselves with the touch of an app. If you’re trying to lose weight, why manually count the notches on your belt when you can wear a Samsung smart belt that tracks the size of your waistline? The Internet of Things isn’t just for humans anymore either: Now your pets can wear their own fitness trackers and even call you at work through paw-activated two-way video monitors.
With their overhyped sales pitches, companies seem convinced that Internet-connected everything is the next chapter in the triumphant story told by Disney’s Carousel of Progress. The sad truth is the Internet of Things has thus far been an endless parade of novelty junk appealing to first world laziness and privileged overindulgence. Even the more promising smart home devices, such as Google’s Nest thermostat, differ from their disconnected counterparts mainly in their ability to be accessed with a smartphone, making them just another thing to be checked on after our social media feeds and email inboxes.
So if these products aren’t poised to improve our lives in any major or meaningful way, why are companies so intent on selling them?
There are two answers: data and control.
The show has undergone several updates since its debut, but its techno-utopian message remains clear: No matter the era, the entirely white robot family sings, there’s always a “Great Big Beautiful Tomorrow” promising ever greater convenience and contentment — thanks, of course, to General Electric, the Carousel of Progress’ original sponsor. (The company briefly forced the creation of a much less catchy theme song for the show called “Now Is the Time” because it was worried Americans would gaze off into tomorrow instead of buying appliances today.)
Disney’s consumer fantasy proved alive and well at last week’s Consumer Electronics Show, an overwrought annual spectacle where tech executives appear on unnecessarily large stages to unveil often unnecessary products that nobody asked for. This year, companies were more determined than ever to pitch the so-called Internet of Things, the questionable (and often perilous) trend of adding Internet connectivity to every mundane household item imaginable. It’s a stupidly simple racket: Just take anything that exists (shoelaces, refrigerators, toothbrushes, toasters) put a computer chip or camera in it, connect it to the Internet and — voila! Who wants boring old things when you can have smart things?
The appropriately named Twitter account Internet of Shit highlights some of the most cringeworthy examples from the 2016 Consumer Electronics Show. Sick of having to walk over to your refrigerator and open it? Smart refrigerators now have cameras that let you see inside using your smartphone. Tired of tying your own shoelaces? Try on a pair of smart shoes that loosen and tighten themselves with the touch of an app. If you’re trying to lose weight, why manually count the notches on your belt when you can wear a Samsung smart belt that tracks the size of your waistline? The Internet of Things isn’t just for humans anymore either: Now your pets can wear their own fitness trackers and even call you at work through paw-activated two-way video monitors.
With their overhyped sales pitches, companies seem convinced that Internet-connected everything is the next chapter in the triumphant story told by Disney’s Carousel of Progress. The sad truth is the Internet of Things has thus far been an endless parade of novelty junk appealing to first world laziness and privileged overindulgence. Even the more promising smart home devices, such as Google’s Nest thermostat, differ from their disconnected counterparts mainly in their ability to be accessed with a smartphone, making them just another thing to be checked on after our social media feeds and email inboxes.
So if these products aren’t poised to improve our lives in any major or meaningful way, why are companies so intent on selling them?
There are two answers: data and control.
The
Internet of Things threatens to reconfigure the entire notion of
ownership, with corporations in the center and paying customers
completely at their mercy.
Companies desperately want consumers to buy into the Internet of
Things because it will allow them to colonize an entirely new galaxy of
data. Silicon Valley and advertisers have already constructed a colossal
market around the mining and monetization of private information;
digital advertising, which depends primarily on tracking and exploiting
the personal data of Internet users, exploded to a record $27.5 billion
in revenue in the first half of 2015. Even companies that aren’t
traditionally in the data-gathering business, such as Internet service
providers, have started treating customers as quarries of data to be
harvested and sold.
Now with the Internet of Things, any business can become a technology company. And companies are salivating at the idea of consumers voluntarily putting data-gathering devices in their homes and on their bodies — whether it’s a Nest thermostat reporting when you’re away from home, a camera-equipped smart fridge tracking your food shopping habits or a smart belt informing various unknown entities how your weight loss regimen is going.
If this sounds like a big win for corporations, it’s nothing next to the unprecedented amount of control they will be able to exercise in a world of always connected objects. With old-fashioned appliances, the dynamic was pretty straightforward: You buy a toaster, and it’s yours to do with as you please. But buying a smart toaster means buying software, which can be remotely and silently altered to function differently (or stop functioning altogether) at the whim of whichever distant corporation created it.
Many early adopters have already experienced this firsthand. After a recent software update, owners of Panasonic smart TVs noticed that their pricey big screens now randomly display ads when they adjust the volume. Samsung smart TVs eavesdrop on your living room conversations by default, automatically recording your voice to a distant server unless you opt out. And smart fridge owners have already been threatened by bugs exposing their Gmail accounts and locked out of certain features for over a year as they wait for the company to issue patches (which, in a few short months, it will no longer be under any obligation to provide.)
The Internet of Things thus threatens to reconfigure the entire notion of ownership, with corporations in the center and paying customers completely at their mercy. What happens when Samsung decides it’s no longer profitable to provide security updates for your $5,000 smart fridge? How about when Apple or Google starts deactivating your TV because you’ve been put on a government blacklist, disabling your car after you miss the deadline on an insurance payment or bricking your coffee machine because it reached its end-of-life date, according to a terms of service agreement that nobody reads?
Regulating Internet of Things devices would ostensibly protect consumers and prevent the worst of these practices. But apart from the formation of an Internet of Things Caucus last year, Congress has barely given us a hint of how it intends to do so. Meanwhile, more and more connected devices are quickly entering the market, meaning the most pressing questions will likely go unanswered until people are being victimized and companies are facing precedent-setting lawsuits.
