Category Archives: Internet of Things

Podcast Episode 93: Talking GDPR with Cisco’s Chief Privacy Officer and RSA 2018 Recap

This episode of The Security Ledger Podcast (#93) was sponsored by Keysight Technologies, a leading technology company that helps enterprises, service providers, and governments accelerate innovation to connect and secure the world. Check them out at Keysight.com. In this episode: with the May 25th go-live date of the EU General Data Privacy...

Read the whole entry... »

Related Stories

Industrial customers and partners bet on Microsoft, from cloud to edge devices

Innovations showcasing Industrial IoT, AI, cobotics, digital twins and mixed reality will be on display at Microsoft’s booth at the annual Hannover Messe industrial fair.

This week at the world’s largest industrial fair, I am honored to once again host nearly 30 customers and partners in Microsoft’s booth at the Digital Factory Hall at Hannover Messe. The progress manufacturers have made this past year is tremendous. Smart factories have already seen an average of 17 to 20 percent increased overall productivity. They have created higher-quality products at lower costs. They are building entirely new business models and service offerings.  But our customers’ aspirations are bigger and bolder. For example, by the year 2050, the demand for food is expected to outpace production by more than 70 percent. Agricultural stability is being threatened by receding levels of fresh water, decreasing availability of arable land and global warming, causing issues like toxins in our food supply. The workforce will continue to modernize and shift.

The next step is to use our Internet of Things (IoT)-enabled levels of intelligence to optimize the entire manufacturing process and solve for these challenges. There are three distinct themes that stand out at this year’s event:

Increased productivity and safety

What we have built with customers is driving tangible results. Today’s new data-driven manufacturing capabilities are not only lowering costs and reducing waste, but they are also keeping people safer and mitigating our impact on the planet. For example, Swiss technology firm Bühler AG, a leader in food processing systems, has worked closely with Microsoft to develop LumoVision, a revolutionary optical sorting system that not only significantly improves current food cleaning practices, but can eliminate nearly 90 percent of contaminated grain compared to 50 percent for conventional sorting machines. Empowered by the Microsoft cloud and IoT technology, this solution builds on Bühler’s advanced process expertise, and as a result, LumoVision is faster and more precise than other grain-sorting technologies.

Photo shows man demonstrating how a machine taller than he is works
Bühler’s LumoVision food processing machine

We will also demonstrate how Microsoft HoloLens has become an invaluable tool in taking digital twin technology to the next level. Thanks to the explosive expansion of Industrial IoT, digital twins have become cost-effective to implement and are helping companies head off problems before they even occur. Our customers are using digital twins to prevent downtime, improve equipment performance, develop new service opportunities and even plan for the future by generating simulations and visualizing their processes in mixed reality. For instance, Schneider Electric, whose industrial software business has recently combined with AVEVA, is leading the evolution of what the industry refers to as a “process digital twin.” Schneider and AVEVA are leveraging HoloLens to optimize ItalPresse’s entire manufacturing process by creating virtual prototypes even before a plant or manufacturing asset is built, which can provide significant cost and efficiency savings. Schneider will also showcase its recently announced traceability tool for the food and beverage industry, combining its knowledge of the food and beverage industry with Microsoft’s expertise in blockchain, given the growing complexities with tracing food products.

Additionally, one of our leading robotics automation partners, ICONICS, will demonstrate how a technician wearing a HoloLens can work alongside a factory robot while receiving instructions and key factory performance indicators displayed over his field of vision via HoloLens.

Increased monetization

Microsoft’s customers and partners are creating new value chains and services that simply did not exist five years ago. Tech innovations have allowed them to establish digital SWOT (strengths, weaknesses, opportunities and threats) teams, open new “one-size-fits-one” plants, and monetize things like predictive maintenance, 3D modeling and smart operations. For example, just last week thyssenkrupp announced it is expanding MAX, the company’s IoT-based predictive service solution for elevators, to Latin America. thyssenkrupp is confident that MAX can reduce elevator downtime by up to 50 percent, making its predictive models second to none in the global elevator industry.

ABB, a global leader in industrial technology, is leveraging Microsoft’s Azure cloud technologies for its ABB AbilityTM platform, one of the largest Industrial IoT platforms in the industry. ABB will showcase its ABB Ability Ellipse TM platform. Leveraging AI from Microsoft, it can empower organizations to optimize Enterprise Asset Management and automatically detect anomalies to minimize maintenance costs across its customers’ install base.

Bayer’s Environmental Science Business Unit is digitally transforming a decades-old pest control practice for trapping rodents with a smarter digital mousetrap that provides remote monitoring built on top of the Azure IoT platform. The solution collects information from sensors installed within each trap and immediately alerts pest management professionals when rodents are present, so they can head off infestations and increase the effectiveness of pest control programs.

Photo shows someone holding a silver box marked "interior rodent sensor" in one hand and a smart phone in the other
Bayer’s connected pest-management system

Increased collaboration

By 2020, IDC predicts that 60 percent of plant floor workers will work alongside assistance technologies that enable automation, such as robotics, 3D printing, AI and mixed reality. Several leading manufacturing and robotics companies have already created new and evolved “lean” processes that leverage these capabilities to help service technicians optimize tasks and lower waste and inefficiencies, while providing better customer service. For example, Toyota Material Handling Europe is planning its 10-year vision for the factory of the future by evolving its traditional lean processes. Its goal is to find more efficient ways to distribute intelligent logic across the factory and its robotic systems. Using AI capabilities like Microsoft AirSim and mixed reality, the company can train autonomous pallet drones to recognize patterns, automate processes and learn the flow on the plant floor safely alongside humans. This innovative solution would drastically reduce disruptions to warehouse operations, one of the key roadblocks to deploying autonomous systems. Toyota Material Handling Europe has also worked with Microsoft to develop T-Stream, a brand new, all-in-one solution. Built on Microsoft’s Azure cloud, it runs on Windows and utilizes Bing Maps and GPS systems to provide technicians with improved, proactive services that can carry out maintenance for customers before breakdowns occur.

Photo of a sleek blue drone with arms similar to that of a fork lift, and two people working at a conveyor belt in the background
Toyota Material Handling Europe’s smart pallet drone

Investing in Industrial IoT

As we partner with our manufacturing customers to empower their digital transformations, we continue to invest specifically in security and Industrial IoT innovations that meet their needs, where they need them most. This year we have a new set of robust Azure IoT features we will demonstrate at our booth, including:

  • Automatic Discovery Service for Connected Factory: We’ve simplified how manufacturers can onboard and secure industrial assets, which significantly reduces administration costs. It also includes an OPC (Open Platform Communications) UA (Unified Architecture) Global Discovery Server (GDS) interface for compatibility with existing clients and servers.
  • Azure IoT Hub and Device Management on Azure Stack: We are bringing Azure IoT Hub to Azure Stack, empowering customers and partners to build Industrial IoT solutions which run entirely on-premises or off, as well as collect and analyze near real-time data within their facility.
  • Azure Sphere: We’ve made an even stronger commitment to securing ‘edge’ devices by announcing a preview of Azure Sphere, the first holistic platform to provide industrial-grade security for connected microcontroller units (MCU) devices, 9 billion of which are expected to ship this year in machines ranging from home appliances to industrial equipment in factories.
  • Azure Time Series Insights: In response to manufacturers’ requests, Microsoft is planning a new update to Times Series Insights (TSI), a service that that adds massively scalable storage and data archiving capabilities and reduces storage costs.

Why customers and partners bet on Microsoft

Our cloud platform is now available in more than 42 regions across the globe and meets a broad set of international standards and compliance, including European Union General Data Protection Regulation (GDPR) and intellectual property (IP) requirements, which are critical as the May 25 GDPR deadline looms. Additionally, we have one of the largest, if not the largest, partner ecosystems co-selling solutions with us at Hannover Messe. Partners are not only an important part of a complex Industrial IoT ecosystem, they are critical to how we do business. Today, Siemens announced its IoT ecosystem Mindsphere is now available on the Microsoft Azure cloud platform, giving our joint customers the ability to make their IoT applications available on our cloud. More than 90 percent of our revenues come through our 8,500 trusted partners across the globe. Every major Industrial IoT provider, including ABB, Accenture/Avanade, COPA-DATA, EY, GE, ICONICS, Kapsch, OSIsoft, PTC, Rockwell Automation and Schneider Electric, have joined forces with Microsoft to integrate and offer their manufacturing services and solutions on top of our global Azure cloud.

There are many more reasons the industry is choosing to partner with Microsoft, but I invite you to come see the innovations first-hand in our booth in the Digital Factory: Hall 7, Stand C40 this week in Hannover.

Visit the the Digital Difference site for more information about Microsoft and its customers’ and partners’ presence at Hannover Messe 2018.

 

 

The post Industrial customers and partners bet on Microsoft, from cloud to edge devices appeared first on The Official Microsoft Blog.

ICO Analysis: HighIoT

Fifth generation networks are just around the corner, and guess what? They’re all using IoT (Internet Of Things) as their basis. IoT, which started as a conceptual form for the networks of the future, is now more alive than ever and that is only the beginning. Future applications, blockchain-powered or not, are going to be […]

The post ICO Analysis: HighIoT appeared first on Hacked: Hacking Finance.

Why IOTA Belongs On Your Focus List

For the serious student of cryptocurrencies, IOTA is a name most likely you know well. However since only about 8% of Americans own any crypto, and then 80% of those folks own bitcoin, it’s time to get to know your neighbors.   Ok, let’s start with a trick question.  Over the next 10-20 years, which […]

The post Why IOTA Belongs On Your Focus List appeared first on Hacked: Hacking Finance.

Microsoft, Facebook and other tech giants join forces on cybersecurity

In light of increased and more sophisticated threats in the cybersecurity landscape, tech giants have vowed to get more serious about protecting their customers by working together through a new Cybersecurity Tech Accord. Thirty-four companies—including Microsoft, Oracle, HP, Facebook, Cisco, Nokia TrendMicro and others—have signed on to the...

Read the whole entry... »

Related Stories

Partners make industrial IoT factories more capable than ever at Hannover Messe 2018

Next Monday, Microsoft will once again have a major presence at the Digital Factory Hall at Hannover Messe, the world’s largest annual manufacturing exhibition in Hannover, Germany. As we started planning, it struck me that the reason our booth is one of the largest in the Digital Factory Hall is because our most important manufacturing partners will join us and our customers to showcase innovations that are transforming decades-old businesses and opening doors to revenue streams, new business models and service offerings that didn’t exist five years ago.

Partners are not only an important part of a complex Industrial Internet of Things (IIoT) ecosystem, they are critical to how we do business. More than 90 percent of our revenues come through our trusted partners. Every major IIoT provider, including ABB, Accenture/Avanade, COPA-DATA, EY, GE, ICONICS, Kapsch, GE, OSIsoft, PTC, Rockwell Automation, Schneider Electric and Siemens are joining forces with Microsoft to integrate and offer their manufacturing services and solutions on top of our global Azure cloud. Among the reasons partners choose to run IIoT services on Microsoft’s cloud are its scale — more than 42 regions across the globe — and the investments we’ve made in supporting open-source software and compatibility, which take our support of OPC UA standards to the next level, as well as our commitment to security and trust. Our cloud meets a broad set of international standards, compliance and IP requirements so partners don’t have to build their own cloud infrastructure.

For example, ABB has placed a tremendous bet on our Azure cloud. Its intelligent factory in Heidelberg, Germany, has integrated artificial intelligence (AI) and IIoT technology into its robots to self-learn and self-correct. For instance, the various stations in the factory can autonomously adjust their actions as the cameras visually compare each component. If something is off, it will trigger a response and self-correct the process. As a result, ABB can produce three times as many products and handle more than 8,000 variants of product components.

