Paul Wallbank – Brilliant Communications

Tag: security

  • Hacking medical devices

    Hacking medical devices

    Security experts have hacked a teleoperated surgical robot Security experts hack medical robot.

    In a recently published paper, a group of academics showed how they had been able to change the instruction sequences, override commands or even take full control of the Raven II medical robot.

    That such a lack of security isn’t in the least bit surprising is a sad commentary on the world of connected devices and the Internet of Things.

    At the root of this problem is the software running this equipment has security added, at best, as an afterthought given the designers work from the assumption operators are in the room with the equipment,

    If we’re going to connect these devices to the public internet then security has to be built into them from the beginning.

    Whether we’re discussing remote medical equipment, driverless cars or the smart home, hardening and securing IoT devices is going to be of today’s industrial challenges.

    Similar posts:

    • No Related Posts
  • Microsoft’s server clock counts down

    Microsoft’s server clock counts down

    One of the challenges facing Microsoft are the millions of users quite happily using the company’s older products.

    While Windows XP is by far the biggest problem – only last year the number of systems running the fourteen year old operating system still outnumbered those running the latest version – Microsoft faces similar issues with its server 2003.

    This week Microsoft warned support for Windows Server 2003 has entered its last one hundred days and urged customers to look at shifting onto new systems.

    Interestingly most of the case studies they cite involve customers moving from on premise servers onto cloud services.

    While that’s very good advice as most customers, particularly small businesses, don’t have the capabilities it shows how the industry has shifted in the last twelve years.

    For most of those companies a decade ago cloud service, or Software as a Service (SaaS) as it was known then, weren’t available for most business functions. Today they are the norm and usually the best option for smaller operations.

    That shift to the cloud has meant an entire industry now faces extinction as the army of suburban IT service companies that once maintained those servers are now largely redundant.

    As the clock ticks down on Windows 2003 server so too does it for all the businesses that once depended upon the PC industry.

    Similar posts:

    • No Related Posts
  • How the Internet of Things could overtake the law

    How the Internet of Things could overtake the law

    Last March the Australian internet industry celebrated twenty years of commercial operations with the Rewind/Fast Forward conference that looked at the evolution of the online economy down under and its future.

    Naturally the Internet of Things was an important part of the discussion looking at the internet’s future and one of the panels examined the effects of the IoT on industry and society.

    During the session chairman of the Communications Alliance industry association, John Stanton, raised an important point about how the IoT creates problems for existing laws and the regulators as a wave of connected devices are released onto the market place.

    The risks are varied, and Stanton’s list isn’t exhaustive with a few other aspects such as liability not explored while some of the issues he raises are a problem for other internet based services like cloud computing and social media.

    Roaming rules

    Having fought many regulatory battles over roaming charges and access between networks, it’s not surprising Stanton and the Communications Alliance would raise this as an issue.

    Dealing with roaming devices will probably be a big challenge for mobile Machine to Machine (M2M) technologies, particularly in the logistics, airline and travel industries. We can expect some bitter billing battles between clients and their providers before regulators start to step in.

    Number schemes

    Again this is more an issue for mobile M2M consumers. Currently every SIM card has its own phone number once the service is activated.  It may be that regulators have to revise their numbering schemes or allow providers to use alternative addressing methods to contact devices.

    Data sovereignty

    Where data lives is going to continue to be a vexed issue for cloud computing consumers, particularly given the varied laws between nations.

    Short of an international treaty, it’s difficult to see how this problem is going to be resolved beyond companies learning to manage the risks.

    Identity management

    Data integrity is essential for the IoT and accurately determining the identity of individuals and devices is going to be a challenge for those designing systems.

    Over time we can expect to see some elegant and clever solutions to identity management in the IoT however masquerading as a legitimate device will always be a way malicious actors will try to hack systems.

    Privacy

    For domestic users, the privacy of what remains in data stores is going to be a major concern as domestic devices and wearables gather greater amounts of personal information. We can expect laws to be tightened on the duties and obligations of those collecting the data.

    Access Security

    Who can do what with a networked device is another problem, should a malicious player or a defective component get onto the system, the damage they can do needs to be minimised. What constitutes unlawful access to a computer network and the penalties needs to be carefully thought out.

    Spectrum allocation and cost

    Governments around the world have been reaping the rewards of selling licenses to network operators. As the need for reliable but low data usage IoT networks grows, the economics of many of the existing licenses changes which could present challenges for both the operators and governments.

    Access to low cost and low data access networks

    Following on from the economics of M2M networks, the question of mandating slicing of scarce spectrum for IoT applications or reserving some frequencies becomes a question. How such licenses are granted will cause much friction and many headaches between regulators and operators.

