We use cookies and similar technologies to recognize your repeat visits and preferences, to measure the effectiveness of campaigns, and improve our websites. For settings and more information about cookies, view our Cookie Policy. By clicking “I accept” on this banner or using our site, you consent to the use of cookies.
I Accept
This article contains:
Physical and cyber threats: The parallels
A former executive assistant director at the FBI, Shawn Henry, kicked off the event with a keynote that pointed out the similarities between physical threats and cyber threats, noting how both can be thwarted with the right intelligence. For instance, knowing that “a woman with short brown hair and a tattoo on her ankle is about to bomb XYZ Company’s car manufacturing plant” is a bit more helpful than knowing “a woman, somewhere, is going to wage an attack.”
Near Field Communication: security implications
Near field communication (or NFC) was the topic of another interesting discussion at Black Hat. NFC offers cutting edge technology, complete with all the wonders of mobile payments, data exchanges and simplified Wi-Fi. But NFC is also generating some security concerns. Charlie Miller, a very well-known security expert and currently principle security consultant at Accuvant, demonstrated a way to use NFC to hijack an Android smartphone. Mr. Miller showed how this could be done by placing an NFC tag on an otherwise legitimate NFC device. The tag instructed the mobile device to switch on Bluetooth, resulting in the unauthorized sending of data via the mobile phone to a nearby PC. The ease with which Mr. Miller was able to do this was rather unsettling, especially when he then demonstrated making a call from the PC and sending an SMS using the bluetooth connection. And when the whole point of NFC is the wilful exchange of information with the wave of a phone, users start to realize the potential for widespread damage.
Both of these speakers provided recommendations on addressing these threats. For example, if we can have more intelligence about the people that might attack us, then we can be better prepared to stop them. If we better understand our data and how our data puts us at risk, we can begin to understand who might find this data valuable and what methods they might use to obtain it. Once we have a better sense of who our data attackers are and what methods they use, we can get a better sense of how to keep our data safe.
The value of personal identity:
Another session topic was: “How do you put a value on someone’s identity?” It explored the scenario if a company needed to compensate a consumer for the loss of their personal data through a breach, how can the cost to the consumer be calculated? On the web, convenience is essential but security makes the web less convenient, which, amid recent high-profile breaches, can lead consumers and companies to wonder if they are being as secure as they can and should be?
Window 8: security features
Windows 8 was another key topic of discussion, and experts applauded its new security features. Microsoft’s latest operating system includes sandboxing its Metro Apps to isolate and protect applications from exploits. It does, however, remain to be seen whether Metro Apps will fall prey to social engineering attacks that require user permission to succeed such as those which have successfully targeted the Android smartphone platform.
AVG’s Q2 Community Powered Threat Report, released on 25 July, describes how the Android DFKbootkit masquerades as a fake version of a legitimate application—for example, Angry Birds Space. When the unsuspecting user downloads what he or she thinks is the popular game from Rovio, the malware assumes full control over the device and enabling the author to generate revenue by charging fraudulent premium SMS to the user’s phone bill.
AVG’s top five tips to keep your Android smartphone and computer safe:
1. Prior to installing any application, carry out a background check on the developer and application, looking at ratings, reviews, history. Only download from application stores, sites and developers you trust – or set your device to download only from Google Play.
2. Think before you click ‘OK’ to any requests your phone or PC make for your permission. Check if it seems bona fide or whether it appears odd that the application should be asking for this permission or to execute a download.
3. Keep your computer programs, such as Adobe Acrobat and Adobe Reader, up-to-date so you are not tempted to follow prompts to upgrade when trying to access content from the web.
4. Install antivirus security software on your computer and your smartphone and keep it updated. This will work as your eyes and ears to keep your personal information safe and ensure your peace of mind at home and on the move.
5. Monitor your mobile phone bills very carefully – if you notice any small amounts you cannot account for, investigate further and if you suspect your smartphone has been exploited, run a genuine security product to find and remove any malware.
For more information on these and other threats analyzed by AVG in the AVG Q2 Community Threat Report, please go to: http://mediacenter.avg.com/en/press-tools/avg-threat-reports/avg-community-powered-threat-report-q2-2012.html