IoT Buzz at CES: Will Security Make it Through the Noise?

By | January 8th, 2016|Industry News|

CESHundreds of thousands of tech enthusiasts and innovators from around the world make their annual pilgrimage to Las Vegas for the Consumer Electronics Show (CES) this week.

The technology conference and trade show, whose attendees last year represented 82 percent of Fortune 100 companies, features some of the most exciting and newest technologies, encompassing everything from the latest developments in wearables, to connected cars, to robotics.

One area of focus in particular that has grown significantly from year to year is the Internet of Things. According to CIO, last year, more than 900 companies showcased IoT-enabled devices at CES. This year, many predict this number to be markedly higher. Some are already calling CES 2016 “the year IoT took over.”

Major global companies like Ericsson, NETGEAR, Cisco and others have already unveiled either new products or programs specifically for IoT devices aimed to enhance the connected home.

If you’ve been following along with us, you know that we’ve already discussed security vulnerabilities and concerns around the IoT on the blog – including it as one of our key 2016 trends and diving into the topic in our fourth episode of Firewall chats with CSID Chief Innovation Officer, Adam Tyler. There’s no doubt that though these connected devices may bring more efficiency and convenience to our everyday lives (and, there is of course, the “cool factor” – who doesn’t want a fresh pot of coffee ready for them before waking up?) we must understand what we may be sacrificing from a security perspective.

As the IoT is still relatively new, many developers are prioritizing functionality before security. With IoT devices, there is a level of uncertainty with network accessibility, as with anything connected to the Internet. Even when considering seemingly innocuous connected devices (like a connected refrigerator or coffee maker), there may be network vulnerabilities that allow a hacker to access the owner’s more sensitive information, like their email or bank account.

ZDNet reported that while concerns around privacy and security within the IoT may be on the rise, it still may be an “afterthought” for consumers this year at CES. Companies that have already very publicly expressed their investment in IoT security include Panasonic, Samsung, and Dojo-Labs, which, while a step in the right direction, is feared by some industry experts to possibly be too late, as the number of connected devices is expected to grow to more than six billion by next year, according to Gartner.

Will 2016 be the year that security comes into focus as IoT becomes the dominant topic of conversation at CES, or will it continue to take a back seat? And are companies acting quickly enough as our connected world rapidly grows? We’d love to hear what you think. Weigh in with us on Facebook, Twitter or LinkedIn.

2016: Mobile, IoT Threats on the Horizon

By | December 21st, 2015|Industry News|

Cybersecurity TrendsLast week we recapped the big happenings of 2015 for CSID. This week, we’re switching gears to look ahead to 2016 and the trends we expect to dominate in the year to come.

All eyes on mobile
The rise of mobile payments (and recent participation from major players like Apple, Android and financial institutions like Chase), has made mobile a more attractive target than ever for cyber criminals. We expect that fragmentation, especially within the Android ecosystem, will exacerbate the problem, as different manufacturers are running multiple versions with no agreed-upon update system. This is an increasing problem particularly in the developing world where consumers are using older devices that are no longer supported by the manufacturer and as a result, no longer receive the critical patches and updates to address security flaws.

Additionally, as we look to the future, mobile attacks will be simpler than ever to implement. Just one example of this that we saw in 2015: the iOS text crash, where victims were infected just by opening a multimedia message (MMS). In 2016, we’ll see a rise in these simply orchestrated, yet impactful attacks on mobile devices.

Macs no longer immune to attack
While once seemingly impossible to penetrate, Macs will become the victim of increased focus from cyber criminals as they continue to gain popularity.

A recent report from Bit9 and Carbon Black states that 2015 was the most “prolific year for Mac malware in history.” Specifically, the report suggests that the OSX malware during this past year was a staggering five times more prevalent than the past five years combined.

It’s clear that Mac OSX is now a platform that we need to be concerned about. We’re no longer living in days where we can opt out of OSX updates and not worry about the materials we download. We’ll need to exercise increased caution across all of our devices in 2016.

The dark web as marketplace of ideas will exacerbate attack reach and impact
More than ever, we’ll see cyber criminals using the dark web to share tips and tricks amongst each other, making advanced threats and attacks more accessible to general users. With this, we’ll also see a rise in younger, less experienced, and non-traditional cyber criminals orchestrating attacks. The National Crime Agency recently reported that the average age of a cyber criminal has dropped to just 17 years old.

