News Bytes: IoT devices are finally getting the privacy overhaul they need
Written By: Austin Miller
All devices have vulnerabilities, but Internet-of-Things (IoT) devices are especially suspect. If you’ve been following our coverage of the industry over the last few months, you’ll have noticed a particularly disapproving attitude from the editor towards the general security practices of even the biggest IoT producers.
Thankfully, researchers at Carnegie Mellon University have developed a privacy framework called Peekaboo which should hold these companies to account for their products. Although the document is a robust approach to IoT security, it is mainly concerned with securing Android-based devices and ensuring that raw data does not escape the devices on transit from the devices in question and the appropriate cloud services they are connected to.
The framework is designed to be easily use, meaning that anyone installing a new smart home application can simply load the preconfigured tools to ensure their security. The team said:
“This approach offers more flexibility than permissions, as well as a mechanism for enforcement. It also offers users (and auditors) more transparency about a device’s behavior, in terms of what data will flow out, at what granularity, where it will go, and under what conditions.”
Peekaboo offers a hybrid architecture, where a local user-controlled hub pre-processes smart home data in a structured manner before relaying it to external cloud servers.”
The future’s looking a little brighter for IoT users – hopefully soon, we’ll be able to install them without feeling concerned about what exaclty escapes our networks!
Advanced threats target unpatched systems instead of novel vulnerabilities
“Austin, you’re just saying the obvious now”, the SecPro readership tells me. Well, you’re probably right. Of course, the opportunist adversary is going to target unpatched systems if they have a chance – why would they make their job harder than it already is?
This approach is actively being carried out more and more by the adversary, however – no longer is the average cybercriminal an especially talented programmer or rogue security professional who has found a new way to exploit a system. Now they are would-be criminals who buy or otherwise acquire details about compromised systems online and use known exploits to attack their victims.
In an expose ran by Hacker News, the real-life attack from BVP47 was logged to show that organizations simply aren’t updating their systems and are almost willingly becoming vulnerable to attacks. When the cost of hiring a security team outweighs the potential losses from an attack, you have to ask whether something needs to be done to take money out of the equation.
Ao Qin Dragon found targeting Southeast Asia and Australia
We all know that every major country on earth has extensive black hat cybersecurity professionals working to destabilize rivals. In the ever-escalating cyber-tensions that cause government bodies massive headaches, it would be foolish not to defend yourself against outside threats and go on the offensive. Of course, we’re more likely to hear about Chinese or Russian attackers and this story is just another one in a long line of a major powers exerting technical pressure on international rivals.
Ao Qin (奥琴 in Mandarin, eluding to a mythical dragon from Chinese mythology) is an advanced persistent threat (APT) that has been targeting rivals in Southeast Asia and Australia as far back as 2012, using Microsoft Office macro attacks to exploit CVE-2012-0158 and CVE-2010-3333. Along with the macro attacks, extensive phishing campaigns have been supported by the Naikon APT group who also targeted US based organizations.
The tactics of Ao Qin have changed greatly since their inception and this has lent credence to the idea that a range of various attacks have all come from a central cybercriminal. To find out more about Ao Qin, check out the SentinelLabs report here.
Auto-update worries? At very least, your security will be handled
Apple has announced that a new feature that will be included on iOS 16 and macOS Ventura called the Rapid Security Response. This process will automatically update all security features, even if non-essential updates are refused.
This new feature shouldn’t come as a surprise to anyone who has worked with Apple in the recent past – this was an optional feature from all iOS releases after 14.5. If you’re an Android user, you might even be wondering what tooks Apple so long – this feature has been included through Play Services and Play Protect for a while now!
This new update is one of many that the new versions of Apple’s iOS and macOS will bring to the table, which you can read about in the release notes here.