now browsing by tag


Smart Online Dating Application: The Business Of Love! | #tinder | #pof | romancescams | #scams

On those days, one to one stranger meeting was not an acceptable thing to do, but the dating apps industry has changed the concept of meeting a stranger to have a date […] View full post on National Cyber Security

#city | #ransomware | How governments can streamline the adoption of smart city technologies — GCN

Source: National Cyber Security – Produced By Gregory Evans


How governments can streamline the adoption of smart city technologies

Spending on smart cities worldwide will reach over $34 billion in 2020 as cities adopt more connected technologies. From smart traffic lights that monitor traffic flow to smart grids that can make energy usage more efficient, such technologies can certainly improve the quality of life for citizens. Yet a staggering one-third of internet-of-things projects fail at the proof-of-concept (PoC) stage due to cost, security and scalability challenges. Cities must change and improve their approach to finding, testing and deploying smart technology innovations to effectively roll out such systems.

Here are three ways a dedicated PoC platform can help streamline, secure and scale the evaluation of new technologies.

1. It enables easier IoT integration and interoperability

When implementing smart city technologies, governments must consider how different technologies such as cameras and sensors will operate together in an interconnected ecosystem. The interoperability of systems is one of the most important components of a smart city. In a traditional PoC, each new technology would have to be tested individually against the existing system, but a PoC platform can automate much of the process and test all the technologies simultaneously.

A PoC platform can use artificial intelligence to replicate a virtual environment in the cloud. From there, the platform can simulate the same network behavior, including fluctuations in activity, latency and bandwidth from the original environment, to create the best possible testing ground for PoC evaluation. This PoC process allows CIOs and technology leaders to assess the interoperability and performance of the smart technology alongside the city’s existing ecosystem.

A centralized PoC platform running multiple evaluation processes can automatically compile results and data into a comprehensive KPI report, saving more time and effort. This makes it simple for governments to compare results to business and technical requirements, determine whether further testing is required and easily identify which solution can seamlessly integrate with existing systems.

2. It mitigates the risk of using sensitive data

The biggest risk of the traditional PoC process is the use of sensitive data. The sheer volume IoT devices, which will increase to almost 20 billion by 2020, means any cyberattack or data leak could have devastating consequences for a city and its citizens, as evidenced this year by the spate of ransomware attacks across the country. The lack of established standards and policies makes it even more risky for cities working with new vendors and products on interoperability. Granting a vendor access to private data and a city’s IT environment is a major security risk, but is necessary for PoC platforms to simulate an environment. Fortunately, there are tools that can safeguard information and secure the evaluation process from any malicious vendors.

By anonymizing or mimicking a small sample of data, a PoC platform can generate millions of records similar to the ones provided, giving the PoC environment a realistic set of data and without compromising security or privacy. This can effectively mitigate the dangers of data breaches since the generated information will be worthless while the sensitive data is anonymized and cannot be used.

3. It enables open innovation for large-scale projects

The pace of technological advancements means that cities will need to be constantly on the lookout for new innovations — whether it’s implementing visualization tools in Columbus, Ohio, or assessing 5G-powered drones in Raleigh and Cary, N.C. However, it’s important to ensure that any smart technology assessment has clear goals from the outset, as technology deployments risk failing due to the high cost of scaling, unclear ROI and the inability to justify the business case for the investment. A dedicated PoC platform can remedy these challenges by enabling governments to fast-track multitude vendor assessments at once, giving them more time to think strategically about how the solutions support broader business goals.

For example, a city’s evaluation of smart grid technology in a traditional PoC process could take a team months to complete. An additional few months would be required to ensure the technology securely integrates with its IT environment and develop a rollout strategy ahead of implementation. A PoC platform slashes evaluation time, saving precious resources and costs.

As urban environments transform into  connected systems, solving the inefficiencies of PoCs has become a necessity. Reinventing the PoC process with tools targeting the key components of integration and interoperability, security and scalability is a logical and essential step for governments to consider. With new technologies being introduced at a rapid pace, cities across the country are under intense pressure to keep up and can no longer afford to spend time on lengthy PoCs. 

About the Author

Toby Olshanetsky is CEO and co-founder of prooV.

Source link

The post #city | #ransomware | How governments can streamline the adoption of smart city technologies — GCN appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | DCC UK second-gen smart meter network passes three million mark

Source: National Cyber Security – Produced By Gregory Evans Smart DCC, the licence-holder building and managing the secure national infrastructure that underpins the roll-out of smart meters across the UK, has passed a milestone in its network capability, with the three millionth second-generation smart meter (SMETS2) attached to its smart network. The Capita subsidiary was […] View full post on

A #Basic Z-Wave #Hack #Exposes Up To 100 #Million Smart #Home #Devices

So-called “smart” locks and alarms are proliferating across people’s homes, even though hackers have shown various weaknesses in their designs that contradict their claims to being secure.