Malvertising and drive-by downloads will increasingly deceive users
We’ll see a rise in malvertising on legitimate, credible sites – like Forbes, BBC, and other top tier sites – that are sourced by external adware networks.

Malvertising, which takes the shape of seemingly innocuous ads on the internet, will infect users’ devices if clicked. What’s more, drive-by-downloads, which require a user to just visit a website to infect their device, will grow in popularity and be spread through MMS.

Internet of Things players will need to prioritize security
We’re seeing the Internet of Things (IoT) continue to gain momentum as more and more connected devices are brought to market. In 2016, developers will need to make security a priority. Even seemingly benign devices (like your connected refrigerator or thermostat) can serve as a pathway into your most sensitive information.

Vulnerabilities in in-car entertainment systems earlier this year demonstrated how hackers could, somewhat easily, take control of the car’s steering, brakes, and other vital features. In 2016, we’ll see an increasing focus on the security of the IoT, which may cause a shift in priorities at the product development level.

Keep an eye out for these trends in our “click-to-reveal” series on Twitter and stay up to date with the latest CSID news by following us on Facebook and LinkedIn.

Firewall Chats, Ep. 4: The Internet of Things

By | December 1st, 2015|Firewall Chats|

PodcastToday, our fourth episode of Firewall Chats is live! In this special edition, we put the spotlight on CSID’s own Chief Innovation Officer, Adam Tyler.

Tyler’s expertise spans far across the ever-changing security landscape. He speaks frequently around the globe on identity protection and fraud detection, cybersecurity trends, and evolving hacking and attack methods. Additionally, Tyler is a passionate expert on the Internet of Things…or rather, the security of the things.

According to Cisco, there are already 10 billion things that can connect to the Internet. This number is expected to grow substantially within the next few short years. It’s predicted that by 2020, the number of devices connected to the Internet will exceed 50 billion.

“The Internet of Things is an incredible concept,” Tyler said. “It’s about accessibility. It’s about making the whole of our homes connected and manageable remotely.”

With each new device, our lives have the ability to become more convenient, more efficient. We recently wrote about how music festivals are using smart technology to make the concert-going experience more seamless. New coffee makers and household appliances can learn your preferences. Our cars are quickly evolving to contain multiple in-vehicle services, and many may soon become driverless. Our wearable devices monitor our vital signs and share how we can eat better and sleep sounder.

While these advances are exciting, the convenience of these products brings great risk to the security of our information.

“The problem is these devices are being designed with functionality first and not security,” said Tyler. “Any device that we’re connecting to the Internet and making available to the outside world can be accessed, can be pinged, can be targeted by malicious acts.”

While our smart fridge may not hold any data, the connection it shares with other devices and the Internet can jeopardize our information. Tyler is passionate about making sure listeners are aware and wary of how their data is being collected and used within this rapidly evolving world.

In this episode, Tyler helps us separate IoT fact and fiction, discusses how hackers have already interfered with smart cars, and shares tips so we can protect our information today…and tomorrow. To hear it all, listen on www.CSID.com/FirewallChats, and reach out to us on Twitter and Facebook  to let us know what you think.

Save the Date: Our last episode in our pilot series will air on Tuesday, Dec. 15, and feature Encap Security’s Adam Dolby on the topics of scams, malware, and phishing attempts.

Welcome to Firewall Chats

By | October 9th, 2015|Firewall Chats|

PodcastWith all the excitement and hype surrounding podcasts like “Serial” and “This American Life,” we finally decided it was time we hosted an ear-bud friendly conversation of our own.

Next week, we are thrilled to debut a brand new podcast called “Firewall Chats.” Our pilot series explores five hot topics with five talented industry experts. Together, we weigh in on the latest conversations surrounding social media security, two-factor authentication, identity theft, privacy, and the ever-expanding Internet of Things.

In our debut episode, we’ll learn about the price of oversharing on our favorite apps and social platforms with Chris Crosby, managing director of SociallyActive.com. Can a Facebook post lead to identity theft and fraud? How do we stay safe on the latest networks, like Periscope and SnapChat? We’ll discuss tips to secure your favorite accounts and how to create a conversation at home about safe digital sharing.