Outlined below are three key IIoT priorities we will drive with partners over the coming months.

Helping partners secure the factory of the future

By 2021, edge computing is expected to be an $80 billion market, presenting tremendous opportunities for partners to build innovative solutions for intelligent transportation networks, integrated energy systems and, on display this week: even smarter factories. The importance of building holistic security solutions that can handle the complexity of IoT systems — from cloud to edge — cannot be understated. Earlier this week at the RSA security conference, we announced a preview of Azure Sphere, the first holistic platform to provide industrial-grade security for connected microcontroller (MCU) devices, 9 billion of which will ship this year in devices ranging from home appliances to industrial equipment in factories.

We’ve made strong progress as an industry securing IoT devices, but as an industry we can do more as they only represent a small fraction of the 20 billion devices expected to be connected by 2020.

Investing in partners

Earlier this month, Microsoft committed to investing $5 billion in IoT over the next four years. While the investments will be used for IoT and edge computing research and development, they will also be used to expand our partners’ efforts. With our IoT platform spanning cloud, OS and devices, we are uniquely positioned to simplify the IoT journey so any customer regardless of size, technical expertise, budget, industry or other factors can create trusted, connected solutions.

Driving down IIoT costs for partners

Manufacturers already rely on the Azure IoT Hub for connecting billions of IoT devices and powering production IoT solutions across factories and industrial plants. Our goal is to drive down the cost of IIoT for the entire industry as partners continue to build and develop IIoT solutions. With Azure IoT Edge as the foundation between cloud and edge, partners can build higher up the value chain. Eventually, partners will develop an entire ecosystem of edge offerings ranging from simple services to sophisticated solutions for customers around the globe.

Leading in the intelligent edge for partners

Manufacturers want the freedom to deploy their Industrial IoT solutions where they want, whether in the cloud, on-premesis or a hybrid of both. Microsoft is leading the industry by providing the most comprehensive and open on-premesis and hybrid support for Industrial IoT solutions. We have introduced the most open edge platform in the industry with Azure IoT Edge. It enables any customer workload to be deployed, activated and monitored using Docker containers, which creates open portability not present in other edge platforms. We’re thrilled to announce that Azure IoT Edge will be open source as well. Finally, we are taking on-premesis Industrial IoT solutions to a new level by bringing Azure IoT Hub to Azure Stack. This is currently in development, and we will have future announcements on preview and general availability timing.

Come see our partners if you’re in Germany

Check back on Monday, April 23, when I share our Azure IoT announcements that we’ll demonstrate with 20 partners in the Microsoft booth in the Digital Factory, Hall 7, booth C40. Innovations spanning AI, IoT, machine learning and mixed reality will all be on display, showcasing how cloud technology has become mainstream in factories and industrial equipment has become predictive, self-adjusting and self-healing.

 

 

The post Partners make industrial IoT factories more capable than ever at Hannover Messe 2018 appeared first on The Official Microsoft Blog.

Casino’s High-roller Database Compromised by a Single IoT Thermometer

It’s no secret that IoT devices have caused some issues with security in the past. They’ve been used by cybercriminals to topple networks and hack into homes. Oh, and now breach casinos. You heard correctly – a vulnerable IoT thermometer, which was being used to monitor the water of an aquarium in a casino’s lobby, actually opened up the organization’s network to cyberattack.

So, how exactly did a singular IoT thermometer breach an entire organization? The vulnerable device created an opening into the casino’s network for cybercriminals to enter, resulting in the crooks obtaining information about the casino’s high-roller database. Unfortunately, it has yet to be determined what kind of information has been taken from this database.

This incident reminds us that IoT security continues to be a persistent problem that’s showing no signs of slowing. Therefore, it’s important owners of connected gadgets do their part in ensuring their devices don’t expose larger networks of any kind. You can start implementing proactive IoT security by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away.If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Secure your home’s internet at the source. Just like the thermometer must connect to the casino’s larger internet network, smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Casino’s High-roller Database Compromised by a Single IoT Thermometer appeared first on McAfee Blogs.

Microsoft built its own custom Linux OS to secure IoT devices

Finally, it's happening. Microsoft has built its own custom Linux kernel to power "Azure Sphere," a newly launched technology that aims to better secure billions of "Internet of things" devices by combining the custom Linux kernel with new chip design, and its cloud security service. Project Azure Sphere focuses on protecting microcontroller-based IoT devices, including smart appliances,

Real-time detection of consumer IoT devices participating in DDoS attacks

Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of that equation can be relatively easily solved. As IoT traffic is often distinct from that of other Internet connected devices and as machine learning has proved promising for identifying malicious Internet traffic, they decided to use these facts to … More

The post Real-time detection of consumer IoT devices participating in DDoS attacks appeared first on Help Net Security.

Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer

Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each and every device on their network, giving cybercriminals hold on their network hostage with just

Attackers exfiltrated a casino’s high-roller list through a connected fish tank

Nicole Eagan, the CEO of cybersecurity company Darktrace, revealed that is company investigated that hack of an unnamed casino that was breached via a thermometer in a lobby fish tank.

Internet of things devices are enlarging our attack surface, smart devices are increasingly targeted by hackers in the wild.

The case we are going to discuss demonstrate it, Nicole Eagan, the CEO of cybersecurity company Darktrace, revealed that is company investigated that hack of an unnamed casino that was breached via a thermometer in a lobby aquarium.

“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.” Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday.

“The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud,” 

The hackers stole the casino’s high-roller database through a thermometer in the lobby fish tank.

fish tank

This isn’t the first a thermometer hack reported by experts at Darktrace, in July 2017 hackers attempted to exfiltrate data from a US casino by hacking into an Internet-connected fish tank.

A connected fish tank included sensors used to control the temperature, food distribution, and cleanliness of the tank.

“Somebody got into the fish tank and used it to move around into other areas (of the network) and sent out data,” said Justin Fier, Darktrace’s director of cyber intelligence. 

At the time, hackers exfiltrated 10 GB of data that were sent out to a device in Finland.

Pierluigi Paganini

(Security Affairs – fish tank, hacking)

The post Attackers exfiltrated a casino’s high-roller list through a connected fish tank appeared first on Security Affairs.

Experts uncovered a proxy botnet composed of over 65,000 routers exposed via UPnP protocol

Security researchers at Akamai have discovered a proxy botnet composed of more than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol.

Crooks have compromised the devices of this multi-purpose proxy botnet to conduct a wide range of malicious activities, including spamming and phishing, click fraud, account takeover and credit card fraud, distributed denial of service (DDoS) attacks, malware distribution, and also bypassing censorship,

While the researchers were investigating attacks against its customers they discovered that vulnerable devices have NAT injections that allow attackers to abuse them.

“While researching UPnP-enabled devices detected as participants in attacks against Akamai customers, we discovered that some devices appeared to be more susceptible to this vulnerability than others, and contained malicious NAT injections.” reads the analysis published by Akamai. “These injections were present on a handful of the devices found in the wild, and appeared to be part of an organized and widespread abuse campaign”

proxy botnet injection bypass

Akamai discovered over 4.8 million devices that were found to be vulnerable to simple UDP SSDP inquiries. Of these, roughly 765,000 (16% of total) were confirmed to also
expose their vulnerable TCP implementations while over 65,000 (1.3% of total) were discovered to have NAT injections.

“These injections appeared to point to multiple services and servers around the Internet. A majority of the injections appear to target TCP ports 53 (15.9M for DNS), 80 (9.5M for HTTP), and 443 (155K for HTTPS).” continues the analysis. “A wide range of devices are affected, most of them being consumer-grade networking hardware. “73 brands/manufacturers and close to 400 models [were affected].”

The UPnP communication protocol is widely adopted even if it is known to be vulnerable. In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices.

The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet.

Abusing the protocol attackers can control the traffic in and out the networks, UPnP allows the automated negotiation and configuration of port opening/forwarding within a NATed networking environment.

The malicious botnet uncovered by Akamai is composed of vulnerable devices including malicious NAT injections, it turns routers into proxies, for this reason, the experts called the injected devices UPnProxy.

“The injected NAT entries were designed to be working in sets across various devices. Thus, across the 65,000 infected devices, 17,599 unique endpoint IP addresses were discovered.” continues the report. “The most-identified IP was injected over 18.8 million times across 23,286 devices, while the second-most-injected IP appeared over 11 million times across 59,943 devices.”

According to Akamai, part of this proxy botnet was already discovered by researchers at Symantec while investigating into the “Inception Framework” used by an APT group, in that circumstance Symantec research confirmed that the UPnProxy instances were used obfuscate the operators’ true locations.

The APT associated with Inception Framework is still active and continuously evolved its arsenal and TTPs.

In order to check if your router has been compromised for UPnProxying is to scan the endpoint and audit your NAT table entries.

Many frameworks and libraries available online could be used for this purpose.

Pierluigi Paganini

(Security Affairs – UPnP, proxy botnet)

The post Experts uncovered a proxy botnet composed of over 65,000 routers exposed via UPnP protocol appeared first on Security Affairs.

What is cyber security? How to build a cyber security strategy

Organizations face many threats to their information systems and data. Understanding all the basic elements to cyber security is the first step to meeting those threats.Cyber security is the practice

The post What is cyber security? How to build a cyber security strategy appeared first on The Cyber Security Place.

Securing your network in the IoT revolution

Instituting a comprehensive device management plan is essential to locking down Shadow IT at your organisation. The relationship between network security and the Internet of Things (IoT) has never been

The post Securing your network in the IoT revolution appeared first on The Cyber Security Place.

83% Of Enterprises Are Complacent About Mobile Security

These and many other insights are from the recently published Verizon Mobile Security Index 2018 Report. The report is available here for download (22 pp., PDF, no opt-in). Verizon commissioned

The post 83% Of Enterprises Are Complacent About Mobile Security appeared first on The Cyber Security Place.

The State of Security: Practical Attacks with DNS Rebinding

One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to load JavaScript. Since same-origin policy […]… Read More

The post Practical Attacks with DNS Rebinding appeared first on The State of Security.



The State of Security

Practical Attacks with DNS Rebinding

One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to load JavaScript. Since same-origin policy […]… Read More

The post Practical Attacks with DNS Rebinding appeared first on The State of Security.

Podcast Episode 90: WannaCry zombie haunts Boeing, UL tests for cyber security and Harvard war games election hacking

In this week’s podcast, Episode #90: has the WannaCry ransomware returned from the dead? We talk with an expert from Juniper Networks about what might be behind the outbreak at Boeing. Also: Underwriters Lab and Johnson Controls join us on the podcast to talk about a recent milestone: UL’s award of the first ever Level 3 certificate for...

Read the whole entry... »

Related Stories

Using deception to gain enterprise IoT attack visibility

The main lessons from attacks against Internet of Things (IoT) devices are to change default usernames and passwords, use longer passphrases to avoid brute force attacks, and make sure devices have enough memory for firmware and kernel updates to remove vulnerabilities or service backdoors, plus implement strong encryption for communications. Also, having IoT devices connected to standard PC platforms is not advised given endpoints are often the foothold in most attacks. Case in point with … More

The post Using deception to gain enterprise IoT attack visibility appeared first on Help Net Security.

IoT device management market size worth $5.1 billion by 2025

The global IoT device management market size is anticipated to reach USD 5.1 billion by 2025, according to a new report by Grand View Research, exhibiting a 28.3% CAGR during the forecast period. Growing demand for IoT services, need for digitalization, and increasing penetration of communication and networking technologies are expected to drive the market over the coming years. In the past few years, the industry has witnessed increasing investments in R&D activities for development … More

The post IoT device management market size worth $5.1 billion by 2025 appeared first on Help Net Security.