Now benevolent hackers in the U.K. have shown just how quick and easy it is to pop open a door with an attack on one of those keyless connected locks. And, what’s more, the five-year-old flaw lies in software that’s been shipped to more than 100 million devices that are supposed to make the home smarter and more secure. Doorbells, bulbs and house alarms are amongst the myriad products from 2,400 different vendors shipping products with the flawed code. Tens of millions of smart home devices are now vulnerable to hacks that could lead to break-ins or a digital haunting, the researchers warned.

For their exploits, the researchers – Ken Munro and Andrew Tierney from Pen Test Partners – focused on the Conexis L1 Smart Door Lock, the $360 flagship product of British company Yale. As relayed to Forbes ahead of the researchers’ report, Munro and Tierney found a vulnerability in an underlying standard used by the device to handle communications between the lock and the paired device that controls the system. The flaw meant the communications could be intercepted and manipulated to make it easy for someone in the local area to steal keys and unlock the door.

The problematic standard was the Z-Wave S2. It provides a way for smart home equipment to communicate wirelessly and is an update from an old protocol, Z-Wave S0, that was vulnerable to exploits that could quickly grab those crucial keys. Indeed, they were “trivial” to decrypt, according to Pen Test Partners’ research.

Z-Wave S2 is more secure than S0. It comes with a method for sharing keys known as the Diffie-Helmann exchange; it’s a highly-regarded, tested method for ensuring that the devices shifting keys between one another are legitimate and trusted. But whilst the Yale device, purchased by Munro and Tierney just a couple of weeks ago and kept up to date, used that S2 protocol, the researchers found it was possible to quickly downgrade the device to the older, much less secure key-sharing mechanism.

During the period when a user paired their controller (such as a smartphone or smart home hub) with the device, Munro and Tierney could ensure the less-secure S0 method was used. From there, they could crack the keys and get permanent access to the Yale lock and therefore whatever building it was protecting, all without the real user’s knowledge. They believe they could carry out their attack, dubbed Z-Shave, from up to 100 meters away.

“It’s not difficult to exploit,” Munro said. “Software Defined Radio tools and a free software Z-Wave controller are all that’s needed.” In 2016, hackers created a free program designed to exploit Z-Wave devices called EZ-Wave.

Yale owner ASSA ABLOY said it understood the Z-Wave Alliance was conducting an investigation into the matter and was in close contact. ASSA ABLOY will also be conducting its own investigation, a spokesperson said, adding that it was “constantly updating and reviewing products in line with the latest technologies, standards and threats.”

No updates?

Munro told Forbes it should be possible to update many Z-Wave-based devices with a wireless update of both the app and the device. “However, it’s an issue with the Z-Wave standard, so would require a massive change by the Alliance, then an update pushed to all devices that support S2, which would likely stop them working with S0 controllers. And there are hardly any S2 controllers on the market. None in the U.K.,” he added.

Silicon Labs (SiLabs), the $4.5 billion market cap firm that owns the Z-Wave tech, admitted “a known device pairing vulnerability” existed. But it didn’t specify any upcoming updates and downplayed the severity of the attack, adding “there have been no known real-world exploits to report.”

The company referred Forbes to the first description of the S0 decryption attack, revealed way back in 2013 by SensePost, which determined the hack wasn’t “interesting” because it was limited to the timeframe of the pairing process. As a result, SiLabs said it didn’t see the S0 device pairing issue “as a serious threat in the real world” as “there is an extremely small window in which anyone could exploit the issue” during the pairing process, adding that a warning will come up if a downgrade attack happens. “S2 is the best-in-class standard for security in the smart home today, with no known vulnerabilities,” the spokesperson added, before pointing to a blog released by SiLabs Wednesday.

Munro said it would be possible to set up an automated attack that would make it more reliable. “It should be easy to set up an automated listener waiting for the pairing, then automatically grab the key,” he said.

The company said the problem existed because of a need to provide backwards compatibility, as a spokesperson explained: “The feature of S2 in question – device pairing – requires both devices have S2 to work at that level. But of course the adoption of this framework across the entire ecosystem doesn’t happen overnight. In the meantime, we do provide the end user with a warning from the controller or hub if an S0 device is on the network or if the network link has degraded to S0.”

Munro was flabbergasted at the vendor’s overall response. “After attempting responsible disclosure and getting little meaningful response, on full disclosure Z-Wave finally acknowledge that it’s been a known issue for the last few years. Internet of Things (IoT) devices are at their most vulnerable during initial set-up. S2 Security does little to solve that problem.”