Next, we dive into cybersecurity trends with our friends at Christian Science Monitor’s Passcode, one of the fastest growing cybersecurity publications online. Editor Michael Farrell gives listeners a glimpse of the on-going work inside Passcode to cover news in government, policy, and cyber threats.

Katie Stephens, the education program manager at The University of Texas’ Center for Identity, stops by in our third episode to give us all the facts on taking control of our privacy. Stephens addresses how consumers can adopt small, simple habits to help keep their most precious information safeguarded from cyber criminals.

Our fourth episode spotlights CSID’s own Adam Tyler. Our passionate colleague speaks frequently on our increasingly connected world, and the privacy and security challenges we can anticipate as we reach 50 billion connected devices in 2020. In this podcast, we explore the devices we welcome into our home and our garages. What data is being collected? What are the dangers? Find out a little later this fall.

Closing our pilot season is Encap Security’s Vice President of Business Development Adam Dolby, who takes time to chat with us about scams, malware, and phishing attempts. Did you know that there are roughly 156 million phishing emails sent globally every day? What are the warning signs of a scam? What is two-factor authentication and how do we implement in on our most important accounts? Listen to learn.

We are proud of this new channel and hope it serves as another great platform to share resources and timely news with both businesses and consumers. Have comments, questions? Want to see a topic addressed in a future episode? Let us know on our new Firewall Chats social channels on Twitter and Facebook. Thanks for listening!

Understanding the IoT Convenience/Security Tradeoff

By | October 8th, 2015|Identity Protection, Industry News|

IoTIf you’ve been to a music festival recently, you may have noticed something convenient about your wristband. Sure, it serves its main purpose of getting you into the event, but with recent technology, it now has the capability to do quite a bit more.

Take for instance Austin City Limits music festival, which took place last weekend and will run again this coming weekend here in Austin. Festival-goers have the opportunity to load their credit card information onto their wristband either online or via the mobile app to alleviate digging around in their bag or wallet in the middle of a busy crowd. Simply hold the chip in your wristband up to the POS reader on the vendor’s iPad and voila! You’ve paid for your drink, snack, or souvenir.

Sounds convenient, right? But consider this: As you exit the festival, there are people lined up, eager to buy your wristband from you. Sell it, and it won’t take much for the person to gain access to the personal information associated with the wristband and your credit card info. It would just be a matter of cracking your four-digit pin that you had set up when registering your wristband.

This is just one case to consider, which opens up a broader discussion around what we may be sacrificing from a security perspective in the era of wearables and the Internet of Things.

Wearables, particularly fitness bands, have taken off in the past few years. PwC recently reported that more than 20 percent of U.S. adults already own at least one wearable, and that there will be as many as 50 billion new connected devices by 2020. What users may not realize is that wearable tech creates a new opportunity for a massive quantity of private data to be collected – with or without the user’s knowledge.

Symantic threat researcher Candid Wueest recently shared with Wired that it’s not so much about the level of danger people put themselves in wearing wearable devices, but more about the fact that at this point, developers are not prioritizing security and privacy. From his research, Wueest found that some devices sent data to a staggering 14 IP addresses. During his demonstration at Black Hat, Wueest identified six Jawbone and Fitbit users in the audience, showing how easy it was to find users’ locations, and specific details down to the time they left or entered the room.

But is it the wearable itself that poses the actual security threat? Gary Davis of Intel has explained (and we agree), that the weakest link is actually a user’s mobile phone, not the wearable itself. Most wearables link to your mobile phone, which, in comparison to the wearable device, hosts an exponentially greater amount of data, making it an irresistible target for hackers.

Before you cancel your order on that new fancy fitness tracker, keep this in mind: There are a number of simple, common sense steps you can take in order to protect your data. Consider buying a wearable that comes equipped with remote-lock capabilities, so that you can lock or erase its data if it is stolen. Also, as always, use a password to protect your device, use biometric authentication whenever possible, and keep an eye on user reviews online.

Stay tuned to the blog for more cybersecurity news throughout National Cyber Security Awareness Month. Share your thoughts with us on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

 

Industry News Recap: Connected Automobile Security

By | September 30th, 2015|Industry News|

Car SecurityTwo weeks ago we published a blog on security in the Internet of Things, part of which addressed recently uncovered vulnerabilities in automobile software. Since that time, concerns about cars and cybersecurity have remained in the news.