Hacking intelligent buildings using KNX and Zigbee networks

A great many of us are living, staying or working in “smart” buildings, relying on automated processes to control things like heating, ventilation, air conditioning, lighting, security and other operation systems. We expect those systems to work without a glitch and withstand attacks but, unfortunately, the security of these systems is still far from perfect. A group of researchers from Tencent Security Platform is getting ready to demonstrate just how imperfect it is at the … More

The post Hacking intelligent buildings using KNX and Zigbee networks appeared first on Help Net Security.

Third-party IoT risk management not a priority

With the proliferation of IoT devices used in organizations to support business, technology and operations innovation, respondents to an Ponemon Institute study were asked to evaluate their perception of IoT risks, the state of current third party risk management programs, and governance practices being employed to defend against IoT-related cyber attacks. Has your organization experienced a data breach or cyber attack caused by unsecured IoT devices or applications in the past 12 months? This year’s … More

The post Third-party IoT risk management not a priority appeared first on Help Net Security.

Report: Organizations say IoT devices pose ‘catastrophic risk’, then shrug

The majority of corporations fear that a “catastrophic” security incident stemming from the Internet of Things (IoT) is an imminent risk. However, those same organizations still lack simple knowledge of how many IoT devices they have in their organization and how they are being used, let alone have oversight for how to protect them, according...

Read the whole entry... »

Related Stories

Podcast Beta Deaths: are we driving too fast towards Autonomous Vehicles?

In this week’s Security Ledger Podcast (Episode #89) we talk with Beau Woods of The Atlantic Council and the advocacy group I Am The Cavalry about the death of 49-year-old Elaine Herzberg, who was struck and killed by an autonomous vehicle operated by Uber. Also: following Facebook’s privacy meltdown with Cambridge Analytica,...

Read the whole entry... »

Related Stories

Autonomous vehicles could save more lives than they take. That might not matter.

Autonomous driving technology has the potential to save many more lives than it takes. But that may not matter if the public becomes convinced that autonomous vehicles are a danger to society.  Will the death of a pedestrian in Tempe, Arizona derail the self-driving car initiatives of firms like Uber, General Motors and Tesla? The answer greatly...

Read the whole entry... »

Related Stories

New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users

As recent events like CES and MWC have proved, the popularity of connected devices is showing no signs of slowing. Everything has been transformed into smart: lightbulbs, ovens, sprinkler systems – with one of the first trailblazers being the smart TV. And now, it’s been discovered that smart TVs may be vulnerable to cyberattacks, as the independent security software tester AV-Comparatives and sigma star gmbh informed the general public of several critical vulnerabilities in Vestel firmware, which is used in more than 30 popular TV brands, including Medion. These vulnerabilities could be leveraged to spy on smart TV users.

This discovery began back in March 2017 when news emerged that it may be possible to hack into smart TVs to spy on users. Hearing this news, AV-Comparatives decided to perform a quick security check on the Medion smart TV and discovered a handful of vulnerabilities. AV-Comparatives asked sigma star gmbh (which specializes in IoT) to analyze these issues, and the company confirmed their severity. And though the groups informed Vestel and Medion already about these flaws, not all have been addressed.

Now, Medion has requested to further investigate a few outstanding vulnerabilities, which means a firmware update is not on the way just yet. So, in the interim, be sure to follow these security tips to ensure you stay secure while utilizing smart TVs:

  • Buy smart TVs with security in mind. When purchasing a smart TV, it’s always important to do your homework and read up on any current vulnerabilities. That way, you can make an informed purchase.
  • Update regularly. It’s an important security rule of thumb: always update any software whenever an update is available, as security patches are usually included with each new version. And even though fixes for these particular flaws have not been issued yet, they should be soon on the way. 
  • Secure your home’s internet at the source. Smart TVs, like all connected devices, have to connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users appeared first on McAfee Blogs.

Black Box Device Research reveals Pitiful State of Internet of Things Security

Internet of Things insecurity is worse than you think, according to a team of researchers who reverse engineered a series of Internet of Things devices and found them even easier to hack and exploit than believed. Security researchers in Israel have taken a good look under the hood of a number of connected devices to find out just how serious...

Read the whole entry... »

Related Stories

Time of death? A therapeutic postmortem of connected medicine

#TheSAS2017 presentation: Smart Medicine Breaches Its “First Do No Harm” Principle

At last year’s Security Analyst Summit 2017 we predicted that medical networks would be a titbit for cybercriminals. Unfortunately, we were right. The numbers of medical data breaches and leaks are increasing. According to public data, this year is no exception.

For a year we have been observing how cybercriminals encrypt medical data and demand a ransom for it. How they penetrate medical networks and exfiltrate medical information, and how they find medical data on publicly available medical resources.

The number of medical data breaches and leaks per year (source: HIPAA Journal)

Opened doors in medical networks

To find a potential entry point into medical infrastructure, we extract the IP ranges of all organizations that have the keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name, then we start the masscan (port scanner) and parse the specialized search engines (like Shodan and Censys) for publicly available resources of these organizations.

Masscan report extract

Of course, medical perimeters contain a lot of trivial opened ports and services: like web-server, DNS-server, mail-server etc. And you know that’s just the tip of the iceberg. The most interesting part is the non-trivial ports. We left out trivial services, because as we mentioned in our previous article those services are out of date and need to be patched. For example, the web applications of electronic medical records that we found on the perimeters in most cases were out of date.

The most popular ports are the tip of the iceberg. The most interesting part is the non-trivial ports.

The most popular opened ports on medical perimeters (18,723 live hosts; 27,716 opened ports)

Using ZTag tool and Censys, we identify what kinds of services are hidden behind these ports. If you try to look deeper in the embedded tag you will see different stuff: for example printers, SCADA-type systems, NAS etc.

Top services on medical network perimeters

Excluding these trivial things, we found Building Management systems that out of date. Devices using the Niagara Fox protocol usually operate on TCP ports 1911 and 4911. They allow us to gather information remotely from them, such as application name, Java version, host OS, time zone, local IP address, and software versions involved in the stack.

Example of extracted information about Niagara Fox service

Or printers that have a web interface without an authentication request. The dashboard available online and allows you to get information about internal Wi-Fi networks or, probably, it allows you to get info about documents that appeared in “Job Storage” logs.

Shodan told us that some medical organizations have an opened port 2000. It’s a smart kettle. We don’t know why, but this model of kettle is very popular in medical organizations. And they have publicly available information about a vulnerability that allows a connection to the kettle to be established using a simple pass and to extract info about the current Wi-Fi connection.

Medical infrastructure has a lot of medical devices, some of them portable. And devices like spirometers or blood pressure monitors support the MQTT protocol to communicate with other devices directly. One of the main components of the MQTT communication – brokers (see here for detailed information about components) are available through the Internet and, as a result, we can find some medical devices online.

Not only Smart Home components, but also medical devices are available via MQTT Spirometer

Threats that affect medical networks

OK, now we know how they get in. But what’s next? Do they search for personal data, or want to get some money with a ransom or maybe something else? Money? It’s possible… anything is possible. Let’s take a look at some numbers that we collected during 2017.

The statistics are a bit worrying. More than 60% of medical organizations had some kind of malware on their servers or computers. The good news is that if we count something here, it means we’ve deleted malware in the system.

Attacks detected in medical organizations, 2017

And there’s something even more interesting – organizations closely connected to hospitals, clinics and doctors, i.e. the pharmaceutical industry. Here we see even more attacks. The pharmaceutical industry means “money”, so it’s another titbit for attackers.

Attacks detected in pharmaceutical organizations, 2017

Let’s return to our patients. Where are all these attacked hospitals and clinics? Ok, here we the numbers are relative: we divided the number of devices in medical organizations in the country with our AV by the number of devices where we detected malicious code. The TOP 3 were the Philippines, Venezuela and Thailand. Japan, Saudi Arabia and Mexico took the last three spots in the TOP 15.

So the chances of being attacked really depend on how much money the government spends on cybersecurity in the public sector and the level of cybersecurity awareness.

Attacked devices in medical organizations, TOP 15 countries

In the pharmaceutical industry we have a completely different picture. First place belongs to Bangladesh. I googled this topic and now the stats look absolutely ok to me. Bangladesh exports meds to Europe. In Morocco big pharma accounts for 14% of GDP. India, too, is in the list, and even some European countries are featured.

Attacked devices in pharmaceutical organizations, TOP 15 countries

On one in ten devices and in more than 25% of medical and 10% of pharmaceutical companies we detected hacktools: pentesting tools like Mimikatz, Meterpreter, tweaked remote administration kits, and so on.

Which means that either medical organizations are very mature in terms of cybersecurity and perform constant audits of their own infrastructure using red teams and professional pentesters, or, more likely, their networks are infested with hackers.

Hacktools: Powerpreter, Meterpreter, Remote admin, etc.

APT

Our research showed that APT actors are interested in information from pharmaceutical organizations. We were able to identify victims in South East Asia, or more precisely, in Vietnam and Bangladesh. The criminals had targeted servers and used the infamous PlugX malware or Cobalt Strike to exfiltrate data.

PlugX RAT, used by Chinese-speaking APT actors, allows criminals to perform various malicious operations on a system without the user’s knowledge or authorization, including but not limited to copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity. PlugX, as well as Cobalt Strike, is used by cybercriminals to discreetly steal and collect sensitive or profitable information. During our research we were unable to track the initial attack vectors, but there are signs that they could be attacks exploiting vulnerable software on servers.

Taking into account the fact that hackers placed their implants on the servers of pharmaceutical companies, we can assume they are after intellectual property or business plans.

How to live with it

  • Remove all nodes that process medical data from public
  • Periodically update your installed software and remove unwanted applications
  • Refrain from connecting expensive equipment to the main LAN of your organization

More tips at “Connected Medicine and Its Diagnosis“.

Somebody’s watching! When cameras are more than just ‘smart’

Every year the number of smart devices grows. Coffee machines, bracelets, fridges, cars and loads of other useful gadgets have now gone smart. We are now seeing the emergence of smart streets, roads and even cities.

Devices such as smart cameras have long been part of everyday life for many, as communication devices, components in security and video surveillance systems, to keep an eye on pets, etc.

The latest smart cameras can connect to the cloud. This is done so that a user can watch what’s happening at a remote location using a variety of devices.

The researchers at Kaspersky Lab ICS CERT decided to check the popular smart camera to see how well protected it is against cyber abuses. This model has a rich feature list, compares favorably to regular webcams and can be used as a baby monitor, a component in a home security system or as part of a monitoring system.

An initial analysis using publicly available sources showed that there are almost 2,000 of these cameras on the Internet with public IP addresses.

Hanwha SNH-V6410PN/PNW SmartCam: specifications

This device is capable of capturing video with resolutions of 1920×1080, 1280×720 or 640×360, it has night vision capability and a motion sensor, and supports two-way communication, i.e. apart from capturing video and sound it can also produce sound using an in-built speaker. The camera works via a cloud-based service; in other words, it doesn’t connect directly to a device such as a computer. It is configured by creating a wireless hotspot on the camera and connecting it to the main router via Wi-Fi. Users can control the camera from their smartphones, tablets or computers. It should be noted that the camera’s data can only be uploaded to the cloud; there is no other way of communicating between the user and the camera.