The post A #Basic Z-Wave #Hack #Exposes Up To 100 #Million Smart #Home #Devices appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

International Conference on Smart Grid and Internet of Things (SGIoT)

General Cybersecurity Conference

 July 11 – 13, 2018 | Ontario, Canada

Cybersecurity Conference Description

The IoT is a grand vision as it ascribes the concept of millions of interconnected intelligent devices that can communicate with one another, and thereby control the world around us. Technically speaking, the smart grid can be considered to be an example of the IoT composed of embedded machines, which sense and control the behavior of the energy world. The IoT-driven smart grid is currently a hot area of research boosted by the global need to improve electricity access, economic growth of emerging countries, and the worldwide power plant capacity additions. GlobalData, a renowned consulting firm, forecasted that the global power transformer market is anticipated to increase from $10.3 billion in 2013 to $19.7 billion in 2020, with an astounding compound annual growth rate of 9.6 percent due to the phenomenal rise in energy demand in China, India and the Middle East. Therefore, it is the perfect time to invest research initiative, e.g., through our event, in the IoT-dominated smart grid sector.

In addition to its timeliness, the event comprises a broad range of interests. The theme invites ideas on how to achieve more efficient use of resources based largely on the IoT-based machine-to-machine (M2M) interactions of millions of smart meters and sensors in the smart grid specific communication networks such as home area networks, building area networks, and neighborhood area networks. The smart grid also encompasses IoT technologies, which monitor transmission lines, manage substations, integrate renewable energy generation (e.g., solar or wind), and utilize hybrid vehicle batteries. Through these technologies, the authorities can smartly identify outage problems, and intelligently schedule the power generation and delivery to the customers. Furthermore, the smart grid should teach us a valuable lesson that security must be designed in from the start of any IoT deployment. Since there is an alarming lack of standards to address the protection of the secret keys and/or the life-cycle security of the embedded smart grid devices, intruders could use conventional attack techniques to breach the security just as in any other IoT deployment.


The post International Conference on Smart Grid and Internet of Things (SGIoT) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IEEE Workshop on Smart Industries (IEEE SIW)

General Cybersecurity Conference

 June 18, 2018 | Taormina, Italy

Cybersecurity Conference Description 

Smart computing is at the core of all present and future technological innovations. Connected things are widespread in the physical world, including modern manufacturing technologies and industrial processes that are largely controlled by software. Industry 4.0, industrial IoT and smart manufacturing are pervasive trends, that are changing the way physical goods are produced in all industrial sectors. While smart manufacturing presents unprecedented opportunities for improving the efficiency of industrial processes, ubiquitous connectivity among industrial machinery and between smart factories and the Cloud poses interesting research challenges. Novel paradigms are needed to allow scalable, real-time and resilient communication among industrial devices, according to specific needs of different industrial applications. Moreover, security issues in the connected industry are paramount, since cyber attacks to these systems can have relevant consequences for the safety of people.

The workshop on Smart Industries aims to bring together researchers from academia and from industry to meet and exchange ideas on recent research and future directions for smart manufacturing and Industry 4.0, focusing on solutions that can improve efficiency, sustainability and security of the future industrial processes. The workshop solicits contributions about novel solutions and approaches, experiences and evaluations on emerging technologies. The workshop is also a venue to discuss and disseminate projects results and to receive early feedbacks on work- in-progress and disruptive approaches.


The post IEEE Workshop on Smart Industries (IEEE SIW) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Gov’t to #put new #cybersecurity #measures in #place for smart #devices

Source: National Cyber Security News

As the number of devices grows, so does the level of security needed. The UK government is aiming to tackle this with a new initiative, but what is the tech sectors take on it?

The Government has announced new cybersecurity guidelines will need to be put in place to ensure smart devices are made safer.

Following a stream of cyber security breaches among Internet of Things (IoT) devices, the UK Government has said new cyber security guidelines are necessary to better protect users. The aim is to change the way devices are manufactured, as well as increasing the safety of individuals.

The government has predicted that each household across the UK has at least 10 internet connected devices, which is set to increase to 15 by 2020. With this increase of devices comes a bigger increase in security threats, meaning more must be done from a cybersecurity perspective. Recently, attacks have been carried out on various IoT devices such as smart watches, CCTV cameras and even children’s dolls.

The governments initiative has been developed alongside the National Cyber Security Centre (NCSC), and coincides with the new £1.9bn Cyber Security Strategy that is set to be implemented.

Read More….


