In light of recent events, particularly the Dallas siren hack we'd like to go through a couple of plausible scenarios that might explain this attack and how they relate to the need for more security when designing RF-enabled devices and implementing RF-enabled networks.
For now, let’s look at the Dallas incident to examine how some public safety and large-scale RF networks work, how they might be vulnerable to such attacks, and what you should take into account when designing and securing such networks.
Today, the Bastille team is proud to announce Bastille Enterprise, an integrated solution that delivers enterprise security through software defined radio to some of the world's largest and most admired organizations. People and devices enter your building every day. Some are authorized to be there, but many are not. As the number of connected items in your buildings increases, how do you monitor them? How do you know what protocols they are using? How do you know if they've been securely configured, and how do you know if their communications are encrypted
We're taught to be cautious online ... to use multiple passwords, to not share our social security numbers, and to be wary where we use our credit cards. And as we protect ourselves, we trust that the websites we use will have strong security in place to protect us as well. With major hacks occurring almost daily, we expect companies to be prepared. We also expect the devices we use to connect to the internet to be safe and secure, but a new discovery by the Bastille research team finds that this, unfortunately, is not the case.
2015 has been a very exciting year for car hacking, from Chris Valasek and Charlie Millers “road show” - to seeing a jeep literally stripped to pieces at DEFCON the blood is certainly in the water for exploitation of the advanced new software as our vehicles rapidly turn into computers.
Dan Virgillito is a Security Researcher for the InfoSec Institute. Absorbing the data from the growth of interconnected devices that produce large data quantities is becoming the natural focus of all big data companies, especially when it comes to driving MDM (Master Data Management)/DQ (Data Quality) going beyond the acquisition of these continuous data streams.
Seeing high profile research announcements in the weeks leading up to the infamous Black Hat and DefCon conferences is common. This year, our research team was getting pretty excited about ProxyHam, that is, until it was mysteriously pulled from the DefCon lineup.
Big Data. Cloud Computing. The Quantified Self. The Internet of Things. These things are not just marketing buzzwords, they are concepts that are fueling today’s IT ecosystem. And the one thing that they all have in common is the consumption and analysis of large quantities of data for better decision-making.
Searching for a cure for insomnia, I spent the weekend combing through the 162 page report released last week from RAND Corporation,the independent research organization best known for its influence on policy. The report titled "The Defender’s Dilemma: Charting a Course Toward Cybersecurity," was fraught with fear and warnings about impending attacks that will target companies around the world over the next decade.
One of America’s greatest contributions to society in the last 100 years has been advancements in medical care. This furthering has been made possible, in large part, by our achievements in technology. So, it should be no surprise that the two have become explicitly intertwined; medical technology has given way to incredible improvements in cost, efficiency, and patient health. However, this marriage of computers, communication, and devices has not come without challenges. TV shows have hypothesized about the hijacking of a vice president's pacemaker, but are devices really vulnerable or is this just a theatrical plot line for primetime drama?
This week OpenDNS released a report on the Internet of Things and Enterprise security. I found this report to be one of the most thorough, yet troubling, to date. I wanted to use this blog to summarize the findings and provide some context in which Enterprises can approach safety and the Internet of Things.
The world is awaiting the idea of the smart city; a city digitally connected to its residents and operators to provide an enhanced quality of life and cost savings. South Korea, Barcelona and now India are all boasting about their cleaner, greener, and yes, smarter city projects. And, while the idea of digitally driven cities is less common in North America, there is a growing momentum behind the idea, driven in large part by the massive growth and interest in the Internet of Things.
A very elite club was just created by Chris Roberts, if his allegations of commandeering an airplane are true. Modern day transportation relies heavily on remote access to the outside world…and consumer trust. These two things have been at odds recently, ever since the world read a tweet from Chris Roberts, in which he jokingly suggested releasing oxygen masks while aboard a commercial flight. Whether or not Roberts was actually joking, about hacking the aircraft is up for debate, but the move led the Government Accountability Office to issue a warning about potential vulnerabilities to aircraft systems via in-flight Wi-Fi.
The alphabet soup of acronyms describing the coming connected world is a signaling that is time get brush up on your security lingo, because the world is changing. IoT, M2M and ICS devices introduces an incomprehensible expansion of exploitable attack surfaces. Historically, information security has been defined as a perimeter of security around your most valuable IT assets. This security included different layers of protection for various areas of vulnerability. And while there is still a very healthy and innovative market for traditional information security, the ecosystem is changing and an increasing number of new threat vectors are being established.