The camera is based on the Ambarella S2L system (ARM architecture). Amboot is used as its initial loader. After a standard boot, Amboot loads the Linux core with a specific command as a parameter:

console=ttyS0 ubi.mtd=lnx root=ubi0:rootfs rw rootfstype=ubifs init=/linuxrc model=SNH-V6410PN ethaddr=************ sn=ZC7D6V2H*********
s=c

After that, systemd launches. The system then boots as normal. Different partitions are mounted, and commands from rc.local are executed. When executing rc.local, the file mainServer is launched in daemon mode, which is the core of the camera’s operation logic. mainServer executes the commands that are sent to it via UNIX socket /tmp/ipc_path via binary protocol. Scripts written in PHP as well as CGI are used to process user files. While launching, mainServer opens UNIX socket /ipc_path. Analysis of the PHP scripts has shown that the main function responsible for communication with mainServer is in the file /work/www/htdocs_weboff/utils/ipc_manager.php.

Interaction with the cameras is via the cloud only

Communication with the user

When a command arrives from the user (e.g., to rotate the camera, select a tracking area, switch to night vision mode, etc.), it is analyzed. Each command or parameter has its own flag assigned to it, which is a constant. The main flags are documented in the file /work/www/htdocs_weboff/utils/constant.php. Later on, the packet header and payload is created, and a request is sent via UNIX socket /tmp/ipc_path to mainServer.

An analysis of the file ipc_manager.php shows that no authentication is used at this stage. The request is sent on behalf of the user ‘admin’.

function makeHeader($cmd, $act, $type, $len){
$header = array();
$header = array_fill(0, 77, 0x00);
$header[HEADER_OFF_MAGIC_NUMBER] = 0xFE;
$header[HEADER_OFF_MAGIC_NUMBER+1] = 0xFF;
$header[HEADER_OFF_MAGIC_NUMBER+2] = 0xFE;
$header[HEADER_OFF_MAGIC_NUMBER+3] = 0xFF;
$header[HEADER_OFF_MAJOR_VERSION] = MAJOR_VERSION; //Major Version
$header[HEADER_OFF_MINOR_VERSION] = MINOR_VERSION; //Minor Version
int2byte($header, $cmd, HEADER_OFF_COMMAND); //Command
$header[HEADER_OFF_ACTION] = $act; //Action
$header[HEADER_OFF_MSG_TYPE] = $type; //Type
$header[HEADER_OFF_ERROR_CODE] = 0xFF; //Error Code
int2byte($header, $len, HEADER_OFF_MSG_LENGTH); //Length
str2byte($header, “127.0.0.1“, HEADER_OFF_PEER_IP, 40); //Peer IP[40]
int2byte($header, 80, HEADER_OFF_PEER_PORT); //Peer Port
str2byte($header, “admin“, HEADER_OFF_PEER_ACCOUNT, 16); //Peer Account[16] – Current user name
$header = array_merge($header, array_fill(0, 8, 0xFF)); //Reserved[8]
return $header;
}

Example of a request sent on behalf of admin

This method of communicating commands is used when camera communication is done both via HTTP API and via SmartCam applications. In the latter case, the packet is generated in the application itself and sent to the camera in a message body using the XMPP protocol. When accessing this file from the outside via HTTP API and SmartCam application, it can be accessed only through web server digest authentication.

Loopholes for intruders

The following vulnerabilities were identified during the research:

  • Use of insecure HTTP protocol during firmware update
  • Use of insecure HTTP protocol during camera interaction via HTTP API
  • An undocumented (hidden) capability for switching the web interface using the file ‘dnpqtjqltm’
  • Buffer overflow in file ‘dnpqtjqltm’ for switching the web interface
  • A feature for the remote execution of commands with root privileges
  • A capability to remotely change the administrator password
  • Denial of service for SmartCam
  • No protection from brute force attacks for the camera’s admin account password
  • A weak password policy when registering the camera on the server xmpp.samsungsmartcam.com. Attacks against users of SmartCam applications are possible
  • Communication with other cameras is possible via the cloud server
  • Blocking of new camera registration on the cloud server
  • Authentication bypass on SmartCam. Change of administrator password and remote execution of commands.
  • Restoration of camera password for the SmartCam cloud account

After some additional research we established that these problems exist not only in the camera being researched but all manufacturer’s smart cameras manufactured by Hanwha Techwin. The latter also makes firmware for Samsung cameras.

Below we give a more detailed account of some of our findings.

Undocumented functionality

As mentioned above, we detected, among others, an undocumented capability that allows manipulations with the camera’s web interface.

Code with undocumented functionality capability in Hanwha SmartCam

Interestingly, in addition a buffer overflow-type vulnerability was detected inside of it. We reported the issue with undocumented feature to the manufacturer, and it has already fixed it.

Vulnerability in the cloud server architecture

Another example of a dangerous vulnerability in this smart camera can be found in the cloud server architecture. Because of a fault in the architecture, an intruder could gain access via the cloud to all cameras and control them.

One of the main problems associated with the cloud architecture is that it is based on the XMPP protocol. Essentially, the entire Hanwha smart camera cloud is a Jabber server. It has so-called rooms, with cameras of one type in each room. An attacker could register an arbitrary account on the Jabber server and gain access to all rooms on that server.

Message sent over XMPP using a test account created for research purposes

Decoded body of the above message

In the process of communicating with the cloud, the camera sends the user’s credentials and a certain set of constants. After analyzing the data sent, a remote attacker is able to register existing cameras in the cloud that have not been registered there yet. As a result of this, the cameras could subsequently not able to register in the cloud and, as a consequence, are not able to operate. In addition, an attacker can communicate with the cloud on behalf of an arbitrary camera or control arbitrary cameras via the cloud.

Attack scenarios

An interesting attack vector is the spoofing of DNS server addresses specified in the camera’s settings. This is possible because the update server is specified as a URL address in the camera’s configuration file. This type of attack can be implemented even if a camera doesn’t have a global IP address and is located within a NAT subnet. This sort of attack can be implemented by taking advantage of the peculiarities and vulnerabilities that exist in the Hanwha SmartСam cloud architecture. An attack like this could result in the distribution of modified firmware to cameras with the undocumented functionality loophole preinstalled, which will give privileged rights on those cameras.

If an intruder gains privileged rights (root) on a camera, they gain access to the full Linux functionality. This means the camera can be used as a foothold from which to attack devices located on local (within a NAT subnet) or global networks.

In one attack scenario, an arbitrary camera can be cloned and its image signal spoofed for the end user without much difficulty. To do so, an intruder will have to use cloud interactions to find out the target camera’s model, serial number and MAC address. The attacker then resets the password using a vulnerability in the password generation algorithm and modifies the firmware of the cloned camera (which is an identical camera located on the attacker’s side). The victim’s camera is then remotely disabled. As a result, the victim will receive a video signal from the attacker’s cloned camera.

Other possible scenarios involve attacks on camera users. The camera’s capabilities imply that the user will specify their credentials to different social media and online services, such as Twitter, Gmail, YouTube, etc. This is required for notifications about various events captured by the camera to be sent to the user. An attacker would then be able to exploit this capability to send phishing and spam messages.

Conclusion

What can a potential attacker do with the camera? Our research has demonstrated that they have a number of options.

For one, the attacker can remotely change the administrator’s password, execute arbitrary code on the camera, gain access to an entire cloud of cameras and take control of it, or build a botnet of vulnerable cameras. An attacker can gain access to an arbitrary SmartCam as well as to any Hanwha smart cameras.

What are the implications for a regular user? A remote attacker can gain access to any camera and watch what’s happening, send voice messages to the camera’s on-board speaker, use the camera’s resources for cryptocurrency mining, etc. A remote attacker can also put a camera out of service so it can no longer be restored. We were able to prove this hypothesis three times 🙂

We immediately reported the detected vulnerabilities to the manufacturer. Some vulnerabilities have already been fixed. The remaining vulnerabilities are set to be completely fixed soon, according to the manufacturer.

Fixed vulnerabilities were assigned the following CVEs:

CVE-2018-6294
CVE-2018-6295
CVE-2018-6296
CVE-2018-6297
CVE-2018-6298
CVE-2018-6299
CVE-2018-6300
CVE-2018-6301
CVE-2018-6302
CVE-2018-6303

How to Protect Your Privacy in a Connected World

Not so long ago computers were our only connection to the internet, but these days we are almost constantly connected, through our phones, homes, autos, and even our children’s toys. In fact, research firm Gartner estimates that we now have over 8.4 billion connected “things” in use and that number will continue to grow rapidly.

Being connected brings great convenience, of course, but it also opens us up to a much wider range of risks, including the loss of money, data, and property, not to mention privacy. So the question now is, how to protect ourselves as we move through the connected world. Let’s start by talking about one of the newer and less familiar avenues of attack: connected “things.”

IoT

The term “Internet of Things” (IoT) is used to describe connected devices such as IP cameras, smart TVs and appliances, and interactive speakers and toys. These things have a built-in connection to the internet, but often don’t come with sophisticated security features—many have password protection at the most. This makes them easy to hack, especially if the password isn’t changed from the factory default. You may remember the Mirai malware incident, in which tens of thousands of IoT devices were infected and used to launch attacks against popular websites. IoT malware has only grown more sophisticated since then, opening the door to dangers such as launching larger attacks, accessing computing power to mine for cryptocurrencies, or leapfrogging attacks to computers and smartphones that store critical information. The bottom line is that IoT devices give cybercriminals a lot of access points to play with, and we have yet to see all the risks that they could bring.

Computers & Smartphones

Just as attacks on devices have become more sophisticated, so too have threats aimed at computers and smartphones. Cybercrooks are no longer satisfied with distributing malware to cause disruption—now they are focused on making money. Cryptocurrency miners are just one example of this; the other is the huge growth we have seen in ransomware. Authors of this type of malware don’t only make money by locking down the data of normal computer users, businesses, and government agencies, and demanding money to release it. They have also created an entirely new industry by selling ransomware products to other would-be cybercriminals online.

Another large and growing threat to smartphone users is malicious apps. We’ve seen a large uptick in risky applications, designed to steal data, rack up premium charges without the user’s permission, or access the device for other malicious purposes. Again, money is a driver, since a large number of the new risky apps we’ve detected have been designed to manipulate mobile ads, generating money for the malware authors.

Networks

Our computers and devices aren’t the only things under attack—the networks we use continue to be a growing target. This is no doubt related to our desire to be connected no matter where we go. Public Wi-Fi networks offer bad guys an unprecedented opportunity to intercept multiple users’ data while in transit to and from the network. This data can include credit card numbers, passwords, and identity information, if the network is not secure. What’s more, some attackers are going even higher up in the chain to take advantage of vulnerabilities in network protocols, making secure infrastructure even more important.

With so many risks associated with the connected landscape, it’s up to all of us to take steps to protect our data, devices and privacy.

Here are some key tips to safely navigate the connected world:

  • Always use comprehensive security software on both your computers and mobile devices, and keep all of your software up-to-date. This will safeguard you from the latest threats.
  • When you bring home a new IoT device, make sure that you reset the default password.
  • Look into putting all of your connected home devices onto a separate network from your computers and smartphones, so if one device is infected the attacker cannot access your other data-rich devices. Check your router’s user manual to learn how.
  • To ensure that your home computers and devices stay safe, look for a more secure network solution that includes IoT protection.
  • Avoid connecting to public Wi-Fi networks, which may or may not be secure. Instead, consider using a VPN. This is a piece of software that will give you a secure connection to the internet no matter where you go.
  • Only download apps from official app stores and read other users’ reviews first to see if they are safe.
  • Keep up-to-date on the latest threats, since they are constantly evolving, and make sure to share these important security tips with friends and family.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How to Protect Your Privacy in a Connected World appeared first on McAfee Blogs.

How to start analyzing the security of your IoT devices

The big challenge with IoT devices is that they are all different: Each manufacturer has its own firmware, uses different protocols, and designs its own architecture. So, the first step before carrying out any analysis is to understand the architecture, find out what components are involved, and how they interact and communicate among themselves.

