Category Archives: Connected Objects

Connected objects are most often the target of hacking due to their low protection.

Security and connected objects: Ring adopts end-to-end encryption

Ring, one of the subsidiaries of the American giant Amazon, which is in the production of connected objects wants to strengthen the security of these devices to the delight of its customers.

To do this, the company plans to deploy end-to-end encryption. An option that unfortunately will not be activated by default.

One could only take it that on the side of Amazon's subsidiary, the issue of computer security is not taken lightly. Owned by the large Amazon Group since 2018, the company ranks as one of the leaders in connected objects. In a recent post that appeared on the company's blog, Ring officially announced the end-to-end encryption department. Encryption that will be dedicated to video, so as to protect as much as possible the streams.

This article will also interest you: Cybersecurity of connected objects and remote work

As you are written, the rollout is underway. However, there are unfortunately two points to raise:

– For now it will only be a preview of the encryption technique, the final version that will come much later.

– The end-to-end encryption option will not be enabled by default. Users will have to do it themselves.

On the other hand, it should be made important. Even before the end-to-end encryption is deployed, the company already offers a protective measure to encrypt communication. "By default, Ring already encrypts videos when they are sent to the cloud (in transit) and stored on Ring's (resting) servers," the Amazon subsidiary said. With end-to-end encryption, there will be additional protection when the videos are stored on the device that will be provided for this purpose.

As a reminder, end-to-end encryption is a method used by enough digital platforms to ensure that exchanges are confidential and therefore very well protected. The idea is to prevent information transmitted from point A to point B from being accessed or searchable if it were to be intercepted during transmission. This type of encryption is used for written exchanges such as text messages, photos or videos.

There is no denying that this decision by Amazon's subsidiary to be able to adopt this mode of and an initiative that has been caused by several controversies. Already during February 2020, the company had finally opted for the use of dual-factor authentication, which increases access to data provided by the cameras. It's a combination of password and temporary code. Which was sent by SMS to the owner of the camera.

"These changes are the result of a major controversy early last year when it emerged that a pirated Ring camera was used to talk to a child. Initially, Amazon blamed the parents, suggesting that they had had poor computer security hygiene, before admitting that it needed to review its copy. End-to-end encryption will prevent other employees from trying to access customer videos. " says one expert.

Now access an unlimited number of passwords:

Check out our hacking software

Personal data protection: Mozilla Foundation classifies devices based on their benefits for user data

For the end-of-year party, you should choose what to offer your parents and loved ones.

More often than not, the idea that runs through us touches on digital objects. However, not all devices are good to offer under certain circumstances. It is in this context that Mozilla has decided to publish a list highlighting devices that are concerned with good management of user data. A list that makes the apologies of some builders but which in another sense denigrates others.

This article will also interest you: The impact of the Internet of Things on the security of industrial control systems according to Kaspersky

This year we are at the 4th edition of the famous list entitled "Privacy Not Included" based on the interest of manufacturers in the privacy of users of their devices. The list available on the platform of Mozilla, the Foundation that is behind the famous Firefox browser. The list includes 136 products from the connected object class.

"In 2017, when we launched "Privacy Not Included," we didn't know if people would be interested in a guide to privacy and security of connected smart toys, gadgets and home products. It turned out that they were. And it wasn't just people who were interested. We found out that companies were too," says the foundation. It should be noted that from now on visitors to its platform can also participate in the ranking in their appreciation of the cost of a product it would have used

"We recognize that people just want to know which products are safe and which are not. We are Mozilla – not a consumer product valuation company – so we won't say "Buy this, don't buy this". Instead, we used our technical expertise to create a set of minimum safety standards that we believe all products should meet to be sold in stores," says the foundation's management.

In the list of the most reputable as being problematic for the personal data of users, 3 large groups are put on the spot. These include Amazon Moleskine and Facebook.

The foundation pinned several products of the American giant Amazon because it believes that it is too minimalist in terms of managing the privacy and data protection of users of these products. Some of Amazon's practices according to Mozilla could literally characterize themselves as criminal. Especially with its Halo product, the connected wristband produced by the American e-commerce giant. People who made the unqualified selection as "the scariest fitness tracker ever seen. The problem is not that all the data collected by this device is kept in an unsecured way, Amazon does a good job of securing the data. The problem is what Amazon can potentially use all this data for." According to them, Amazon's connected wristband not only measures the physical activity of its user, but also listens and using machine learning processes, it requires certain activities such as taking pictures in your underwear in order to see the evolution of fat levels. It is true that Amazon has certified not to use the information collected by Halo for commercial purposes, however, the product recommendation that users receive from the bracelet make them think otherwise. And despite this, the bracelet continues to collect biometric data from its users. "We put it in the "Just because you can"t because you have to do it" category," the authors of the selection wrote in their report.