The value of any piece of consumer technology ultimately boils down to whether it empowers or disempowers us. The Internet of Things may hold promise, but right now it is uniquely and dangerously poised to do the latter — especially if we’re too quick to confuse progress with allowing companies to colonize our tools, bodies and private spaces with cheap gimmicks.
Now with the Internet of Things, any business can become a technology company. And companies are salivating at the idea of consumers voluntarily putting data-gathering devices in their homes and on their bodies — whether it’s a Nest thermostat reporting when you’re away from home, a camera-equipped smart fridge tracking your food shopping habits or a smart belt informing various unknown entities how your weight loss regimen is going.
If this sounds like a big win for corporations, it’s nothing next to the unprecedented amount of control they will be able to exercise in a world of always connected objects. With old-fashioned appliances, the dynamic was pretty straightforward: You buy a toaster, and it’s yours to do with as you please. But buying a smart toaster means buying software, which can be remotely and silently altered to function differently (or stop functioning altogether) at the whim of whichever distant corporation created it.
Many early adopters have already experienced this firsthand. After a recent software update, owners of Panasonic smart TVs noticed that their pricey big screens now randomly display ads when they adjust the volume. Samsung smart TVs eavesdrop on your living room conversations by default, automatically recording your voice to a distant server unless you opt out. And smart fridge owners have already been threatened by bugs exposing their Gmail accounts and locked out of certain features for over a year as they wait for the company to issue patches (which, in a few short months, it will no longer be under any obligation to provide.)
The Internet of Things thus threatens to reconfigure the entire notion of ownership, with corporations in the center and paying customers completely at their mercy. What happens when Samsung decides it’s no longer profitable to provide security updates for your $5,000 smart fridge? How about when Apple or Google starts deactivating your TV because you’ve been put on a government blacklist, disabling your car after you miss the deadline on an insurance payment or bricking your coffee machine because it reached its end-of-life date, according to a terms of service agreement that nobody reads?
Regulating Internet of Things devices would ostensibly protect consumers and prevent the worst of these practices. But apart from the formation of an Internet of Things Caucus last year, Congress has barely given us a hint of how it intends to do so. Meanwhile, more and more connected devices are quickly entering the market, meaning the most pressing questions will likely go unanswered until people are being victimized and companies are facing precedent-setting lawsuits.
The value of any piece of consumer technology ultimately boils down to whether it empowers or disempowers us. The Internet of Things may hold promise, but right now it is uniquely and dangerously poised to do the latter — especially if we’re too quick to confuse progress with allowing companies to colonize our tools, bodies and private spaces with cheap gimmicks.
Labels:
Al Jazeera,
Big Data,
Disney.,
internet of Things,
IoT,
Panasonic,
Samsung
IF HE'S NOT SAFE, ARE YOU ?
US Intelligence chief has his phone account hacked, calls
forwarded to Free Palestine Movement.
But not in this case.
Director of National Intelligence James R. Clapper appears to have become the latest to fall foul of hackers, after a teenage hacker called “Cracka” broke into a number of online accounts belonging to the spy chief.
Cracka told reported that the accounts accessed included Clapper’s home telephone and internet, his personal email, and his wife Susan’s Yahoo account.
Having allegedly broken into Clapper’s Verizon account, Motherboard reports that the hacker changed its settings to forward all calls to the Free Palestine Movement.
To further back up his
claims, the hacker shared with Motherboard a screenshot of what appears to be Susan Clapper’s
Verizon account, as well as a list of call logs made to James Clapper’s house.
It’s not entirely clear why Clapper
was targeted by the hackers, but it’s true to say that he became notorious in
March 2013 when he was questioned by a United States Senate Select Committee on
Intelligence hearing about whether the NSA “collected any type of data at all
on millions or hundreds of millions of Americans”.
For that reason, it’s perhaps a relief that those behind the hack were more interested in simply pranking the Director of National Intelligence rather than having something more menacing in mind.
Last October, a group calling itself “Crackas With Attitude” or “CWA” managed to break into the AOL email account of CIA Director John Brennan, and claimed to have gained access to the Comcast account of Department of Homeland Security Secretary Jeh Johnson.
At the time, Clapper was said to have been “outraged” by the hacks. No doubt he is feeling even more apoplectic now the hackers have struck closer to home.
This is an excerpt from Tripwire's "The State of Security".
Labels:
AOL,
Hacker,
Motherboard,
NSA,
Tripwire,
US Intelligence
BEWARE IoT SECURITY LAPSES
The annual gathering of all things gadget related started in Las Vegas with the opening of CES 2016 this week, but a recent study by Accenture shows consumers may shy away from many Internet of Things (IoT) devices over security fears.
The Accenture study, which was conducted between October and November 2015, with 28,000 consumers in 28 countries participating, found that 47 percent of consumers surveyed cited privacy and security concerns as a barrier to adoption of IoT products.
.
“This indicates that the consumer technology industry does not have the fundamentals in place – and the consumer trust established – to push into more personalized and sensitive areas as it searches for the next wave of innovation,” the report stated.
Accenture also found that consumers, who are aware of recent security breaches, about 66 percent of those contacted, were less likely to adopt or keep an IoT device. Of these folks, 18 percent stopped using such a product until better security could be guarantee because the risk of ownership was not worth the potential reward. An additional 24 percent reported delaying a purchase until security is improved.
Not everyone is worried. Twenty-one percent surveyed said they are not concerned about security breaches and hackers, while 37 percent did say they would be more cautious when using an IoT device.
Excerpt provided by SC Magazine
Labels:
Accenture,
CES2016. CES,
internet of Things,
IoT,
SC Magazine
Subscribe to:
Posts (Atom)