The post How to start analyzing the security of your IoT devices appeared first on WeLiveSecurity

How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation

Mobile World Congress (MWC) 2018 is finally upon us, and mobile and security providers from around the world are in Barcelona presenting the latest and greatest insight and innovation. At this year’s MWC, McAfee is excited to present our own unique insights and innovations, some of which are supported by our partners. These include: McAfee Secure Home Platform Skill for Amazon Alexa, the 2018 McAfee Mobile Threat Report, and our industry partnerships with Samsung, Telefónica, Türk Telekom, NTT DOCOMO.

Adapting to Alexa

As we know, the growing type and number of connected devices has changed the way security operates – which is why our team created McAfee Secure Home Platform in the first place. But now, we’re excited to announce the planned launch of the new McAfee Secure Home Platform skill for Amazon Alexa, one of the most popular connected devices out there today. Customers with a McAfee Secure Home Platform enabled router can easily manage their connected home’s network security using their voice. And it’s already gaining traction with MWC attendees, as McAfee just won “Best of MWC 2018” from PC Mag for the Alexa skill!

Insight on the changing mobile landscape

Your phone is not just a phone. It is a rich computing environment that contains the keys to your connected life. And as the 2018 McAfee Mobile Threat Report reveals, cybercriminals know that, and are tailoring their strategy to our dependency on our mobile devices. The report aims to provide insight on the explosion of mobile malware and dramatic changes to the mobile landscape. The report also tells us that there have been over 16 million infestations detected in the third quarter of 2017 alone – nearly double the number from last year.

Partnerships that strengthen our customers’ security

The ever-changing mobile landscape is precisely why we’re working with our partners to find new ways to secure our customers’ mobile devices and digital lives. McAfee is today announcing key partnerships to ensure security is built-in across devices and networks. It’s more important than ever that the entire ecosystem works together to protect consumers around the world from these attacks and deliver them peace of mind. So, how exactly are we doing this? For starters, our partnership with Samsung has expanded to safeguard all Galaxy S9 smartphones, the Galaxy Note8, along with Samsung smart TVs, PCs and notebooks. We also announced a partnership with Telefónica, which will help protect Telefónica customers, and provide always on protection for every connected device in the home. We also announced a strategic partnership with Türk Telekom to deliver cross-device security protection. What’s more – NTT DOCOMO and McAfee now have an extended partnership in order to deliver Wi-Fi protection and security to NTT DOCOMO mobile users.

We’re excited to see what’s to come for the rest of MWC, and how these announcements will help improve our customers’ lives. With these new innovations, we hope our 400 million customers can live their digital lives with confidence and comfort.

To stay on top of McAfee’s MWC news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation appeared first on McAfee Blogs.

What Is a Botnet?

Robot armies on attack may sound like science fiction, but this is a security reality we’ve been facing for some time. You may have heard of recent threats where popular websites were knocked completely offline, or servers were forced to mine for cryptocurrencies by giant “botnets”. But you might not have known exactly what a botnet is, and how the devices in your home could easily become part of one.

A botnet is a collection of connected devices, or “bots” (short for robots), that are infected and controlled by malware. These devices could include your PC, webcam, or any number of connected appliances in your home. The cybercriminals who distribute malware to create botnets are generally looking to use the combined computing power of all the infected devices to launch much larger attacks.

Take, for example, the Mirai botnet, which infected millions of consumer devices such as IP cameras and home routers to launch a distributed denial of service attack that was able to cripple major websites such as Netflix, Twitter, and Reddit. Mirai took advantage of the low-level of security on most home connected devices. All the malware had to do was guess a password—many of which are known factory defaults—to seize control.

Botnets have been around for a long time, with the first instances recorded in the early 2000s as a way to send massive amounts of spam emails. But these days cybercriminals are eyeing the huge computing potential of millions of IoT devices to create botnets that can launch targeted attacks, or make money.

Some large botnets have become money-making enterprises unto themselves, with cybercrooks reselling their resources to users who want to launch their own attacks, say against online gaming rivals.

But, no matter what a botnet is used for there are a number of reasons why you don’t want your computers and devices to wind up as part of a nefarious network. Botnet malware can significantly slow down your computer or device, and keep it from functioning properly. In the case of computers, this slowdown can potentially keep you from downloading critical security updates, leaving you at an even greater risk for data theft. The malware can also be used to spam your friends and contacts in your name, and launch attacks against other networks, all without your knowledge.

Follow these important tips to keep your devices from joining the botnet army: 

  • Change Device Passwords—The first thing you want to do when you get a new IoT device is to change its default password, making it much harder for a potential attacker to gain access. Check your user’s manual for security settings. If the device has little or no built-in security, consider investing in more secure devices.
  • Keep your software up-to-date—This goes for both computer software and device firmware. Manufacturers regularly release software updates that can protect you from known vulnerabilities, so you want to make sure that you are always running the latest versions.
  • Always Use a Firewall—Firewalls monitor traffic between your Internet connection and your devices to detect unusual behavior. Even if one of your devices is infected, a firewall can keep a potential attacker from accessing all the other devices on the same network. Firewalls are often included in comprehensive security software, ensuring that all your computers and devices have protection.
  • Setup a Separate IoT Network—Instead of putting all your IoT devices on your regular home network, consider setting up a guest network that doesn’t share access to your other devices and data. Check your router manufacturer’s website to learn how. Or, consider getting a router with built-in security features, making it easier to protect all the devices in your home from one access point.
  • Practice Safe Surfing—So called “drive by” malware, which can infect your device simply by visiting a compromised website, or clicking on a dangerous ad, is being increasingly used to create botnets. In fact, millions of websites are now thought to be infected with crypto-mining malware. That’s why it’s important to be careful where you click. Make sure that you are using antivirus software, and that you enable ad blocking.And to prevent your computer from being infected with crypto mining software specifically, you may also consider installing a browser extension such as Chrome’s No Coin, or Opera for Android. Both actively block coin miners.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Is a Botnet? appeared first on McAfee Blogs.

5 Digital Family Values to Embrace to Make the Internet a Better Place

A better internet — one free of bullying, division, hate, and crime — isn’t just an aspiration, it’s truly possible. And, it starts with the individual digital user. It starts with you, with me, and the next generation of users we’re raising up. That’s the message of the annual worldwide Safer Internet Day, which is Tuesday, February 6.

The global movement has a message this year to “create, connect and share respect” online and challenges everyone from parents, to youth, to educators, to businesses to focus on how to use the internet’s power to bring people together.

We’ve put together a list of values to consider that might help your family respond to the challenge of Safer Internet Day. Can one family make the internet a safer, more positive place for us all? We think so. People affect change and influence millions of people every day online. Each one of us has the choice to lead or sit on the sidelines on this critical topic. Even the smallest act of kindness or respect online generates digital ripples. So, just begin. (You can also join in the worldwide social media push with a Thunderclap post supporting #SID2018 on the morning of Feb. 6 to kick start Safer Internet Day)!

5 Digital Family Values to Upload Every Day

  1. The value of the pause.

    The online culture gives our discernment a workout every second, doesn’t it? Teaching kids to become critical thinkers who are responsible for their online choices is a value that is reinforced in big and small ways every day. A few questions to challenge kids to ask before posting might be:

  • Is this a value I share or am I just echoing my friends?
  • Am I too emotional to be online right now?
  • Do I have all the facts before I respond?
  • What’s the flip side of this issue, the other opinions?
  • Is what I want to say online necessary, helpful, or kind?
  1. The value of empathy.

    Empathy is making a genuine attempt to understand another person’s struggle and it’s a powerful way to combat bullying, hate, and prejudice online. Digital communication can make it harder to feel empathy for other people. Hearts get lost in the clicking, liking, and sterile acronyms. Looking for ways to teach empathy means highlighting real-life situations and asking your kids to think deeper, put themselves in another person’s shoes, and genuinely reflect on the emotional fallout.

  2. The value of responsibility.

    Making the internet a safer place for all, requires parents and kids to embrace, repeat, and consider the basic safety principals that create our digital footprint. One way is to help kids understand their digital footprint and the responsibility that comes with owning a digital device of any kind. Pose these questions to your child:

  • Is this something you really want everyone to know that about you?
  • What do you think this photo communicates about you (use adjectives)?
  • How do you think that person would feel if he or she saw your post about them a few years from now?

One of the best ways to grow your child’s sense of digital responsibility is to role-play. Find teachable moments in which empathy or responsible online behavior has been ignored.

Ask your child questions that will challenge him or her to verbalize what another person might be feeling or thinking. Putting words to a cruel or unfair situation brings it to life and is an effective way to dismantle stereotypes, prejudices, and digital inequities.

4. The value of media literacy.

Media literacy is a skill that allows digital users to become critical thinkers and creators, effective communicators, and active digital citizens. This means we all play a role in making the Internet a safe place to exchange ideas and appropriate content. Cyberwise.org is an excellent media literacy equipping hub for families and educators.

5. The value of parental example.

If you’re serious about influencing your child’s behavior online, the most powerful teacher is you. Take inventory. Be the example of a balanced, responsible, empathy-driven internet user. Model balance. Limit your time on social networks when at home, unplug consistently, don’t let technology come before people. Model responsibility. Post and comment wisely, and always keep your emotions in check online. Model humility. Part of being the example includes being able to admit your digital mistakes. Kids need to know you aren’t perfect and learn from how you handled a digital situation such as cyberbullying, a political argument, or even a closeted tech addiction. Be open, honest, and candid in leading your kids in social appropriateness. Model empathy. Be sensitive to others online. Use your wisdom to mend a broken situation and do the harder thing in an emotion-charged circumstance. Your kids are watching you.

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures). 

 

The post 5 Digital Family Values to Embrace to Make the Internet a Better Place appeared first on McAfee Blogs.

The story behind Microsoft’s earnings: The intelligent cloud powers customer innovation across industries

Microsoft illustration
Illustration by Eli Neugeboren

In today’s Microsoft second quarter earnings call, CEO Satya Nadella showcased how customers are using our technology to create digital business solutions. The 56 percent year-over-year growth in commercial cloud revenue — with broad-based growth across geographic markets and industry segments — is fueled by customer and partner success.

Just this week, we announced news with Publicis Groupe, Columbia Sportswear and PTC. Communications and advertising giant Publicis Groupe is building its new AI-powered platform, Marcel, on Microsoft Azure and Office 365 to empower its 80,000 employees worldwide. Columbia Sportswear, innovator in active outdoor apparel, announced its choice of Dynamics 365 and Azure to its enhance worldwide consumer experience. Plus, PTC, a leader in product lifecycle management solutions that include Internet of Things (IoT), augmented reality and 3D computer-aided design for the industrial sector, has selected Azure as its preferred cloud platform.

Below are more customer highlights from this quarter.

In the industrial sector, United Technologies Corp. (UTC) builds and services millions of products, from elevators in some of the world’s tallest buildings to aerospace equipment. UTC is using Dynamics 365 and Azure to help its massive field organization better predict and respond to customer needs. Chevron announced Azure as its primary cloud for intelligent, digitized oil fields in order to increase revenues, reduce costs and improve the safety and reliability of operations.

Consumer product companies are innovating with the Microsoft cloud, too. Kohler has built a legacy of blending home comfort and style through innovation. This year marks Kohler’s entrance into the connected home market with a new line of kitchen and bathroom products, Kohler Konnect. For example, with Azure IoT, Kohler Konnect products respond to voice and in-app commands to manage bath temperature or start a shower.

In real estate, CBRE entered the smart building market with a customizable, connected workplace solution to give property investors and occupants a single, seamless access point to building amenities and services. Powered by Azure IoT, the CBRE 360 mobile apps will allow users to locate colleagues and navigate the workplace, reserve workspaces, and access food and beverage services, as well as basic building and high-end concierge services.