On the Facebook side, mistrust concerns the use of its Portal. In practice, it should be raised that the social network does not have a good reputation for managing and security of the personal data of users of these platforms. Facebook "has a pretty catastrophic record in protecting the privacy of its users," and the Mozilla Foundation is concerned: "Today, they're asking people to spend a few hundred dollars to install a device with a smart camera powered by artificial intelligence and capable of tracking all their movements, as well as a permanent listening microphone powered by Alexa." According to the foundation, if so far no concrete facts can doubt Facebook, especially for the use of its connected object, it should not forget its history. "Given Facebook's terrible record on privacy, we are very concerned," the authors said. "The question is whether Facebook has your interests at heart when it collects all the data that this device is capable of collecting. In the past – from Cambridge Analytica and beyond – the answer to this question has too often been no," conclude these deniers.

Apart from the two American giants, manufacturers such as Moleskine, DJI, Xiaomi are also pointed out through their bad reputation for managing their users' data. These would have palpable deficiencies in terms of protecting user information.

But beyond this, several items from well-known manufacturers such as Apple, Nintendo or Jabra, received very good marks from the selection of Mozilla.

Now access an unlimited number of passwords:

Check out our hacking software

The impact of the Internet of Things on the security of industrial control systems according to Kaspersky

In the industrial sector, digitization is making great progress.

And this necessarily means taking a fairly objective approach to the situation in the face of the computer threat, which is also progressing.

A recent study by the Russian computer security company Kaspersky clearly addresses the subject. The company's report on the result of the study is entitled "State of Industrial Cybersecurity in the Age of Digitization." The report states that 55% of the organizations approached believe that the Internet of Things will greatly influence the organization of computer security of industrial control systems. 20% of companies have already felt that the priority should be on the Internet of Things side for computer incidents to observe the coming years in the sector.

Despite the coronavirus pandemic, the industry sector has not slowed its digital transformation. The goal is to reach Industry 4.0 with the deployment of new, much more automated infrastructure. In a recent study, McKinsey and Company demonstrated that the industrial sector in particular manufacturing and supply chain (99%) already planning, the recruitment of professionals with digital skills. Companies that had already begun digital transformation are even more confident since the beginning of the pandemic, according to the study.

In addition, the digital transformation of industries also challenges certain facts. The issue of the Internet of Things. When we talk about the Internet of Things, one of the first references is undoubtedly the issue of computer security especially in a sector as sensitive as that of industries. Kaspersky's study shows that:

– 20% of companies are one in five companies considers cyber-attacks on industrial IoT devices as the main concern. Here the risk and totally understood as inherent in the digitization strategy.

– 15% of these companies are most afraid of data exfiltration;

– another 15%, attacks on the supply chain.

For this reason, all strategies for any digitisation of industrial sectors must be accompanied by computer security specialists. It was observed in 2020 that nearly 44% of businesses directly involve IT security professionals on initiatives to protect Internet devices from things and digital operating technologies.

Unfortunately, the report states that a large part of companies acknowledge that they are not ready to fight potential computer attacks directed specifically at the Internet of Things. In fact, only 19% have deployed enough resources to monitor their computer network and traffic. Only 14% have adopted solutions to detect potential network anomalies. This makes it easy for security teams to track malicious activity when initiated on the network.

"When industrial companies implement connected devices and smart systems, they must ensure that they have the same level of protection requirements. To achieve this, protection must be taken into account at the beginning of a project. IoT devices must be secured in their core to prevent any attempt to attack them. With the protection of traffic and other technologies, the entire network is secure from conception and protected from cyber risks," said Grigory Sizov, head of KasperskyOS' KasperskyOS business unit.

Now access an unlimited number of passwords:

Check out our hacking software

The influence of the Internet of Things on the transformation of it security for industrial enterprises

The recent study by cybersecurity giant Kaspersky found that 55% of industry organizations believe that the Internet of Things will change the security approach of industrial control systems in some way.

For some time now, the shift towards much more digitization has been observed on the industry side. The Internet of Things play a big role in this transformation.

This article will also interest you: Cybersecurity of connected objects and remote work

The 2020 edition of Kaspersky's annual report, "State of Industrial Cybersecurity in the Age of Digitization," explains that 20% of companies prioritize the Internet of Things, especially over the various residents who are connected. This presents in a sense that we know that security solutions for connected objects are not yet widespread.