Hacked cars have made headlines before, but the issue was recently thrust back into the spotlight when white hat hackers Charlie Miller and Chris Valasek revealed a flaw in Chrysler’s Uconnect system. The flaw allowed them to steer the vehicle, change its speed, disable the brakes and shut off the engine as it sped down a highway – all from the comfort of their couch. The two described the hack as “fairly easy” and “a weekend project.”

An article in Wired covered this demonstration in detail and included the fear-inspiring conclusion that if this flaw is not fixed, “the result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.” Days later, Tesla Motors was featured in a similar story, a sign that the auto industry’s connected cars are just as vulnerable to breach as our other Internet-connected devices.

There has been an evolving conversation around car security. As a result of Miller and Valasek’s research, Chrysler issued a recall on more than a million vehicles. Meanwhile, according to Dark Reading, “the automobile industry at large began to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features.” Dark Reading also published a list of the world’s most hackable cars, while security influencers began weighing in on the best ways to reduce car hacking threats.

As of September, the ongoing conversation has yielded some promising progress. Miller and Valasek announced that they are joining Uber’s Advanced Technologies Center “to continue building out a world-class safety and security program at Uber.” Intel, a company with plenty of clout in the auto industry, also recently published a “Best Practices” white paper, providing recommendations for automakers to outfit their vehicles for privacy and cybersecurity “in the era of the next-generation car.”

The bonus of all the attention on car security? IoT security as a whole has been given more attention. Cars have not only pushed the Internet of Things forward, they have also reminded the world that as soon as anything is connected to the Internet, it becomes vulnerable to external parties.

Let us know what you think about security and the IoT on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Securing All the Things: IoT Myths and Realities

By | September 4th, 2015|Uncategorized|

IoTThe Internet of Things isn’t a new concept – but it’s certainly one that has gained momentum, particularly within the last year. Recently, we’ve seen more and more connected devices come to market. While connecting our world may bring added convenience to our everyday lives, it’s important to question what we may be sacrificing from a security perspective.

Back in April, news broke around a software glitch that enabled hackers to take control of a Jeep Cherokee while on the road. Cybersecurity experts Charlie Miller and Chris Valasek, working from laptop computers at home, were able to break into the Jeep’s electronics through the entertainment system. The experts were then able to change the speed of the vehicle, alter its braking capability, and manipulate both the radio and windshield wipers. The two described the hack as “fairly easy” and “a weekend project.”

It was recently discovered that not even Tesla Motors is immune to being hacked. This, again, was an attack orchestrated through the car’s entertainment system, though it took closer to a year to pull off. Researchers were able to apply the emergency hand brake, remotely lock and unlock the car, and control the touch screen displays. There is good news – Tesla has already developed a fix, which has been sent to all of the affected vehicles.

Something rarely discussed that warrants consideration from both security professionals and consumers alike is the danger brought on by seemingly innocuous connected products (think: “smart fridge” or “connected toaster”). While the thought of a hacker gaining control of a refrigerator is perhaps less daunting than the idea of them taking control of your steering wheel while on the highway, the reality that these products may serve as a gateway to more sensitive information is something that cannot be ignored.

Just a few weeks ago, a team of hackers uncovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that showed it could be exploited to steal Gmail users’ login credentials. What’s most concerning about this is hackers were able to access a sensitive network, containing users personally identifiable information, through hacking into the refrigerator.

There has been a lot of fear around smart medical devices – but this is one area that may be considered more IoT “myth” than “reality.” Most medical devices don’t currently appear to be connected to the Internet, but rather through Bluetooth. Additionally, because most medical appliances are smaller scale, it’s virtually impossible to integrate a mobile phone connection into devices of this size. Consumer fears around having cellular waves inside the human body have also kept these devices from operating on a mobile phone connection.

Fears around connected smart watches may also be considered an IoT “myth,” at least at this stage, as most are not directly connected to the Internet. That being said, last month HP did discover some major areas for concern, finding that most smart watches did not have two-factor authentication, were vulnerable for man-in-the-middle attacks, and had poor firmware updates.

It’s an interesting debate – and one that will undoubtedly continue as more companies introduce products to compete in this space. What do you think about security risks with the Internet of Things? Weigh in with us on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Load More Posts