In retail, national grocery chain Kroger is leveraging Azure to power its EDGE (Enhanced Display for Grocery Environment) solution — a grocery-store shelf with digital screen displays showing prices, nutritional information and more. The system manages high volumes of data, better connects store management and customers and ensures stock does not run low. Home-improvement company Lowe’s worked with Fellow Robots to deploy autonomous LoweBots to assist with inventory data and shelf intelligence. As the LoweBot scans inventory on the shelves, Azure helps Lowe’s keep constant tabs on inventory and frees store employees to assist customers. Merkal Calzados, Spain’s leading retailer of affordable footwear, has chosen Dynamics 365 for retail, finance, operations, and customer service to transform how it selects and sources product, improve marketing and accelerate omnichannel growth.

One of the world’s largest casual dining companies, Bloomin’ Brands, Inc., chose Azure to help its digital transformation across approximately 97,000 team members and almost 1,500 restaurants. The parent company of Outback Steakhouse, Bonefish Grill, Carrabba’s and Fleming’s Steakhouse, Bloomin’ Brands is using Azure advanced analytics, machine learning and Power BI to enable guest engagement and convenience through mobile apps, websites and e-commerce, including the customer loyalty program.

In the healthcare sector, UMB Healthcare Services, a division of UMB Bank, continues to improve its health savings account (HSA) solution, powered on Azure, by creating a seamless customer experience for 1.2 million HSA accounts. For example, ReceiptVault allows HSA owners to safely manage their health care receipts in one place, which is an important tax requirement.

Aurora Health Care operates 15 hospitals, more than 150 clinics and 70 pharmacies throughout eastern Wisconsin and northern Illinois, Premera Blue Cross is the largest health plan in the Pacific Northwest, and UPMC is one of the largest integrated health care delivery networks in the U.S. These partners are working with us on a new AI-powered health bot project, currently in private preview. Powered by Cognitive Services and enriched with medical content, the bots give customers self-service access to their health-related questions and information.

In the government space, Kansas City’s Azure-powered solution from Opti improves water quality and saves local citizens and companies money. The solution uses a wide range of data to control rainwater entry into the sewer system and could reduce the overall cost of the program by almost a billion dollars over 25 years.

In the world of payment technology, Mastercard selected Microsoft 365 to support a modern workplace that empowers its employees’ teamwork and innovation. One of the largest companies in the payments space, Mastercard connects consumers, financial institutions, merchants and businesses in more than 210 countries and territories to achieve their vision of a world beyond cash. The company is also leveraging Azure for apps, including Masterpass, a digital mobile wallet and rewards program application.

In the auto industry, Volkswagen Group Digital is piloting new forms of workplaces. The company recently deployed Surface Books, Surface Pros, Surface Studios and Surface Hubs in its 10X service design lab and Future Centers, and to run its collaboration application, DEON. DB Schenker, a division of Deutsche Bahn AG, focuses on logistics across air, land, sea freight as well as contracts logistics. The company turned to Windows 10 to help safeguard its business with intelligent, built-in security and to empower the productivity of its global, mobile workforce.

Across the globe, industry leaders are choosing Microsoft to power their business strategies and new products, or support culture change. I am constantly inspired by our customers’ and partners’ digital ambitions and innovation, and I am eager to continue partnering with them on their digital journey.

The post The story behind Microsoft’s earnings: The intelligent cloud powers customer innovation across industries appeared first on The Official Microsoft Blog.

The Future of IoT: What to Expect From Our Devices This Year

The beginning of the new year is always an exciting time for consumer technology enthusiasts. Business leaders, pioneers and forward-thinking companies gather in Las Vegas to showcase their latest devices at The International Consumer Electronics Show (CES), where next-generation innovations take center-stage and the world gets a glimpse into the future of IoT. I had the pleasure of attending CES with my colleagues this year and was blown away by the breadth of technology showcased. While the innovations stretched across many industries, I’d like to focus on the reoccurring themes in home and personal technology and how we can secure ourselves through the gadget-filled year ahead:

Smart Homes Will Become “Smarter” 

My favorite devices are the ones designed to enhance the smart home. Companies are striving to advance technology and make our lives easier in the comfort of our homes. From smart thermostats to smart assistants, there is certainly no shortage of household innovation; and companies like Google and Samsung are making strides to contribute to the smart home ecosystem. During CES, Samsung pledged to make all of its devices “smarter” by 2020, linking together all devices via its SmartThings cloud. Meanwhile, Google announced that Google Assistant will now be built in (or compatible) with a range of household products including your smart doorbell and ceiling fan.

As our homes become increasingly connected, the need to secure our internet-connected devices is critical. More IoT devices mean more points of data to attack and leverage for cybercrime. Hackers have the ability to access your personal information through connected home devices, which poses a threat to your identity. Consider using a service with built-in security to ensure every device in your home is well protected― especially the ones that often fly under the radar. Secure routers and gateways can protect all of your connected devices, even the ones without screens.

Smart Technology Will Track Your Sleep 

Technology is even changing the way we sleep, with smart sleep solutions for consumers. At CES 2018, Terraillon announced HOMNI, a device designed to help improve a user’s sleep environment. This device tracks the sleeper’s movement, sending your sleep data to a free app so that users can see how well they’ve slept. There’s nothing technology can’t solve for, including a good night’s sleep. However, when it comes to our personal data, it’s wise to be aware of how your data is being tracked or used.

As the use of connected devices in our homes and personal lives grow, so does the need for security beyond your PC or mobile phone. Many of the devices that we welcome into our daily routine aren’t equipped with proper security controls. It’s important to remember that these connected devices often run on our personal information, information such as your name, age, location –and in this case, your sleeping habits. While a sleep tracker may collect your information with the intentions of helping perfect your sleeping patterns, it has the potential to put your information in places that you might not intend. This is another example of why it’s exceedingly important to secure the connection at its source: your home.

“Ask Alexa” Will Live in Your Eyewear

Amazon Alexa has the ability to communicate with just about every connected device, so it’s no wonder that the Alexa Voice Service will have the ability to connect with your glasses soon, too. During CES, Vuzix announced that its latest pair of AR glasses, the Vuzix Blade, can communicate with Amazon Alexa. Blending augmented reality with AI assistant’s functionality, this headset acts as a fully functional computer with the ability to send email and text notifications via Bluetooth through the processing power of Android and unparalleled display.

Amazon Alexa has become a pseudo-family member in many households, offering assistance in the kitchen and even reading bedtime stories to children. To keep Cybercriminals from gaining access to your personal data , be sure you enable an extra measure of security, like setting up a PIN code for your voice command purchases.

Adding an extra layer of security to your smart devices is key to becoming an empowered consumer in today’s day and age. By taking these extra steps you’ll be able to enjoy the benefits of a secured smart home.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post The Future of IoT: What to Expect From Our Devices This Year appeared first on McAfee Blogs.

How to Treat Your Family’s Personal Data Like Gold in a Hyper-Connected World

Tomorrow, January 28, is National Data Privacy Day. While that may not mean a lot to you at first glance, the day shines a light on one of the most critical issues facing families today — protecting personal information in a hyper-connected world.

The day gives us an opportunity to 1) honestly examine the many ways our lives are connected and, 2) to take responsibility (and steps) to safeguard each area of personal privacy we expose — or potentially misuse — every time we power up.

Data Channels

Every day we connect our lives to external sources that are useful, productive, and entertaining without even realizing the many ways others can exploit our digital connections. There are the obvious sources that present a risk to our data such as social networks, online shopping, web browsing, and apps. Then there are the not-so-obvious sources that gather our information such as medical offices, schools, financial institutions, retail businesses, household assistants, TVs, home security systems, appliances, toys, and wearables.

Studies show that most of us certainly are not going to give up our connected lives to prevent a data breach. So, the next practical step is to get more intentional about our family’s privacy and take specific actions to minimize our risk.

The Risks Are Real

If you’ve never suffered the consequences of another person or organization exploiting your personal information, then you may not understand the seriousness of protecting it. However, as we all become more seamlessly connected in an Internet of Things (IoT) world, chances are you will experience some data misuse or abuse in the future. Those acts might be large-scale breaches such as the ones we’ve seen with Equifax, Uber, and Verizon or the breach may be on a smaller scale but just as financially and emotionally damaging.

When personal data gets hacked, sold, or exploited several things can happen. Digital fallout includes identity theft, credit card fraud, medical fraud, home break-ins, data misuse by companies, reputation damage, location and purchasing tracking, ransomware, and much more.

So the technology-driven future we’ve imagined is here — and it’s pretty awesome — but so too are the risks. And who among us could have guessed that parenting in the 21st century would include teaching kids about cybercriminals, data mining, and privacy breaches?

Step-Up Family Privacy

Treat privacy like gold. If more of us saw our personal information the way cybercriminals see it — like gold — then we may be more inclined to lock it up. Guiding your family in this mind-shift requires real effort. Teach your kids to view their personal information — address, habits, personal routine, school name, relationships, passwords, connected devices — as gold. Gold is to be treasured, locked up, and shared with great discernment. This attitude change may take time but, hopefully, the return on investment will mean your kids pause before handing over personal info to an app, a social network, a retail store, or even to friends.

Stress responsibility and respect. Stopping to think before you share online or connect a digital device is a key to safeguarding digital privacy. By teaching your kids that living in a connected world comes with responsibility for one’s actions and respect for others, you a leap in securing our family’s online privacy.

Routinely secure the basics. There are fundamental security measures under our roofs that cybercriminals are counting on all of us to neglect (and many of us do just that). Powerful security steps include: 1) Update all software (PC, phone, tablets, etc.) routinely 2) Establish and maintain strong passwords 3) Secure privacy settings on all social networks 4) Lock down your home network 5) Don’t overshare family details (names, travel, location, address, friends) online.

Make privacy fun. Here’s something to ponder. Challenge your kids to keep a low profile online. Talk about the power of being discreet, private, and mysterious in their digital peer group. Encourage them to set themselves apart by being the one who isn’t so easily accessed. Ask: Is digital sharing an enjoyable thing or, in reality, has it become an exhausting habit? Challenge them to go undercover (dark) online for a week and journal the pros and cons of being hyper private online. Come up with an incentive that works for your family.

Enjoy the Wows

Overall, stop and consider what your digital devices, apps, games, and products are asking of you. Is that fitness tracker getting a little too personal? Does that new toy, home security system, or household assistant know more than your family than your own mother does?Then don’t fill in every blank box. Go into the privacy settings and shore up product access, freshen up your passwords, and make sure you stay on top of software updates. Stop giving retailers, government agencies, and online marketers your email address. In short — pay attention, protect, and cherish your personal data. You can enjoy the wows of your technology without opening up your family’s privacy.

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures). 

The post How to Treat Your Family’s Personal Data Like Gold in a Hyper-Connected World appeared first on McAfee Blogs.

Key Considerations for Consumers Around Data Privacy

It’s 2018 – and though we’re not living in the age of flying cars, we are living in an age defined by the digital lifestyle. In today’s new age of technology, consumers are sharing more online than ever before. But, are people thinking about the privacy they sacrifice when they overshare online? This is especially top of mind as Data Privacy Day is upon us, which is an international effort held annually on January 28th to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust. Data Privacy Day acts as an important reminder for consumers to step back and consider the digital footprint they are leaving, and the potential sensitive data they are exposing to cybercriminals. Let’s take a look at the way data is shared in the modern era, and how much of a priority data privacy really is.

The impact of the Internet of Things

One of the biggest changes to the modern digital age is the introduction of the Internet of Things, or, IoT devices. We sometimes refer to the growing amount of IoT devices as the “Internet of Me,” because these connected devices run on our personal info more often than not. The information or action provided by IoT devices is typically based on your data. Take a fitness tracker as an example, it might need some personal details in order to customize a health plan and calculate your progress towards your health goals. This is just one example of the amount of data shared with IoT devices, but reminds us that we all must remember that IoT devices put our personal information in more places in ever before, and potentially in more hands too.