    Commercial value of information

    How much data is worth will always be a problem in an economy where information is power and money. This though may turn out to be more subtle as information is only valuable in the eyes of the beholder.

    Where information becomes particularly valuable is in financial markets and highly competitive sectors so we can see the IoT becoming part of insider trading and unfair competition actions. These will, by definition, be complex.

    Like any new set of technologies the internet of things raises a whole new range of legal issues as society adapts to new ways of doing business and communicating. What we’re going to see is a period of experimentation with laws as we try to figure out how the IoT fits into society.

    Similar posts:

    • No Related Posts
  • The high cost of distrust

    The high cost of distrust

    A lack of trust in technology’s security could be costing the global economy over a trillion dollars a panel at the Australian Cisco Live in Melbourne heard yesterday.

    The panel “how do we create trust?” featured some of Cisco’s executives including John Stewart, the company’s Security and Trust lead, along with Mike Burgess, Telstra’s Chief Information Security Officer and Gary Blair, the CEO of the Australian Cyber Security Research Institute.

    Blair sees trust in technology being split into two aspects; “do I as an individual trust an organisation to keep my data secure; safe from harm, safe from breaches and so forth?” He asks, “the second is will they be transparent in using my data and will I have control of my data.”

    In turn Stewart sees security as being a big data problem rather than rules, patches and security software; “data driven security is the way forward.” He states, “we are constantly studying data to find out what our current risk profile is, what situations are we facing and what hacks we are facing.”

    This was the thrust of last year’s Splunk conference where the CISO of NASDAQ, Mark Graff, described how data analytics were now the front line of information security as threats are so diverse and systems so complex that it’s necessary to watch for abnormal activity rather than try to build fortresses.

    The stakes are high for both individual businesses and the economy as technology is now embedded in almost every activity.

    “If you suddenly lack confidence in going to online sites, what would happen?” Asks Stewart. “You start using the phone, you go into the bank branch to check your account.”

    “We have to get many of these things correct, because going backwards takes us to a place where we don’t know how to get back to.”

    Gary Blair described how the Boston Consulting Group forecast digital economy would be worth between 1.5 and 2.5 trillion dollars across the G20 economies by 2016.

    “The difference between the two numbers was trust. That’s how large a problem is in economic terms.”

    As we move into the internet of things, that trust is going to extend to the integrity of the sensors telling us the state of our crops, transport and energy systems.

    The stakes are only going to get higher and the issues more complex which in turn is going to demand well designed robust systems to retain the trust of businesses and users.

    Similar posts:

  • Rampaging Ransomware

    Rampaging Ransomware

    A few years ago Ransomware was a joke, malware would install a screen that would demand a ransom be paid to ‘unlock’ the computer. It was easy to get around and almost trivial to remove.

    Then came Cryptolocker, a nasty piece of malware that would gleefully encrypt a victim’s hard drives, rendering them inaccessible unless a sizeable ransom was paid.

    Ransomware suddenly became serious.

    Cryptolocker eventually was unpicked with a cracking tool released and the ring’s alleged founder, Evgeniy Bogachev, now on the run from US authorities with a three million dollar reward for his arrest.

    A better class of ransomware

    Now the gangs running the ransomware scams are even more sophisticated and well resourced with Andrei Taflan of Romanian security company BitDefender describing how Bitcoin values are often tracking ransomware activity.

    “When we see Bitcoin values surging we watch for increased ransomware activity. Someone is buying Bitcoins to unlock their data,” Taflan told me last week in an underground bar appropriately called The Rabbit Hole.

    Taflan’s colleague Bogdan Botezatu describes how the ransomware problem is getting worse, not better, with Cryptowall patching the weaknesses that led to Bogachev’s downfall.

    One of the fascinating aspects of Cryptowall is that it’s polymorpic – it changes shape to elude traditional signature based anti-virus programs. The malware also creates unique Bitcoin wallets to make tracking transaction harder.

    Paying the ransom

    Many businesses being infected by Cryptowall and having data locked away by an industrial grade encryption program makes it a no brainer to pay the demands. It’s a profitable business.

    Faced this rather impressive piece of work, Botezatu raises a chilling prospect about ransomware in the Internet of Things; how long, he asks, will it take ransomware to target more sensitive devices we use, including cars and medical implants?

    Botezatu’s concern illustrate why security with the Internet of Things is absolutely essential if industry and the public are to have any confidence in connected devices.

    Similar posts:

    • No Related Posts