Despite the coronavirus pandemic that has significantly slowed this transformation, the industry sector is moving towards large-scale digitization. According to a study by McKinsey and Company, 90% of professionals in the manufacturing and supply chain industry in their project recruit several people being experts in the field of digitization. The same study highlighted the fact that industries that had already begun their digitization process are increasingly confident about the drawbacks of the coronavirus pandemic.

With the development of digitization projects, the risks inherent in the Internet of Things have been laid bare thanks to the industrial aspect of the thing. Those who push 20 percent of industrial enterprises have given significant interest to the devices of the Internet of Things and cyberattacks of which they may be victims. As a result, 15% of companies fear data exfiltrations, while another 15% are preparing for supply chain attacks. To do this, the involvement of security professionals and what is most recommended. Half of the companies surveyed in Kaspersky's study said that by the end of 2020, the goal of IT teams would be to protect operating technologies.

Kaspersky's report also states that all the industrial companies surveyed say they are not ready to deal with the various threats to the Internet of Things. This is reflected in practice by the small number of companies that have set up an active monitoring system for their computer network and traffic. Only 14% have adopted detection solutions to observe and detect anomalies in their computer network

"When industrial companies implement connected devices and smart systems, they must ensure that they have the same level of protection requirements. To achieve this, protection must be taken into account at the beginning of a project. IoT devices must be secured in their core to prevent any attempt to attack them. With the protection of traffic and other technologies, the entire network is secure from conception and protected from cyber risks," commented KasperskyOS' head of business unit, Grigory Sizov.

Now access an unlimited number of passwords:

Check out our hacking software

A connected coffee maker can be targeted by a ransomware computer attack

As part of his computer security research, a cybersecurity specialist managed to hack into a coffee machine whose test resulted in a ransom demand.

This hacking is significant of the much maligned danger of connected objects.

This article will also interest you: Cybersecurity of connected objects and remote work

Since the advent of the Internet of Things, the issue of the security of connected objects has always been at the centre of many debates. With the entry of 5G in the coming months, this danger or concern is likely to increase. The Internet of Things is too vulnerable. It only takes a neglected machine also really together to make an entire network vulnerable. And this is what has just been demonstrated by computer security researcher Martin Hron, of the specialist company Avast. One of the leaders in security solution supplies.

According to the information that came on the feat of computer security specialist, the object that was chosen for the security test was affected by several security flaws. Among them can be the absence or signatures in the receipt of orders and firmware updates, the absence of decryption. Yet these are very critical vulnerabilities because they can enable cybercriminals to initiate major computer attacks.

This demonstration demonstrates how connected objects are always so exposed. An exhibition that is not trivial because it can also endanger a computer network.

In practice, cybersecurity expert Martin Hron says he has managed to disrupt the correcting operation of the coffee machine by using a chip built into the object. This allowed him to formulate a ransom demand message and then stop the malfunction. It means that the only way to stop the machine after it has been targeted by the computer attack is for it to be disconnected. He explains: "The firmware is up to date and there is no easy option to push the firmware update to see what's in network traffic. What is interesting here is what is missing. There was no communication to the Internet either from the coffee maker or the app. So how is it possible for the app to know that the coffee maker has the latest firmware? The only data packets that passed were those between the machine and the application when the application had asked the machine for the firmware version. It's strange, and it seems to tell us that the firmware is probably not on the Internet and should be part of the application. So we opened the file .apk as easily as a .zip file. What we found there proved our hypothesis. ».

He will point out that at the base, it was not the objective of demanding a ransom, for example. "Originally, we wanted to prove that this device could exploit the cryptocurrency (…) Given the processor and architecture, it's certainly doable, but at a speed of 8 MHz, it makes no sense because the value produced by such a minor would be negligible." He says.

Finally, the Avast specialist points out why he decided to do this particular test: "Some research is so amusing that it confirms why I'm doing this job. I was asked to prove a myth, call it a suspicion, that the threat of IoT devices is not just about accessing it via a weak router or Internet exposure, but that an IoT device itself is vulnerable and can be easily hacked without necessarily hacking into the network or router. I also bet that I could make this threat persist and make it a real danger to any user. We often say that your home network, considered a chain of trust, is not as strong as its weakest link, but what if the same thing were true at the device level? What would that mean? »

"Suppose you have a well-protected IoT with features that can be accessed via a well-defined API; even if you can control the device via the API, you probably can't do too much harm. Firmware, the programming inside the device, has logical constraints that do not allow you, for example, to close garage doors while someone is in their path or to overheat a device to burn.

"We used to believe that we could trust equipment, such as a regular kitchen appliance, and that it could not be easily modified without physically disassembling the device. But with today's "smart" devices, that's no longer the case. you write in a blog post.

Now access an unlimited number of passwords:

Check out our hacking software