Smart, Smarter… Dumbest… 0 194

Technological evolution: who hasn’t heard of this yet? It brings happiness into our lives, more convenience and less cumbersome usage, more and more possibilities for the user… Why make life (more) difficult when it can be made so (much more) convenient?

Just look at a communication device that you cannot ignore anymore, even if you wanted to: the smart phone. For the younger generation, it’s as if a cybernetic system is prosthetically attached to their arms; resisting it is futile! And they want their phones to become smarter and smarter, taking over more and more functions of their daily lives.

Now this is, of course, heaven for manufacturers: they can all battle to find new unique money-making features to add… or to make one that already exists much better. Likewise for the developers of dedicated apps (think, for example mobile banking). Innovation to make our daily lives “easier and easier”, basically a one-click life.

With the technology evolving at an ever faster pace, and an increasing focus on being the first to have the latest selling point, thoughts of security tend to be secondary, at best. This creates more possibilities for hackers, those that want to steal information, eavesdrop, etc. As these new features are introduced more and more often, and with more and more haste, in the smarter phones, so the probability of zero-day exploits becomes higher.

It seems that with the speed of technological evolution, the “urge” of people to use new features as soon as possible – even though they may not even exist right now and while these tasks can already be done in ‘the old way’ – is unstoppable. And at the same time we complain about data leakage, data loss, lack of privacy and insecure operating systems.

Maybe it is time to press pause and make it all secure, or more secure, dial back on the technological potential technological possibilities – making devices more controllable. There is definitely a demand for that, too. Just last week the Dutch Government announced that officials must switch to dumb(er) phones, deliberately equipped with low-tech specifications, making it harder for hackers to intercept them. The new phones only can be used for calls or SMS; they lack the ability to install apps or connect to the internet (I still remember those (brick) phones from the late 90’s!). While the prime-minister and some ministers already use such a device, others will have to “abandon” their current mobile phones when travelling to specific countries or regions and will be issued with such a low-tech phone and urged to leave their regular phone at home. This should make communication secure, or at least less insecure’, since the replacement mobile phone has been prepared, checked and certified by the Dutch Secret Service. A great step back, getting rid of security by obscurity, and prioritizing safety over features.

The example of the Dutch Government is not an isolated incident, it seems to become a trend. Earlier this year, the White House banned personal cell phones from the West Wing, citing security concerns. Staff will be able to continue to carry out their business on government-issued devices.

But of course it is not only the device that needs to be more secure. You, the user of the device, have to be aware of security issues too, such as not taking a personal phone with you on business trips, but also making and receiving calls with your secure phone in a secure environment, making sure that there are no cameras or listening devices, and no windows conveniently nearby so that lip-readers can do their job. And then making sure you whisper as the walls in the hotel may be thin, and… Oh wait… Remote laser vibration sensors can decode the audio! Best to go into the hotel room bathroom, close the door (they tend to have some soundproofing), turn on the shower and stand quite close to it while calling… Am I getting paranoid?

By all means, let’s not get too James Bond-ishly paranoid. For politicians, top managers of large multinationals dealing with sensitive information that could affect stock markets, those who deal with (trade) secrets and intellectual property: this may be an issue and they should take the necessary precautions. But revert completely to using only a dumb phone, even for normal calls asking, for example, how grandmother is doing?

Just remember that in the past, listening in on calls made on the analog telephone system with no encryption was really easy. Technology brought us a long way ahead, but perhaps a bit too fast. A small step back, made by securing the current “standard”, is more feasible than complete eradication of what has been created and accepted as a normal part of our daily lives. Such a complete reversion would not even be considered acceptable anymore if we were to disallow commonly-used devices.

Are you going to tell your teenage and pre-teenage children that a hot-off-the-press-release model smartphone with the newest features is now prohibited, and an old phone that can only call/text is all that’s available? They will be angry, feel ashamed of their old-fashioned parents, and will not go out anymore as they refuse to have their friends see them with such a simplistic, dumb phone. As they will not be able to interact with their friends anymore, because social media apps do not exist for their dumb phone (and since they won’t leave the house anymore), they will have to talk to you again.

Wait a minute??? Kids that start to talk to their parents again… But that’s a good thing! Where can I get one of these phones?!

Previous ArticleNext Article

Meltdown and Spectre 0 300

 Microsoft released Security Advisory 18002 on Wednesday, January 3, 2018 to mitigate a major vulnerability to Windows in modern CPU architectures. ESET released Antivirus and Antispyware module 1533.3 the same day to all customers to ensure that use of our products would not affect compatibility with Microsoft’s patch.

The first few days of 2018 have been filled with anxious discussions concerning a widespread and wide-ranging vulnerability in the architecture of processors based on Intel’s Core architecture used in PCs for many years, as well as processors from AMD, and even affecting ARM processors commonly used in tablets and smartphones.

The good news is that ESET can help protect against the types of malware that could take advantage of these vulnerabilities.

And, ESET was one of the very first security vendors to allow the Microsoft patch against the flaw to be enabled.

While ESET protects against potential malware infection, you should also take these steps to secure your computers and data:

  • Make sure your browser is up to date. For Chrome or Firefox users:
    • Mozilla has released information describing their response, including how Firefox 57 will address these security flaws.
    • Google has stated, “Chrome 64, due to be released January 23, will contain mitigations to protect against exploitation.” In the meantime, you can enable “Site Isolation” found in current stable versions of Chrome to provide better protection.
  • Make sure you update your ESET software, then update your Windows OS to protect against this exploit. To update ESET:
  • Customers should review ESET’s Knowledgebase article for important updates.
  • See this great collection of tips, articles and recommendations from the Google Project Zero team.
  • If you have a cloud-based server or have a website hosted by hosting provider, check to see what mitigations they have implemented already to prevent Meltdown.

Security trends to look out for in 2018 0 411

After a turbulent 2017 with Cyber Security making regular headlines, looking ahead to the coming year, there will no doubt be further discussions about the threat landscape.

Ransomware Revolution  – Ransomware of Things

Technological advances and their accelerated use have led to a number of scenarios considered unlikely just few years prior, are now within the realm of possibility. The advice going into 2018 from ESET researchers is to back up everything that matters to you, often, by keeping at least some backups offline – to media that aren’t routinely exposed to corruption by ransomware and other malware – in a physically secure location. As the Internet of Unnecessarily Networked Things becomes less avoidable, the attack surface increases, with networked devices and sensors embedded into unexpected items and contexts: from routers to fridges to smart meters, from TVs to toys, from power stations to petrol stations and pacemakers. As everything gets ‘smarter’, the number of services that might be disrupted by malware becomes greater.

Criminals following the money

With data being the most valuable asset, ransomware is set to remain in great demand among cybercriminals. It is important to note that many ransomware attacks are not sophisticated enough or never intended to recover the victim’s data once the ransom has been paid. For these reasons we suggest not only backing up of data online and offline but also implementing proper security measures such as proactively training staff on what phishing emails entail and how to avoid clicking on them and entering any credentials.

Critical infrastructure attacks on the rise

Cyber attacks on the Ukrainian power companies resulted in electricity service being turned off in hundreds of thousands of homes. The implications of this for future attacks of this kind include more than just the power grid but also includes critical manufacturing and food production, water and transport and the defence and healthcare sectors.

Safer for all

This year has seen ESET’s malware analysts continue to help law enforcement crack down on malicious campaigns and, by extension, the criminals spewing them. We are confident that 2018 will bring further successful investigations as we will continue to lend a hand to authorities so that, ultimately, the internet can become a safer place for everyone – except cybercriminals.

Download the full Security Trends 2018 report here