Wireless Network, Mobile & IoT Security

January 18, 2021 — Today, the European Union Agency for Cybersecurity (ENISA) published the Cloud Security for Healthcare Services report, which provides cybersecurity guidelines for healthcare organisations to help further digitalise with cloud services. Building on ENISA’s procurement guidelines for cybersecurity in hospitals, published early last year, this new report assesses the cybersecurity risks of cloud services and offers good practices for their secure integration into the European healthcare sector. The ENISA report comes as the European Commission is moving forward this year with the European Health Data Space initiative to promote the safe exchange of patients’ data and access to health data. Source: enisa

January 4, 2021 — State-sponsored data breaches have become one of the significant pain points for the Indian government and companies. Recent attacks on utilities and data breaches for some large consumer tech start-ups show that India needs to tackle this issue seriously. Moreover, this issue is compounded by the fact that the country does not have any standards to secure the internet of things and connected ecosystems. There are no baseline tests to certify such products. Source: Financial Express

Hey Alexa, what's my PIN? Hackers could use voice assistants to work out what users are typing on their smartphones from the sound of their fingers tapping the screen

December 9, 2020 – Smart speakers like Google Home and Amazon Alexa could be used by hackers to listen to and decipher a password or PIN being typed in on a nearby phone.

Researchers from the University of Cambridge built their own version of a smart speaker to closely resemble those which are commercially available. 

Sound recordings from the gadget were inputted into a computer for analysis and experts investigated if the sound and vibrations caused by typing on a smartphone screen could be used to guess a five-digit passcode. Source: Daily Mail

December 8, 2020 — Security researchers have disclosed today 33 security flaws in four open-source TCP/IP libraries currently used inside the firmware of products from more than 150 vendors. Forescout researchers estimate that millions of consumer and industrial-grade devices are currently impacted by the security flaws they discovered, and which they named Amnesia:33. Source: ZDNet

November 30, 2020 — While cash transactions aren’t going anywhere anytime soon, the convenience of electronic payment solutions has been steadily growing in popularity over the years. According to a recent survey by the US Federal Reserve, cash payments accounted for just 26% of all payments. Meanwhile, credit and debit cards and electronic payment methods were used for 65% of all payments. Source: WeLiveSecurity

November 24, 2020 — TESLA HAS ALWAYS prided itself on its so-called over-the-air updates, pushing out new code automatically to fix bugs and add features. But one security researcher has shown how vulnerabilities in the Tesla Model X’s keyless entry system allow a different sort of update: A hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X in just a matter of minutes. Source: WIRED

November 2, 2020 — A security researcher updated a technique he devised a decade ago to create a browser-based attack that tricks network address translation (NAT) devices and firewalls to provide remote access to services on victim machines not normally reachable via the internet. Source: IT News

Singapore: October 12, 2020 — (THE NEW PAPER) – Security cameras in Singapore homes have been hacked, and the footage shared online.

Clips from the hacked footage were uploaded on pornographic sites recently, with several explicitly tagged as being from Singapore.

The videos, which can last from under a minute to more than 20 minutes, feature couples, breastfeeding mothers and even children. Source: The Straits Times

October 4, 2020 — For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet.

Named Ttint, this botnet was first detailed in a report published on Friday by Netlab, the network security division of Chinese tech giant Qihoo 360. Source: ZDNet

 

September 16, 2020 — Connected teddy bears, connected coffee machines and connected cars are just some of the unusual Internet of Things (IoT) devices being insecurely connected to corporate networks that could leave whole organisations open to cyberattacks.

A research paper by Palo Alto Networks details the surge in IoT devices being connected to corporate networks and their wide variety. Source: ZDNet

Hackers have become much sophisticated in their cyber attacks given the technological advancements. To that end, a new study reveals that hackers are making use of an ordinary light bulb in your room to eavesdrop on your conversations.

The study is conducted by researchers at Ben-Gurion University of the Negev and Weizmann Institute of Science. The research talks about a side-channel attack named “Lamphone,” that allows hackers to spy on sound with the help of a remote electro-optical sensor. Source: Mashable, India

The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

A high-severity Bluetooth vulnerability has been uncovered, which could enable an unauthenticated attacker within wireless range to eavesdrop or alter communications between paired devices.

Source: ThreatPost

Australia: September 3, 2020 — the Australian Government released the voluntary Code of Practice: Securing the Internet of Things for Consumers (263KB PDF) (Code of Practice).  

The Code of Practice is a first step towards lifting the security of Internet of Things devices in Australia.  The Code of Practice is intended for industry, but everyone has a role to play in improving cyber security in the Internet of Things. 

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has also developed an Internet of Things guide to help individuals, families and small and medium businesses buy, use and dispose of Internet of Things devices securely. Source: Australia Home Affairs

August 19, 2020 – A security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial, and medical devices open to attackers. The flaw was discovered by IBM’s X-Force Red hacking team and affects Cinterion EHS8 M2M modules built by French manufacturer Thales. EHS8 modules are built for industrial IoT machines that operate in factories, the energy sector, and medical roles, and are designed to create secure communication channels over 3G and 4G networks. 

Source: TechRepublic

June 24, 2020 – Australians are being filmed through private security cameras that are being streamed on a website based in Russia. 

Ken Jeffery didn’t know he was one of them, until an ABC News investigation tracked him down in south-eastern New South Wales. Source: ABC

April 24, 2020 – You probably have a wifi router in your home to provide internet access to all the family. When people drop by, they ask for the password so they can check something on their smartphone or show off vacation photos stored in the cloud. Source: CompariTech

April 8, 2020 – Service providers and telecom carriers form the backbone of communications and commerce in modern economies. Their networks and cell towers deliver the internet itself—and everything that depends on it—to homes, businesses and mobile devices all over the world. And the complexity involved in doing so creates enormous security challenges. Source: Security Week 

Back in 2014, security researchers discovered a new Trojan that targeted victims’ online banking credentials. It’s still infecting systems today — and has developed a sinister new way of spreading. Source: Forbes

Mobile device security threats are on the rise. In 2014, Kaspersky detected almost 3.5 million pieces of malware on more than 1 million user devices. By 2017, Kaspersky’s in-lab detection technologies processing reached 360,000 malicious files per day. And 78% of those files were malware programs, meaning that over 280,000 malware files per day were detected—many of which target mobile devices. Here’s a look at the top seven mobile device threats and what the future holds. Source: Kaspersky