Privacy as a priority

So, when it comes to keeping all of this data private – just how concerned are consumers? Well, per our recent survey, 43% of those surveyed feel like they lack control over their personal information. And another 33% are unsure to what degree they can control how companies collect their personal information.

What’s more — even though consumers are concerned about personal information and identity, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution. Plus, despite the recent increase in breaches, 39% of respondents claim their concern about online security has remained the same or has decreased over the past five years.

How to protect your personal information

Now, the question is – what next? How can you channel the important takeaways from Data Privacy Day into your everyday life? Start by following these tips:

  • Think carefully about what you are posting/sharing. Are you broadcasting that you are out of town on social media? Are you giving that app or IoT device more information than it really needs? It’s important to be conscious about how and when you share your personal information online or with an app/service. It’s also a good security practice to only share personal data when it’s truly necessary.
  • Check your privacy settings. This is an easy one. If you are inclined to overshare personal information, make sure you adjust your settings so that you only share data when required, or only with people you know and trust.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help you protect you personally identifiable information from identity theft and fraud.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Considerations for Consumers Around Data Privacy appeared first on McAfee Blogs.

Key Innovations and Takeaways from CES 2018

Every year, practically everyone in the consumer electronics industry catches a flight and heads to Las Vegas for The International Consumer Electronics Show (CES). Though 2018’s show was colored by some power outages and even some flooding, it still delivered upon its typical expectations and showcased the best innovation that the industry brings to the table. And out of all of these technological marvels, a few key themes emerged. Here are some of my takeaways from the event:

AR is the new reality

Given its prolific presence at CES, (augmented reality) AR tech is likely to become everyone’s shiny new toy this year. Just think about it, with AR technology, consumers have immersive experiences available right at their fingertips. A popular AR contender was the Vuzix Blade, which is a pair of Android-powered sunglasses that deliver notifications and even Alexa functionality right to your eyes via a color display. Other notable mentions include the Lenovo Mirage Solo and Arsenz Thermoglass with FLIR.

Smart homes are the new norm

At CES last year, connected household devices were popular, but now they’re so prevalent that they’ll soon redefine the modern home entirely. There were smart doorbells that allow users to answer their door even if they’re not at home, a connected thermostat that learns the behavior of homeowners, and even a voice-lighted mirror with Amazon Alexa embedded into it. In fact, Samsung said it will increase its own smart home offerings, pledging that all of its devices from TVs to washing machines will be “smart” by 2020.

Security goes beyond standard devices

 At McAfee, we understand that IoT devices continue to permeate the modern home. That’s why we’ve created McAfee Secure Home Platform as the answer to the IoT boom. At this year’s CES, we even took over the Public House Restaurant in the Venetian and simulated a smart home experience to showcase how exactly McAfee Secure Home Platform works. We also continued our mission of protecting the connected home by working with D-Link on the new AC2600 Wi-Fi Router Powered by McAfee.

We continued the theme of extending protection beyond the PC or mobile phone by partnering with Samsung on Samsung Secure Wi-Fi, with back-end technology from McAfee to encrypts personal information during sensitive transaction and online activities.

And last but not least, we moved into a new space with the launch of McAfee Identity Theft Protection, designed to provide exactly that. This solution allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secure.

All in all, CES 2018 proved that innovation isn’t slowing down, and that also goes for connected devices and the technology that protects them. Both IoT devices and cybersecurity landscape are adapting to the needs of everyday consumers to make sure everyone can enjoy their digital life in a safe way.

To stay on top of McAfee’s CES news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Innovations and Takeaways from CES 2018 appeared first on McAfee Blogs.

2018 Resolution: Lose the Weight of Tech Safety Guilt Once and for All

January is here, and we’ve got goals to crush. We want to be more productive. We want to spend more quality time with family. We want to get fit and lose some weight. Then there are those brave enough to tackle what’s going on in their parenting knower.

The knower is located in every parent’s internal command center. It knows what it should do but hasn’t quite gotten around to doing it. It won’t appear on an anatomy chart, but if you are a parent, you know precisely where your knower is because you can feel the weight of the guilt that collects there. One of the biggest guilt generators is knowing what we should do to lock down our family’s digital life, but somehow keep putting it off.

According to McAfee’s 2018 digital threat predictions several of the top technology threats coming our way this year target family safety specifically. The first threat: The growing power of the connected home and potential threats to family data privacy from big corporations. And, the second threat: Risky apps kids use and how companies can use content posted by users.

Both issues are big deals as our homes become more connected in new ways that are both exciting and, frankly, concerning when it comes to the issue of privacy.

So who is brave enough to lose the unwanted guilt weight? Here are a few easy things you can do to start 2018 to get your digital life in shape.

Inventory Your Homefront

Chances are you’ve accumulated a stockpile of digital products you don’t even realize pose a threat to your family’s security. Those devices likely need a password and privacy setting tuneup. Four steps to home safety: 1) Make a list of your devices 2) go into the settings and make the necessary updates 3) if a software update is needed, do that as soon as you get a notification. 4) To streamline that process, consider a central built-in security product that ensures every device in your house is well protected.

Products to put on your list: Smart TVs, digital assistants such as Alexa and Echo, drones, laptops, tablets, personal computers, home automation systems such as The Nest, home security systems, your home network, smartphones, Bluetooth car kits, digital toys, game systems, electronic keypads on doors and garages, digital cameras, baby monitors, and any digital appliance. Even cars can be targets for hackers as seen in the Jeep hack of 2015, in which hackers used a laptop to disable a car’s engine on the freeway and forced Fiat Chrysler to recall hundreds of thousands of vehicles.

With more homes becoming fully connected, experts agree it’s going to become harder to secure your privacy not only from hackers but marketers spying on users for profit. Do your homework on a product’s security standards before you purchase items and know what security gaps are currently in your home. Tip: Companies know that customers rarely read privacy agreements. Weak agreements tempt corporations to frequently change the privacy agreement after the devices and services are deployed to capture more customer information and revenue.

Talk More About the Big 3

Talking to your kids about digital safety is your most valuable defense against family security mishaps. Remind your kids of the Top Three Rules of Digital Responsibility 1) Don’t interact with strangers online 2) Don’t share personal information such as home address, email, birthdate or personal activities and plans and 3) Don’t upload or download inappropriate content or photos. The Internet never forgets and the damage done can be devastating.

Pay Attention to App Privacy

As identified in our threat predictions report, more and more kids are downloading apps with loose guidelines on how companies can use user-generated content. Educate your child about why this poses a danger and how daily interactions with these fun, social apps can affect their reputations in the future.

Slow Down, Click with Care

Living in a streaming, posting, click-here-now world has forced us to read and respond quickly. In doing so, we miss vital details, get in digital misunderstandings, and risk our privacy by clicking suspicious links. In 2018, take back your digital control by merely slowing down. Be it email, texts, social media posts — stop and think before you post, respond, or click links. Cybercrooks understand our habits and are always looking to exploit our weak points.

Make More Meaningful Connections

The ability to connect with others 24/7 can be both empowering and debilitating. We know in our knower when we are spending too much time glued to our smartphone and when our kids are also. Online connections will never compare to the rich relationships we can experience offline. This year, resolve to help your kids maintain a healthy perspective on digital versus face-to-face interactions. A healthy digital balance is especially crucial during tween and teen years since studies show that the more time kids spend online, the more isolation and depression can set in. Resolve to curb screen time by modeling balance, planning physical activity and phone-free outings, and establishing phone free zones in the home.

Remember, in making changes in this new year resolve not to look back. Embrace 2018 for all it is: A clean slate primed and ready for your family to establish and set new habits in motion. You’ve got this!

toni page birdsong

 


Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

 

The post 2018 Resolution: Lose the Weight of Tech Safety Guilt Once and for All appeared first on McAfee Blogs.

5 Cybersecurity Resolutions to Consider for the New Year

2018 is officially here, and you know what that means: a bunch of resolutions that will probably take a back seat come mid-February. While I’m not one for setting unrealistic expectations of myself, there is something to be said about learning from the previous year so I do not repeat the same mistakes.

As I look back on 2017, I can’t help but think of all of the teachable moments in mobile and IoT security. From fraudsters phishing with social media bait to bitcoin mining at your local coffee shop, this year was full of moments that remind us just how tricky our connected lives can be.

So, in light of all the events in 2017, here are the top five “cyber-resolutions” to consider for 2018.

Secure your Social Media

If there’s one thing phishing scams have taught me, it’s that scammers have gotten savvier at social engineering. While social media does a great job at connecting us to our loved ones, it can also connect us to people we don’t want to share our personal information with. Cybercriminals know how to use the information you share on social media to gain access to your personal data. I’ve said it once and I’ll say it again, always make sure your account is set to “private” and is only visible to family and friends.

Don’t skip your updates

With the holidays in our rear-view, many of us probably have a few new devices in our homes. There are so many new and exciting tech toys on the market, it’s hard to avoid getting caught up in the IoT way of life. When you’re interrupted from your shiny new device by a software update, it’s tempting to hit “skip” when you’re eager to get back to your gadgets. But if our hackable gifts have shown us anything, it’s that skipping your updates leaves the door open for hackers. Software updates are important because they often include critical patches to new bugs or flaws in the system. So, resolve to keep your software up to date!

Don’t fall for the free Wi-Fi

When it comes to public Wi-Fi, a VPN is a VIP. Access to the internet on the go is a privilege of the times. But while the Wi-Fi at your local coffee shop may claim to be secure, public Wi-Fi networks lack encryption. If you’re in the habit of using Wi-Fi on the go, get a VPN to scramble the data being sent over the network. Private online activity such as shopping or accessing your banking information without a VPN could expose your sensitive information to hackers. Investing in a VPN is a smart way to keep your private information, private.

Set Better Passwords

I can’t stress enough that using a secure password is one of the best practices for protection on the web. When you’re trying to keep up with all of your logins, it can be tempting to use the same simple combination for every account. But, choosing a solid password should always take priority. Mix it up, throw in some numbers and symbols to complicate the password, stay away from using your birthday, and remember ‘123456’ is never an acceptable password!

Secure your home

Our homes are more connected now than they’ve ever been. It’s important to make sure each individual device is secure. However, securing your connection at the source is as important as securing your front door. Consider using a home gateway with built-in security to ensure every device in your house is well protected.

Let’s start the year off on the right foot. Don’t give cybercriminals the upper hand when it comes to your personal data.

Interested in learning more about mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

 

The post 5 Cybersecurity Resolutions to Consider for the New Year appeared first on McAfee Blogs.

So, Your Child Wants A Smartwatch for Christmas? Here’s What You Need to Know

My youngest son is a Smartwatch fanatic. At the age of 14, he’s already ‘progressed’ through much-loved Pebble and Sony devices. Is it a James Bond thing? Sorry 007, I don’t think so. Rather, Mr 14 is a tech-savvy consumer who always ‘needs’ to have the latest and greatest. Bet you have one of those in your house, too!

If your child is keen to add a Smartwatch to his or her Christmas list, then please take a minute to weigh up the pros and cons. While these flashy looking devices are a super cool fashion accessory that can help us keep an ‘eye on our kids’, there are also some risks. So before you put the call into Santa, here’s some points to consider:

1. Do They Really Need One?

Sorry, I have to ask. Smartwatches are like mini computers that do so much more than tell the time. Most Smartwatch apps are also available on your phone. I totally get that Smartwatch apps may be super handy if you’re a runner who needs to manage your heartrate and buy a latte on- route. But does a teen going to and from school – who also has a smartphone in their pocket – really need one?