View full post on National Cyber Security Ventures

Cybersecurity: How #utilities can #prepare the next #generation #smart #grid

Source: National Cyber Security News

As the convergence of physical and cyber threats continues to grow, companies in the energy sector need to work together to strengthen resilience and bolster response for the next generation smart grid.

Cyber attacks have dominated the headlines and devastated a slew of companies over the past few years – from Equifax to Yahoo, Deloitte to Merck – compromising millions of people’s information and costing billions of dollars in losses to those businesses.

But, of particular concern is the risk of attack on the electric grid, with one report showing that the US grid was being attacked as much as every four days by a cyber or physical attack – that’s nearly 100 times a year. What’s more, every year, the energy sector is among the top three most attacked critical infrastructure sectors in the US.

These repeated security breaches have raised concerns in the industry around the impact of a broader outage. Imagine how onewidespread outage lasting even just a few days could disable everything in our increasingly connected, digital landscape – from traffic lights to cellphones. It could even threaten lives, for example, of patients in hospitals or other healthcare facilities that may have exhausted their backup power supply.

Read More….


View full post on National Cyber Security Ventures

Is our #smart home #growing more #vulnerable to #hacks?

Source: National Cyber Security – Produced By Gregory Evans

As more of our cameras, speakers, thermostats and locks connect online, they’re increasingly open to meeting up with hackers.

Hackers have come up with new ways to break into your data — sending attacks through our appliances, locks, blinds and anything that connects to the internet. These are part of the so-called Internet of Things (IoT), and hacking attacks sent through these devices “became the preferred weapon of choice,” for starting denial of service attacks last year, says a new report from Arbor Networks, a security software company.

Read More….

The post Is our #smart home #growing more #vulnerable to #hacks? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Smart #cars need #smart and #secure #IT/OT #Infrastructures

Source: National Cyber Security – Produced By Gregory Evans

IT can fail. It often does. We restart IT, and life goes on. Hackers can also compromise these same IT systems creating disruptions and causing theft of credentials. All manners of serious consequences result from these compromises.

When Operations Technology (OT) fails, the consequence is of a different nature – arguably far more significant and far more serious. Decades of safety systems developed to keep OT from failing work – most of the time. That’s the good news. The bad news is that these OT systems and their parallel safety systems were not designed to stop the present threat of hackers whose intent would be to make them fail in catastrophic ways – including task 1 to turn off the safety systems.

A state of geopolitical competition
Consider also that we are now in the time of cyber as a tool of geopolitical competition. That is a nice way to say “nation-state” attacks – the same thing. It is time to consider, with utmost urgency, the cyber protections needed for the installed base (legacy) of OT systems and the future base of innovations that will surely bring more of this kind of automation into our daily lives. The installed base of OT is a much longer topic – for another time. The future base of OT is the topic of this piece.

About smart cars
Smart cars make sense when we also consider smart roads and a smart IT/OT infrastructure. We are at the start of the age of smart transportation, roads filled with sensors to interact with autonomous cars in ways to control flow and enhance safety. Smart cars and smart roads go together. They connect by means of a computer network.

For smart transportation to succeed, it will need all three parts: autonomous capabilities in cars + smart roads + an IT infrastructure that connects them together. Together, they combine to make smart transportation. That is the future. 2018 will serve as the year where this future accelerates.

We should make them secure from the start – all parts. Consider this scenario. Someone hacks a car. It makes the news. The impact was – a hacked car and possibly a traffic accident. The sale of cars vulnerable to these hacks is undiminished. We’ve seen this scenario already. But accidents happen all the time. Now consider if it were the “smart road” that is hacked, and the hacker navigates up the network into the applications and the databases. This can’t happen – right? For those who make their living doing ethical hacking, the question is typically, how much time do I have?

OT failure paired malicious intent
Coupled with other malicious intentions in this geopolitically motivated time we are in, the scenario just described takes on far more significant importance. We don’t have to think too hard to know what can happen when OT fails.

The failures of the Deepwater Horizon oil spill into the Gulf in 2010 did incalculable damage. It is a manifestation of this OT failure in an extreme case where the combination of failed processes, sensors plus human error created this perfect storm. It is prudent to ask the question, can these kinds of events be intentionally perpetrated by human actors working to hack the system, allowing them to learn enough of the control processes to orchestrate this kind of catastrophic failure? In the year just starting and the years to come, we are likely to find that the answer is the same – how much time do I have?

What do we do? We start to recognize these very possible issues and become skilled in cybersecurity for both IT and OT systems, for smart transportation and all the other OT industries. That is the start – with urgency.

The post Smart #cars need #smart and #secure #IT/OT #Infrastructures appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures