Add this to the list of problems the glut of IoT devices are causing.
Over 90% of data transactions on IoT devices are unencrypted
I love how no one is questioning where WE might have gotten them from.
Leaked NSA Hacking Tools
You know these companies are on shaky ground when they are summoning "protecting consumers from themselves" & "security through obscurity" arguments. Unfortunately they will likely win until more tech/security savvy people are in government.
Cybersecurity experts battle for right to repair
Definitely agree that the best stance on security at the moment is a defensive one of assuming that your information has already been breached, probably multiple times. Regulation will be slow & if a breach like Equifax didn't change much I wouldn't expect any progress w/o a 9/11 of data theft.
Protecting Yourself from Identity Theft
Definitely interested in the security keys that Google has had so much success w/ but glad people are considering the vulnerabilities of fallbacks. Reminds me of how a master password for a password manager can turn 1 password into 100+
On Security Tokens https://www.schneier.com/blog/archives/2019/05/on_security_tok.html
Some good examples of common styles of sms phishing. It's important everyone knows how these work because everyone is likely to get some. I know I do.
4 Common Phishing Lies Exposed https://securityboulevard.com/2019/04/4-common-phishing-lies-exposed/
This is the real threat of insecure IoT devices, they become launch points and proxies. Unlike desktop OS's there won't be AV or need to install keyloggers/adware etc to be noticed. I'd like to see an open source intrusion detection tool built into a cheap chip or OS platforms like raspberry pi.
Emotet gang is trying to build a shell of IoT devices around its banking botnet https://www.zdnet.com/article/emotet-gang-is-trying-to-build-a-shell-of-iot-devices-around-its-banking-botnet/
Lack of trustworthy piracy is likely going to have to expand the "dark net" into private trust networks for a larger audience. Perhaps block chain technology can help with verification but incentives for sources of pirate material have to be aligned with user interest for it to be trustworthy.
Piracy streaming apps are stuffed with malware http://nakedsecurity.sophos.com/2019/04/29/piracy-streaming-apps-are-stuffed-with-malware/
It's gotten to the point where security companies like Avast are the only ones monitoring app stores for fraud & malware. There's no way anyone can realistically keep up so we'll need ML help or they will keep slipping in.
Google boots major Android app developer from store for conducting massive ad fraud https://www.zdnet.com/article/google-boots-major-android-app-developer-from-store-for-conducting-massive-ad-fraud/
I expect this to be an inevitable trend as drivers will push towards increasing connectivity and electronics in cars. The ironic part is that the more electronics put in the more necessary connectivity will be to push software updates to fix software problems. A mobile app could handle updating without the car directly connecting for now, but not for long.
"Hacker Can Kill Car Engines Around the World" https://securityboulevard.com/2019/04/hacker-can-kill-car-engines-around-the-world-avast/
2+ million IoT devices vulnerable to man-in-the-middle attacks, allowing attackers to steal passwords:
– the website contains a list, so you can check if your devices are vulnerable
– CVE-2019-11219, CVE-2019-11220
– mitigation: dispose your vulnerable devices, or block OUTBOUND traffic to 32100/udp
On the flip side of the ML camera coin, mistaken identity will become a serious issue. Humans have flexible judgement but many flaws. Computers mitigate human flaws but can be unbending. This is why a collaboration between the two will be necessary to prevent incidents like this.
"Apple facial recognition tech prompts student to sue for $1 billion after false arrest" https://www.zdnet.com/article/apple-facial-recognition-tech-prompts-student-to-sue-for-1-billion-after-false-arrest/
Looking forward to clothing lines and accessories dedicated to defeating ML trained surveillance. As ML based devices become more ubiquitous expect the adverserial research to ramp up. Credit card thieves already employ many techniques to try and avoid automated fraud detection.
"Academics hide humans from surveillance cameras with 2D prints." https://www.zdnet.com/article/academics-hide-humans-from-surveillance-cameras-with-2d-prints/
Flaws in highly used IoT components are going to become a serious problem. Cybercriminals can easily look for often reused components and invest the time to test the hell out of them and sell/use the zero days. Chinese manufactures probably don't put responding to security researchers high on their list if priorities.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!