Tag: security

Developing the world of trustworthy data

Recent security problems start focusing the minds of those designing the Internet of Things and connected cars

Last month’s remote hacking of Jeeps through their entertainment systems was a wake up call to the technology industry as it underscored the risks of connected devices and now a series of initiatives are looking at improving the security landscape.

One of the benefits of the new top level domain regime, despite its reeking of rent seeking by the ICANN names agency, is larger companies and industry groups can improve management of their online identities and those of the services and devices their operations rely upon.

Top level security

Having their own top level domains and being able to issue security certificates for devices and services within their own walled gardens means financial institutions, hardware vendors and service providers can have more confidence in the identities of those they are dealing with.

Bloomberg Business examines how corporations are applying for domains to enhance and while the focus is on guaranteeing the veracity of their websites, the scope in having done that expands to a range of other application, particularly that of ensuring everything from bank point of sale equipment through to connected cars and kettles are authenticated.

A top level domain is only part of the answer though and for the systems to work effectively there has to be more sophisticated ways for systems to ensure they are talking to trusted parties. This need becomes particularly acute with automated systems making business decisions in milliseconds where corrupt or incorrect data can cause havoc with financial markets or supply chains.

Blockchain’s potential

Some of the work being done around Bitcoin, particularly with the use of Blockchain technology to ensure transactions are valid, is one intriguing area where researchers are looking at ensuring all parties in a connected society are genuine and trustworthy.

It’s early days yet in the development of these services and there will be many mistakes as businesses and consumers adopt services where security hasn’t been properly thought through or implemented.

As Chrysler found with the Jeep hack, the risks of getting it wrong are real and potentially fatal and it’s notable Uber has hired the researchers who discovered that vulnerability to design security for their driverless car project.

Trustworthy data

With autonomous vehicles authentication is essential, not just for the passengers or operator starting the car but for all the devices and services communicating from outside and within. As the Jeep hack showed, the braking system needs to have confidence the instructions its receiving are genuine and not coming from a malicious outsider.

Outside the car other services will be communicating, the vehicle’s navigation system needs to be confident the mapping information it’s receiving is reliable and from the genuine provider. Similarly plans to reduce the road toll using roadside devices and other cars needs to ascertain the data being transmitted about highway conditions is trustworthy.

It’s often said computers are only as smart as the data going into them – garbage in, garbage out is the classic saying of the computer industry. As we move into a world where more decisions are being made by machines, those systems are going to become more demanding that information is trustworthy.

Similar posts:

  • No Related Posts

Google’s Android problems point the way for the Internet of Things

How Google handle ongoing Android security issues will be a pointer for protecting the Internet of Things

As regular security problems are being exposed in the Android operating system, Google and Samsung have announced regular updates to their devices and software.

For long timers in the IT industry this is a return to the Microsoft days of Patch Tuesdays, the monthly bundle of updates for Windows and Office the company used to issue on the first Tuesday of each month.

While Android has nothing the like the problems Microsoft did in the early 2000s with the explosion of malware that crippled millions of users, the risks to the Google system are real with some predicting a security armageddon.

For users, there’s a serious question in the problems facing Android system in that unlike the Windows systems the rollout of updates is controlled by the telcos or handset vendors rather than the software developers.

As a consequence many older devices simply aren’t being updated leaving millions of smartphone users exposed to malware and having no way of fixing known security problems.

The problems facing Android are common across the entire Internet of Things, how Google respond the current smartphone security problems is going to be a pointer for the rest of the IoT sector.

Similar posts:

  • No Related Posts

The need for an IoT manifesto

As the internet of things rolls out, more care in the design of products and services will be needed

Last May at the ThingsCon conference in Berlin a group of European designers came together to form the IoT Manifesto.

Now vendors have the ability to put a chip into almost anything companies and designers are tempted to add connectivity simply for the sake of doing so.

In many cases this is opens up a range of security risks ranging from the screaming baby monitor to the hackable jeep.

Coupled with the security risks of your intimate devices being hacked there’s the related privacy risks as millions of devices collect data ranging from how hard you press your car’s brake pedal through to last time you burned your breakfast toast.

In an era where governments and businesses are seeking to amass even more information about us, there are genuine concerns about what that data is going to be used for and why it is being collected in the first place.

The IoT manifesto looks to manage these problems facing the sector through ten guiding design principles;

  1. Don’t believe the hype around the IoT
  2. Only design useful things
  3. Deliver benefits to all stakeholders
  4. Keep everything secure
  5. Promote a culture of privacy
  6. Gather only a minimal amount of data
  7. Be transparent about who that data will be shared with
  8. Give users control over their data
  9. Design durable products
  10. Use the IoT and its design to help people

All of the principles are laudable and it’s not hard to think that meeting the guidelines would make devices and services that aren’t just useful and safe but also simpler, cheaper and more effective.

There’s many ethical, business and safety issues facing the Internet of Things as connected devices rollout across almost every industry. The IoT Manifesto may well be a good framework in which to design them and the cloud services they’ll depend upon.

Similar posts:

  • No Related Posts

Security, smartcars and Microsoft Windows – ABC Nightlife July 2015

Security problems with smartcars and dating sites along with asking if a new version of Microsoft Windows matters any more

Security problems with smartcars and dating sites along with asking if a new version of Microsoft Windows matters any more are the topics for July’s Nightlife tech spot.