2. Can They Help Keep Kids Safe?

Most Smartwatches come with a built-in GPS tracker, so you can monitor the whereabouts of your child. Some models also allow you to set a safe zone that will send you an alert if your child leaves this area. So, yes – if your child wears a Smartwatch, you will be able to monitor their whereabouts which is very appealing to our ‘helicopter’ generation of parenting!

3. What Are The Risks?

In recent months, there has been a growing momentum of privacy concerns surrounding the children and the digital space. McAfee Labs has identified the increasing risk to children’s privacy as one of the top threat predictions for 2018. They believe organisations will use the digital content generated by children to achieve ‘app stickiness’ aka engagement and retention which will jeopardise our children’s privacy.

And they are not alone in their concerns.  Germany’s Regulator, the Federal Network Agency, recently issued a blanket ban on Smartwatches aimed at children, describing them as ‘spying devices’. The agency also issued a strong recommendation to parents who had already purchased such a device to destroy them! In October, the Norwegian Consumer Council (NCC), also reported concerns over the security flaws, privacy concerns and risks posed by unreliable Smartwatch features. Here is a summary of their concerns:

  • Smartwatches can be used to listen in to the child’s environment which means they should be regarded as an unauthorised transmitting device. According to research by the German Federal Network Agency, smartwatches are used by parents to listen to teachers in their child’s classroom.
  • Some Smartwatches had flaws such as transmitting and storing data without encryption making it easier for strangers, using basic hacking techniques, to track your child or make it appear that your child was in a completely different location. This lack of encryption also puts your child’s privacy and identity at risk. This was uncovered by the NCC.
  • The NCC also identified that some of the core features of Smartwatches such as geofencing to set up alerts if kids move outside a pre-set zone and SOS buttons were ‘flakey’ and non-functional which gave parents a false sense of security.

How To Secure Your Smartwatch

If your teen is still committed to the idea of a Smartwatch, there are steps you can take to better protect your child’s privacy. Remember, we don’t live in a perfect world, so it’s all about risk management!

  • Do not keep any personal information on your watch especially banking and credit card details and your address.
  • Don’t download apps for the Smartwatch from unknown sources. They may be designed to mine your personal information.
  • Keep your Smartwatch up to date. As soon as software updates become available, download them immediately to prevent cyber criminals from hacking your device.
  • Use complex and unique passwords when setting up the device and creating any new accounts. A combination of lower and upper case, letters, numbers and special characters is ideal.
  • Only use secured Wi-Fi networks when connecting to the internet – avoid public Wi-Fi.
  • Provide the bare minimum of required information when inputting information for user accounts.

Being a first-generation digital parent is really tough. The lure of the latest, shiniest tech offerings can be so very enticing, yet we need to make the tough calls and ensure our kids are safe! As a parent, if you aren’t convinced that any device – including a Smartwatch – will keep your children or your personal information safe, then just don’t buy it. It’s that simple!

Happy Christmas!

Alex xx

The post So, Your Child Wants A Smartwatch for Christmas? Here’s What You Need to Know appeared first on McAfee Blogs.

How to Make Sure That Shiny New Device Does Not Get Hacked this Holiday

Across the country, there’s an awkward pause on Christmas morning no one wants to talk about. It’s that moment when someone opens a gift doesn’t contain some form of shiny, new technology.  Not ready to admit that yet? Okay, Dads, would you prefer a bottle of aftershave or a drone? Moms, would you rather have a pair of slippers that look like hairy bear claws or a fitness tracker? Would Johnny Jr. enjoy a new backpack or a new smartphone? Exactly.

Going gaga over shiny new gadgets is nothing to be ashamed of. Ideally, you should enjoy every moment and megabyte — minus the worry of being hacked. In this third year of McAfee’s Most Hackable Holiday Gifts survey, based on consumer behavior, there are some specific ways to secure your new gifts.

Are You a Ted or a Ned?

This year we’re introducing Ted and Ned, two little elves who have very different ideas of how to protect their digital devices. Going through this fun, short animated clip with your family is a great way to explain digital security to your kids and get them thinking about personal online safety. So, before firing up those new gadgets, take a few minutes to dive into the misadventures of Ted and Ned. Ask your child if he or she will be more like Ted (careful) or a Ned (careless) with their new toys.

Survey: Security Still Not a Priority

Taking the top spot for most-hackable items are our beloved laptops, smartphones, and tablets. Also, drones, digital assistants, connected toys, and digital appliances took top spots. Much like last year, the  2017 survey revealed that while consumers realize the importance of protecting their online identity and internet-connected devices, they still are unsure if they are taking the right security measures or aren’t too concerned with making device security a priority. Of the 1,206 adults surveyed this year, 20% of consumers are not worried about internet security and would still buy a must-have connected device if they knew it was susceptible to security breaches. For 40% of those surveyed, security is not a top priority when purchasing but is considered after purchase.

And concerns about digital toys? Most consumers agree that security is a necessity for laptops, tablets, and smartphones (69%). But, only 22 percent believe connected toys require protection. Also, 29 percent think drones should be protected, and 56 percent believe that digital assistants need to be secured.

The Risks Are Real

Having a toy or a washing machine hacked sounds farfetched but hackers view our digital devices as unlocked doors into homes. They target built-in microphones, cameras, and location-based services to access your family’s personal information in order to conduct financial and physical crimes. With any phone or tablet, thieves can woo you into clicking or downloading malicious links and apps. With drones, consumers need to be aware of risks associated with drone jacking and fake Wi-Fi signals from rogue drones.

In short, as consumers, we still have a security gap to close. Let’s get started! Here are a few tips to give your family clarity on digital security.

  • Keep it simple: Securing a new gift often takes five minutes much like registering for a product warranty. So make going into a product’s privacy settings a holiday routine and teach your kids to do the same. Keep the process simple device security is more likely to become a habit in your family.
  • Research before you purchase: Not all manufacturers take security seriously, especially when it comes to connected toys, so it’s important to research if there have been any reported security vulnerabilities before purchasing toys.
  • Think before you click: One of the easiest ways for cybercriminals to compromise your device is using a malicious link. Don’t trust a link or other solicitation that you are not expecting.
  • Update, update, update: Whether it’s your PC, smartphone, digital assistant or even your drone, keep the software up to date. Manufacturers plug security holes with device updates, so it’s crucial to install the latest versions as soon as possible. When applicable, use up-to-date security software.
  • Beware of shady public Wi-Fi hotspots: Cybercriminals often deploy fake Wi-Fi hotspots that appear to be legitimate but give them visibility into your browsing habits. If you have to use public Wi-Fi refrain from online shopping or banking. Take extra precautions when linking your life to the world-wide web. If you need to shop or bank on public Wi-Fi, use a Virtual Private Network (VPN).
  • Lock down your home network: Secure all of your connected devices and your home internet at its source — the network. Avoid routers that come with your ISP (Internet Security Provider) since they are often less secure. And, be sure to change the default password and secure your primary network and guest network with strong passwords.

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post How to Make Sure That Shiny New Device Does Not Get Hacked this Holiday appeared first on McAfee Blogs.

The big things at CES? Drones, privacy and The Internet of Things

F-Secure is back from CES — where the tech world comes together in Las Vegas to preview some of the latest innovations – some which might change our lives in the coming years, others never to be seen or heard again.

Inside the over 200,000 square meter exhibit space, Drones flew, and made a fashion statementhearing aids got smartphone appsand 3-D printers printed chocolate.

We made a stir of our own with Freedome. Our David Perry reminded the industry professionals that the mobile devices nearly all of them were carrying can do more than connect us.

“I want you to stop and think about this,” he told RCR Wireless News as he held his smartphone up on the event floor. “This has two cameras on it. It has two microphones. It has GPS. It has my email. It has near-field detectors that can tell not only where I am but who I’m sitting close to. This is a tremendous amount of data. Every place I browse on the internet. What apps I’m running. What credit cards I have. And this phone doesn’t take any steps to hide my privacy.”

In this post-Snowden world, where professionals are suddenly aware of how much their “meta-data” can reveal about them.

Privacy also played a big role in the discussion of one the hottest topics of 2015 — the Internet of Things (IoT).

The world where nearly everything that can be plugged in — from washing machines to light bulbs to toasters — will be connected to the internet is coming faster than most predicted. Samsung promised every device they make will connect to the net by the end of the decade.

If you think your smartphone holds a lot of private data, how about your smarthome?

“If people are worried about Facebook and Google storing your data today, wait until you see what is coming with #IoT in next 2-5 years,” our Ed Montgomery tweeted during the event’s keynote speeches, which included a talk from US Federal Trade Commission Chairwoman Edith Ramirez that tackled privacy issues on the IoT.

Newly detected attacks on home routers suggest that the data being collected in our connected appliances could end up as vulnerable to snoops and hackers as our PCs.

Some fear that these privacy risks may prevent people from adopting technologies that could eventually save us time, effort and energy.

At F-Secure we recognize the promise that IoT and smart homes hold and we’re excited about the coming years. But we also understand the potential threats, risks, and dangers. We feel that our job is to enable our customers to fully enjoy the benefits of IoT and that is why we’re working on new innovations that will help customers to adopt IoT and smart home solutions in a safe and controlled way. It will be an exciting journey and we invite you to learn more about our future IoT solutions in the coming months.

We at F-Secure’s IoT team would like to hear from you! Are you ready to jump on the IoT? What would your dream connected home look like? Or have you perhaps already set up your smart home? What are you worried about? How could your smart home turn into a nightmare?

[Image by One Tech News | via Flickr]

For an Internet of Things, We Are Going to Need Better Things

There's a lot of hype around at the moment about "The Internet of Things" (IoT), which, I suppose, is all about attaching, uh, things to the Internet. By "things", it seems we are supposed to be thinking household goods, vehicles; basically anything with electrical current running through it is a candidate for the "internet of things".

While setting up a cheapo DVD player last week, I couldn't help thinking of Chief Brody in the film "Jaws"... "You're going to need a bigger boat", he says, on seeing the enormous shark. We're going to need a bigger mindset on security if we are to survive the onslaught of "things". The firmware in the kind of devices we are already routinely connecting up is drivel. I mean some of it is absolute garbage. I know there are exceptions, but most of it is badly built, and almost none of it is ever updated.

Each of these devices is likely perfectly capable as a host in a botnet - for DDoS, for sending SPAM, SPIM and SPIT (OK, we are yet to see much in the way of unsolicited Internet Telephony... but with the IoT, devices built to make calls/send texts are likely to get hijacked), so each of these devices has a value to the Internet's vast supply of wrongdoers.

Researchers at Eurcom recently completed a study showing up vulnerabilities in the 30 thousand or so firmware images they scraped from vendor websites. Apparently one image even contained a linux kernel whose age had just hit double figures. Ouch. The "Nest" next-gen thermostat hasn't been without issues either, a high profile target, at least we can expect firmware updates from them!

Synology's NAS storage devices are among the early victims of malware attacking non-traditional computing devices, and may be an indication of IoT issues to come. Users of these storage devices have found themselves victim of a crypto-ransomware attack: their files are encrypted, and the encryption keys offered for sale back to them! Other early warnings come in the form of attacks on SCADA industrial control systems. These are all places that traditionally, little or no emphasis has been placed on security.

What can we do to help ourselves here? My advice is be careful before you buy anything you're going to add to your network. Look to see if the vendor has a firmware download, and if there's a recent-ish update. If they're the fire'n'forget types, you're probably not going to want to deploy it.

Footnote: Gartner appears to believe the Internet of Things to have reached "peak hype". Reminds me of an old saying about those dwelling in vitreous abodes launching masonry...