It’s been a great two days of information sessions and expo mingling at the 2015 RSA Conference (#RSAC) in San Francisco. In conjunction with our first birthday, Bastille is debuting at RSA in booth S2426, and demo’ing our IoT security solution for the 30,000 security professionals in attendance. The trade show isn't nearly over, but one thing is clear - IoT is hot.
It is impossible to create a usable environment that is 100% free from risk. Whether in your home or business, the cost of embracing technology is accepting some risk via new IT services. The more services in use, the more vectors are created for bad guys to exploit.
Over the weekend, I combed through the FTC’s recent report – all 71 pages - on the Internet of Things (IoT), entitled, The Internet of Things - Privacy and Security in a Connected World. Everything that I had previously read online about the report didn't reveal anything novel about IoT that I had not already heard- or said myself. But since it took the FTC over a year to produce, I though a close inspection of the report was warranted. Surely there would be some nuggets of substantive information lodged within six dozen pages of bureaucratic conjecture, right?
The Internet of Things has gained historic momentum and exposure since the last quarter of 2014. No longer are there differing opinions around viability – general consensus is that IoT is here to stay. Beyond staying power is the staggering amount of growth that is expected in the coming years. If you follow IoT, which you likely do if you’re reading this blog, I’ll just simply reiterate that there will be TENS OF BILLIONS of devices in a market worth TRILLIONS of dollars in the next five years.
But, what about this year? There are five ways that IoT will impact every organization before the year is over.
Nearly a billion Android users are more vulnerable today then they were yesterday. Google has casually discontinued support for their WebView tool to Android users that haven’t yet upgraded to KitKat version 4.4. According to Google, nearly 60% of Android users will be left in the lurch when it comes to safety on their Android devices.
This year’s Consumer Electronics Show (CES), surely didn’t disappoint. And while the car stereo systems and massage chairs lurked in the cheap seats, front and center were over 900 companies demonstrating thousands of new Internet connected devices that will be flooding the market this year. Quite honestly, CES was all about the Internet of Things. Lots, and lots, and lots of things.
This week we saw two new platforms for the Internet of Things emerge, the most notable from giant and microchip heavy hitter, Intel. Of course, this is just this week. There have probably been a dozen or more new IoT platform announcements in the last month and the number coming to market is steadily increasing. Postscapes offers a fairly comprehensive list here. While the battle is on to see who will win the title of Supreme IoT Platform Provider, one thing is certain - this plethora of platforms is a security nightmare.
On October 20th, four ranking members on the Senate Commerce Committee, Sens. Deb Fischer (R-Neb.), Corey Booker (D-N.J.), Kelly Ayotte (R-N.H.) and Brian Schatz (D-Hawaii), wrote a letter to Chairman Jay Rockefeller (D-W.V.emphasizing the need for an Internet of Things (IoT) hearing before the end of 2014.
The letter states, “The introduction of these innovative consumer products present a wide range of cutting-edge policy issues impacting a broad set of businesses and industry sectors.”
While the content of this letter is true, the government has earned its reputation of being slow to put cybersecurity policies in place – and when they do, the policies are often already outdated.
It happened. Black Friday and Cyber Monday came and went (weren’t they kind of economic disasters?), and as predicted, one of the hottest items flying off the shelf was wearable technology. So now we face the dilemma of all of all of these (and other IoT devices) flooding into the Enterprise. There are a few considerations that need to be addressed with regards to consumer IoT products entering the Enterprise. The first is security. How can a corporation make sure that the devices coming into their airspace, and likely connecting with their network, are safe?
In the first part of this series, we discussed how many IoT devices are selling out their users to the highest bidder. Today’s blog explores how our forfeiture of this privacy data can have real life consequence.One of the benefits of fitness trackers and other wearables is the visibility that they bring into everyday activities. But their popularity means that they are coming to market faster and cheaper and with little focus on security. What does this influx and affordability mean to the user?
According to some estimates, the wearable market is set to explode, reaching nearly $12 Billion by 2020. Fitness trackers alone are currently a $2.2 Billion dollar industry. While these devices are designed to help make our lives easier, more efficient, and healthier, there are some critical flaws in the technology that will undoubtedly fill many stockings this holiday season. This blog series will focus on some considerations for consumers and businesses alike as this new boom of wearable technology finds its rightful place in our everyday lives.