Paul Wallbank regularly joins Tony Delroy on ABC Nightlife on to discuss how technology affects your business and life.

If you missed this month’s show, you can listen to the program through the ABC website.

July’s Nightlife

A decade ago people lined up all night for a new version of the Windows operating system. Next week Microsoft will be launching Windows 10 to an indifferent market place, does what was once the world’s biggest software company matter anymore in a world of smartphones, connected cars and cloud computing?

Some of the questions we’ll be answering include.

  • So what are Microsoft announcing next week?
  • What happened to Windows 9?
  • Does Windows really matter any more?
  • The internet has changed things but not always for the better. What about connected cars being hacked?
  • Is this a bigger problem than just connected cars when we’re seeing things like kettles being wired up to the internet?
  • Of course it’s not just cars suffering problems on the Internet, adult dating site Ashley Madison has had potentially 37 million customers’ details leaked online.
  • Could this happen to any business? How do we protect ourselves?

Listeners’ questions

A few of the questions from listeners couldn’t be answered on air.

Running Flash of iPhones and iPads: Steve Jobs’ hatred of Adobe Flash was legendary and as consequence iOS devices like the iPhone and iPad don’t come with the ability to run the software. That’s a problem for those who need Flash for some packages.

The Puffin web browser gives iPad and iPhone users the ability to use Flash on their devices and is available from the iTunes store.

Securing Android: While smartphones are less prone to viruses and malware than personal computers, they still are at risk. For Android users there is no shortage of choice for security packages, some of which include;

Android power hogs: A downside with smartphone apps is they can drain battery life. One excellent feature on Android phones is the ability to easily check what’s using your juice.

  • Open device settings
  • Scroll to “about phone”
  • Click on “battery use”

Join us

Tune in on your local ABC radio station from 10pm Australian Eastern Summer time or listen online at www.abc.net.au/nightlife.

We’d love to hear your views so join the conversation with your on-air questions, ideas or comments; phone in on 1300 800 222 within Australia or +61 2 8333 1000 from outside Australia.

You can SMS Nightlife’s talkback on 19922702, or through twitter to@paulwallbank using the #abcnightlife hashtag or visit the Nightlife Facebook page.

 

Similar posts:

  • No Related Posts

A series of weak links

Security continues to be a challenge for Internet of Things vendors

One of the ongoing discussions in the world of the Internet of Things are the security weaknesses in many devices that leave networks vulnerable to rogue devices or malicious hackers.

A good example of this is Craig Hockenberry’s post on his Furbo.org site on how bugs in Apple’s Bonjour software messes with networks.

While Apple won’t say what causes this issue – an ominous point in itself – Hockenberry surmises it’s due to older software in some devices that no longer have updates available, which is another problem facing the IoT.

On top of Hockenberry’s story, a piece in Threat Post reports the Open Smart Grid Protocol has serious security issues.

The writers of the package that’s installed on more than four million smart meters and similar devices worldwide decided to write their own encryption algorithm that has proved easy to break.

So the smart home which might feature both a slew of Apple devices and one of these exposed smart meters has a range of security holes that the occupier has no idea about. This hardly breeds confidence.

As the Internet of Things is rolled out, security is going to have to be at the front of developers’ and vendors’ minds. The stakes are too high for shoddy and ill thought out compromises or for vendors like Apple who rate secrecy over their customers’ security.

Similar posts:

  • No Related Posts

Hacking medical devices

Security researchers show how easy it is to hack a medical robot

Security experts have hacked a teleoperated surgical robot Security experts hack medical robot.

In a recently published paper, a group of academics showed how they had been able to change the instruction sequences, override commands or even take full control of the Raven II medical robot.

That such a lack of security isn’t in the least bit surprising is a sad commentary on the world of connected devices and the Internet of Things.

At the root of this problem is the software running this equipment has security added, at best, as an afterthought given the designers work from the assumption operators are in the room with the equipment,

If we’re going to connect these devices to the public internet then security has to be built into them from the beginning.

Whether we’re discussing remote medical equipment, driverless cars or the smart home, hardening and securing IoT devices is going to be of today’s industrial challenges.

Similar posts:

  • No Related Posts

Microsoft’s server clock counts down

Microsoft’s ending of support for Windows Server 2003 marks the end of the box software era.

One of the challenges facing Microsoft are the millions of users quite happily using the company’s older products.

While Windows XP is by far the biggest problem – only last year the number of systems running the fourteen year old operating system still outnumbered those running the latest version – Microsoft faces similar issues with its server 2003.

This week Microsoft warned support for Windows Server 2003 has entered its last one hundred days and urged customers to look at shifting onto new systems.

Interestingly most of the case studies they cite involve customers moving from on premise servers onto cloud services.

While that’s very good advice as most customers, particularly small businesses, don’t have the capabilities it shows how the industry has shifted in the last twelve years.

For most of those companies a decade ago cloud service, or Software as a Service (SaaS) as it was known then, weren’t available for most business functions. Today they are the norm and usually the best option for smaller operations.

That shift to the cloud has meant an entire industry now faces extinction as the army of suburban IT service companies that once maintained those servers are now largely redundant.

As the clock ticks down on Windows 2003 server so too does it for all the businesses that once depended upon the PC industry.

Similar posts:

  • No Related Posts