Показать содержимое по тегу: cybersecurity

Среда, 24 июля 2019 16:28

Why IoT is Bad for Digital Privacy

IoT (Internet of Things) describes how gadgets connect to other gadgets and people through the working internet infrastructure. Examples of such interconnectivity include connected video cameras, vehicle-to-vehicle communication, smartphones communicating with other smartphones, and connected medical devices. These devices can collect and distribute data to companies, communicate with consumers, and gather large amounts of information for third parties. Some of the information they generate or gather can contain vital personal information. For instance, if you want assistance in wayfinding, you will have to disclose your location and where you are headed. In the case of a home security system, you will be forced to expose your home to the system, which is oftentimes whole raw video feeds. 


The big question is, where does all that data go to, whether by design or when stolen and processed incorrectly? The vast growth of IoT over recent years has led to data leakage concerns among Americans. Many consumers, despite having in possession, one or more of the connected gadgets, remain wary of IoT privacy and security issues. A report by the Consumers International, teaming up with the Internet Society to explore consumer stance and perceptions towards the privacy, security, and trust of consumer IoT devices showed shocking revelations. 


63% of the interviewed consumers described the process of data collection by smart devices as “creepy.” They reckon that one may pick up a connected toy for his kids only to realize that these devices are silently recording information about the kids’ behavior and then supplying this data to the Big Data ecosystem. Isn’t this the creepiest thing you’ve ever heard?


Other ways in which your smart devices might be selling you out include:


Baby Monitors


 As a parent, you would go to any lengths to protect your babies, and so you may turn to baby monitoring devices. The problem is that modern baby monitoring systems can also be used for harm. This report of a man hacking into a smart baby monitor and screaming at a baby is nothing short of terrifying and creepy. This is an example of what a hacker can do if they have access to your baby monitor. 


Connected Cars


The possibility of hacking a connected car’s system has made smart vehicle service vendors and automakers to think seriously about car cybersecurity. If the vehicle’s GPS data gets in the hands of intruders, they could seize the car along a known route or plan a burglary when the owner of the vehicle is away from home. And, yes even trusted brands like BMW, Audi, Jeep, and Volkswagen have experienced network and software vulnerabilities that could lead to this.


The above examples show clearly that protecting consumer privacy is becoming more and more difficult as the growth of IoT continues to be realized. The hacking of smartphones and computers, for instance, can be done in remote and often go undetected. Just like computers, smartphones contain a vast amount of data about their owners. Personal data such as name, date of birth, address, credit card details, health care information and much more are transmitted on these devices without encryption. These devices are often linked to email accounts, bank accounts, and even household appliances. This means stolen data could lead to serious problems. 


Another case where control can be lost is when companies keep collecting data about users. While these companies may use the information to improve user experience, they can also use it to sell you their products or worse still, sell it to other companies that sell user products. Everything you search on the internet, all of your online activities are being tracked by these companies.


In a nutshell, reports of consumer IoT devices being compromised have been on the rise. Literally, your baby’s smart teddy bear could be spying on him; your smart car could be hacked, and your teakettle could even spy on you. Though it adds value to our lives, the security and privacy concerns that come with IoT cannot be ignored if this technology has to be adopted by the mainstream.

As many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with evil versions that serve up advertisements, cybersecurity researchers warned Wednesday. 

Dubbed Agent Smith, the malware abuses previously known weaknesses in the Android operating system, making updating to the latest, patched version of Google’s operating system a priority, Israeli security company Check Point said. 

Most victims are in India, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more severe threats to have hit Google’s operating system recently. 

The malware has spread via a third-party app store, 9apps.com, which is owned by China’s Alibaba, rather than the official Google Play store. Typically, such non-Google Play attacks focus on developing countries, making the hackers’ success in the U.S. and the U.K. more remarkable, Check Point said. 

While the replaced apps will serve up malicious ads, whoever’s behind the hacks could do worse, Check Point warned in a blog. “Due to its ability to hide its icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,” the researchers wrote.

They said they’d warned Google and the relevant law enforcement agencies. Google hadn’t provided comment at the time of publication. 

Typically the attack works as follows: Users download an app from the store—typically a photo utility, games or adult-themed apps (one called Kiss Game: Touch Her Heart is advertised with a cartoon of a man kissing a scantily clad woman). This app then silently installs the malware, disguised as a legitimate Google updating tool. No icon appears for this on the screen, making it even more surreptitious. Legitimate apps—from WhatsApp to the Opera browser and more—are then replaced with an evil update so they serve the bad ads. The researchers said the ads themselves weren’t malicious per se. But in a typical ad fraud scheme, every click on an injected advertisement will send money back to the hackers, as per a typical pay-per-click system. 

There’s some indication that the attackers are considering moving to Google Play. The Check Point researchers said they’d found 11 apps on Google’s store that contained a “dormant” piece of the hackers’ software. Google swiftly took those apps down. 

Check Point believes an unnamed Chinese company based in Guangzhou has been building the malware while operating a business that helps Chinese Android developers promote their apps on overseas platforms. 

Alibaba hadn’t responded to a request for comment on proliferation of malware on the 9apps platform at the time of publication. 

What can you do? 

So what can anxious Android owners do? Check Point’s head of cyber analysis and response, Aviran Hazum, said that if users experience advertisements displayed at odd times, such as when they open WhatsApp, they should take action. 

First, go to Android settings, then the apps and notifications section. Next, got to the app info list and look for suspicious applications with names like Google Updater, Google Installer for U, Google Powers and Google Installer. Click the suspicious application and choose to uninstall it. 

Otherwise, staying away from unofficial Android app stores might help, given Google’s extra protections designed to prevent malware from getting on the site. Not that Google’s efforts always pay off. Earlier this week, a warning went out about an Android malware spreading over Google Play that was screen-recording users’ banking sessions.