Posts Tagged ‘malware’
Sunday, July 11th, 2010
A new class of warfare is on the horizon. Governments worldwide are scrambling to prepare for the possibility of conflict in the “fifth domain” – cyberspace. Will World War III take place on the internet? The possibility is being explored, as documented in a new article from The Economist.
But how to prepare for a war waged in the digital realm? And what are the stakes? As more and more of the world’s infrastructures are given access points on the web, the possibility of collateral damage inflicted by electronic attacks becomes increasingly real. Of particular concern is the security of the smart grid systems that will one day encompass our electrical networks. Opinions vary on the vulnerability of SCADA systems (networks that regulate industrial systems like power plants), however the consensus is that serious risks are present.
The future of cyber-warfare is uncertain, yet it will undoubtedly present myriad new challenges for peacekeepers such as NATO and governments themselves.
Tags: device security, ics, malware, scada, security, smart-grid
Posted in Uncategorized | No Comments »
Wednesday, June 30th, 2010
As mobile phones continue to evolve, they’ve become nearly as fast, powerful, and connected as personal computers. With this transformation has come drastically increased susceptibility to malware and viruses, as consumers use their internet-connected phones to download apps and access banking information.
Originating in the days of simplistic cell phones, these threats have evolved along with the devices themselves, and an independent security researcher recently traced their development in a post on the meedabyte blog.
In the article, security expert Cristofaro Mune cites online app stores–carrying thousands of smartphone applications from thousands of third-party developers–and the high-speed data capabilities of today’s 3G and Wi-Fi devices as two of the recent advancements that make today’s mobile phones increasingly vulnerable to viruses and malware.
Tags: 3g, apple, apps, devices, iPad, iphone, malware, mobile-security, security, smartphone, viruses, wifi
Posted in Uncategorized | No Comments »
Monday, June 28th, 2010
A recent study has found that nearly 20% of the apps in the Android marketplace grant third-party applications access to private and/or sensitive data, according to CNET News.
CNET News also reports:
…[S]ome of the apps were found to have the ability to do things like make calls and send text messages without requiring interaction from the mobile user. For instance, 5 percent of the apps can place calls to any number and 2 percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges, security firm SMobile Systems concluded in its Android market threat report. [...]
The report found that dozens of apps have the same type of access to sensitive information as known spyware does, including access to the content of e-mails and text messages, phone call information, and device location….
But CNET notes that these apps aren’t necessarily malicious or suspect. Additionally, Google has responded that Android users are specifically advised what access permissions they are granting an app when they install it, giving the user control over the visibility of their data. However, users are still being advised to be aware of the potential vulnerability of their personal data when installing any kind of app.
Tags: android, apps, device security, google, malware, security, spyware
Posted in Uncategorized | No Comments »
Sunday, June 27th, 2010
A recent article in The New York Times offers a look at the latest in implantable defibrillator technology. Profiling devices from multiple manufacturers, the article discusses the development of state-of-the-art implanted medical devices that wireless communicate to a patient’s physician.
They are part of a new wave of smart implantable devices that is transforming the care of people with heart disease…. The hope is that the devices, now being tested in clinical trials, will save lives, reduce medical expenses and nudge heart patients toward managing their symptoms…. Patients, who often are frail or live far from their doctors, can be spared frequent office visits. Doctors can learn immediately if devices are malfunctioning or if patients’ hearts are starting to fail. [...]
The big leap forward came a few years ago when device companies figured out how to make transmitters that send data over a broader range, 20 or 30 feet. That meant that…[a patient] did not have to wait till her doctor could put a receiver directly on her chest. Instead, she simply went near a small box, which is attached to a phone jack near her bed. Once a week…that information is automatically transmitted to her doctor. If there are problems, the machine alerts her doctor.
According to one manufacturer’s study, heart patients with a heart device that transmitted information to their doctor spent less time admitted to the hospital than did those with traditional, non-communicating devices. And the hospital costs were also significantly less per admission for those patients with smart defibrillators.
We’ve previously posted a number of articles on medical device technology and the security concerns that come along with them.
Tags: hackers, malware, medical devices, security, smart defibrillators
Posted in Uncategorized | No Comments »
Thursday, June 24th, 2010
A report in the Sydney Morning Herald details a new proposal put forward by the Australian parliament in an effort to fight cyber-crime and malicious computer viruses. The ambitious plan would require that consumers’ PCs meet a set of security standards — the presence of proper anti-virus and firewall software — before their internet connections could be activated. In addition, ISPs would be mandated to notify users if their computers have become infected with a virus, and could ultimately disconnect them from the internet until the virus is removed.
While the proposed hardware and software regulations would be specific to home computers, the internet-connected mobile device market is increasingly threatened by the very same kinds of malware and crime that have plagued PCs for years. Similar requirements for devices could plausibly follow close behind.
Tags: cybersecurity, device security, hackers, malware, security
Posted in Uncategorized | 1 Comment »
Monday, June 21st, 2010
A recent Network World article describes the new security vulnerabilities posed by the latest smartphone technologies — specifically the new, high-speed 4G mobile networks. Because today’s smartphones have processors, storage capacities and network connection speeds that nearly rival those of PCs, they are becoming increasingly subject to the same malware and security threats that have long afflicted the PC market.
4G makes the situation more accelerated…. And what will really accelerate the growth of mobile malware and spyware will be the volume of traffic that people will be able to use. Data usage will increase and there are going to be more places that will get infected.
This is expected to become a serious concern for enterprise IT, as more executives use smartphones — and the various apps downloaded to these phones — to access corporate data in and out of the workplace. The Network World article describes a number of tactics integral to protecting enterprise security in the presence of mobile devices, including:
- remote wipe functionality on all mobile devices, (in the event that a device is lost or stolen)
- native application control capabilities allowing IT to specify which apps are and aren’t permitted on a company network-connected device
Network World also notes that anti-malware technology specifically designed for these high-powered mobile devices is still in its infancy.
Tags: 4G, android, device security, hackers, iphone, malware, mobile-security, smartphone
Posted in Uncategorized | No Comments »
Sunday, June 20th, 2010
CNET News has published a comprehensive report on the state of smart grid security. In it, they detail the growing concerns among security experts that smart meter technology is being rapidly expanded around the world without the built-in security considerations necessary to protect the utility infrastructure — and the people connected to it — from serious cyber-crime.
According to the CNET report, the vulnerabilities in today’s smart meters could allow for a number of malicious attacks, including the theft of private consumer data, the disruption of power to specific buildings, and even the targeted outage of entire utility grids. Many experts quoted in the article believe that US smart meter manufacturers and utility companies are treating security as an afterthought in order to quickly take advantage of Federal stimulus money.
There are about 250 active smart-metering projects worldwide, with about 49 million meters already installed and 800 million planned for installation…. Projects in the U.S. are being accelerated because of the $3.4 billion in stimulus funds set aside for smart-grid technologies. About 60 million smart meters will be deployed in the U.S. this year, covering about half of households…. Security appears to be a casualty of this haste….
“Since there is no federal mandate as to how much security to have in the meters, there aren’t the right motivation factors for security to be a major factor…It’s an afterthought.”
According to one expert, “Prominently missing are signed and encrypted firmware, secure (smart card) chips for key storage, unique cryptographic keys, and physical tamper protection.”
We’ve previously discussed the growing concern surrounding the security weaknesses in today’s smart grid technology. In addition, we recently reported on the 60 Minutes investigation into the malicious hacks that have already hit the nation’s critical infrastructures.
Tags: cybersecurity, device security, hackers, internet of things, malware, security, smart grid security, smart meters, smart-grid
Posted in Uncategorized | 1 Comment »
Wednesday, June 16th, 2010
We’ve already posted about the growing threat of mobile malware as the mobile/smartphone market expands faster than security can keep up with it.
A recent article on The Register reports that a downloadable game for the Windows Mobile platform — 3D Anti-Terrorist Action — has been discovered to contain a Trojan that could potentially cost its victims a considerable amount of money. The infected version of the game, available from a number of Windows Mobile download sites, contains the “Terdial-A” Windows-CE Trojan, which makes expensive, international calls with the user’s phone. Victims are typically unaware of the malware until they receive the shocking mobile phone bill.
Internet security firm Sophos believes the infected game is the work of a Russian-speaking hacker who is likely attempting to access some of the money from the pricey calls.
Tags: hackers, malware, mobile-security, trojan
Posted in Uncategorized | 1 Comment »
Tuesday, June 15th, 2010
We’ve previously posted about a number of consumer devices shipping from the factory with malware pre-installed. The latest example comes from Olympus Japan and their Stylus Tough 6010 compact digital camera.
A recent article on The Register describes the malware — pre-installed on the camera’s internal memory card — as an auto-run code intended to contaminate Windows PCs connected to the camera via USB.
It is estimated that approximately 1,700 of the cameras shipped with the virus which, as The Register notes, could have originated from an infected PC at the manufacturing or testing facility.
Tags: camera, device security, malware
Posted in Uncategorized | No Comments »
Tuesday, June 8th, 2010
A recent Wall Street Journal article discusses the growing concern among experts that mobile app security is not keeping up with the rapidly expanding smartphone/mobile market.
“Mobile phones are a huge source of vulnerability,” said Gordon Snow, assistant director of the Federal Bureau of Investigation’s Cyber Division. “We are definitely seeing an increase in criminal activity.”
The FBI’s Cyber Division recently began working on a number of cases based on tips about malicious programs in app stores, Mr. Snow said. The cases involve apps designed to compromise banking on cellphones, as well as mobile “malware” used for espionage by foreign nations, said a person familiar with the matter. To protect its own operations, the FBI bars its employees from downloading apps on FBI-issued smartphones.
The article points out that while some believe Google’s Android Market to be less secure than other mobile app stores, (due to its apparently less strenuous vetting process for new apps), even apps from Apple’s iPhone App Store could pose potentially harmful security threats to users.
Tags: android, apps, FBI, iphone, malware, mobile-security, security
Posted in Uncategorized | 1 Comment »
