Mobile World Congress: Introducing 5G 0 1047

Year after year Mobile World Congress (MWC) takes place in Barcelona, Spain. It is an event that brings together almost every vendor related to the mobile industry to show off their shiny new gadgets, apps and services in our ever-increasingly-connected world.

One of the hot topics surrounding this world at MWC 2018 was 5G — the next generation of mobile connectivity.

What is 5G and how will it affect us?

If we look back at previous incarnations of mobile networks, 1G, 2G and so on, there have been major changes to the technology. The next generation, 5G, delivers greater speed and lower latency, but also has the advantage of being able to connect many more devices concurrently. This is one of the reasons why MWC has gone from being just a show promoting smartphone manufacturers and operators to a gathering of companies showing off connected world devices that could benefit from being connected to a 5G network.

The reality is that none of the existing technologies will disappear anytime soon, in fact the speed that can be achieved on the existing network are up to 1.2Gbps. So, asking the sales representatives in a phone shop about a new 5G handset will probably have them wondering what you’re talking about.

The existing infrastructure for 4G relies on cell towers/masts, typically with reasonable distances between them, whereas 5G is based on smaller, more frequent cells. The smaller cells help deliver the additional bandwidth and lower latency as the network becomes more distributed. The speeds are reportedly able to deliver 20Gbps with just 1ms latency.

Any new networks require licenses, funding and significant effort to introduce them. In the US, AT&T claims it will be the first company with a 5G network, that will cover 12 cities by the end of 2018 and aimed at the mobile phone market. Verizon is taking a different approach and intends on implementing 5G to compete with existing home internet service providers, and with the speed and capacity available on a 5G network this could be a very competitive offering.

Many exhibition halls at MWC had devices designed for the smart city, driverless cars, smart bandages that track your healing, through to virtual reality gaming.

While faster speed is a result of the improved technologies, it is the low latency and capacity that will enable these technologies to deliver a world where just about everything could be connected. The need for capacity is compounded once the connected devices start talking to each other. For example, the future driverless car may be able to communicate with other cars, traffic monitoring, or sensors on the roads and take actions based on the environment around it.

While some 5G smartphone handsets may start to appear on shelves in 2018, we should expect the main vendors to start offering them in 2019.

The rollout of 5G is moving quicker in some regions than others, as already discussed, carriers in the US see competitive advantage and have already announced their plans. Other countries that have openly stated their commitment to early adoption of 5G are China, Japan, South Korea, Australia and Norway, and I am sure this list will grow. In Europe, commitment from both regulators and financiers for the new networks is slower. This could be seen as a competitive disadvantage, or you could view this as sensibly waiting to allow others to experience the difficulties of early adopter first.

As with any new technology there are security considerations. Providers of services will need to combat the expected evolution of advanced malware that will accompany the new 5G infrastructure and implement threat prevention services and solutions that deliver security through layers, including machine learning, to deal with the increased network performance and capacity. Threat intelligence and pro-active security measures are essential components for any device or service being developed to utilize 5G, secure by design.

It is important to remember that understanding the psychology and mindset of the cybercriminal is also important, and for this, deep research by experts in the security field will help the industry predict where the attackers may see the next opportunity. So, while 5G will move us quicker, the benefit of added speed will have a cost and means that for the time being the human component in maintaining safer technology remains crucial.

Previous ArticleNext Article

Play it safe during FIFA 2018 0 977

We do realize that you’ve been caught up in the hurly-burly of the FIFA World Cup, but surely you have a few minutes to spare and peruse our roster of tips to stay safe online not only during the soccer spectacle. While you’re at it, recognize that no single player, no matter how stellar, is enough to put you on a path to success. In fact, being even one player short can be enough to trip you up. What should the pillars of your cybersecurity game plan be, then?

#1 A stitch in time saves nine

Last year went down in history for two serious cyber-incidents – the WannaCryptoroutbreak and the Equifax hack – that served up powerful reminders of the merits of swiftly squashing security bugs. 2017 also saw the highest number of  vulnerabilities reported.

So the number one player in you security team is updates. In your home settings, making sure that automatic updates are enabled for your operating system and software is an easy step to take to keep attackers away.

 

#2 Prune your team

Get rid of that disgruntled bench-warmer who ends up sapping your team’s morale. Software that you hardly ever use can become a liability simply by increasing your attack surface. To further reduce the possible entry points for cybercriminals, you may also want to disable unused services and ports, and ditch programs that have a track record of vulnerabilities.

For your browser, consider blocking ads and removing all but the most necessary of browser add-ons and plugins. While you’re at it, shut down the accounts that you no longer need and use your high-privilege, or admin, account only for administrative tasks.

#3 Practice strong password hygiene

One of the easiest ways to protect your online identities consists in using a long, strong and unique password or better still, passphrase, for each of your online accounts. It may well come in handy if your login credentials leak, for example due to a breach at your service provider – which, in fact, is far too common a scenario. Further, just as you’d never share your teams tactics with your opponents, you should never share your password with anybody.

If you’re like most people and find the need to remember many username/password combinations overwhelming, consider using a password manager, which is intended to store your passwords in a “vault”.

#4 Look before you leap

Even if you have the most complex of passwords or passphrases, be aware of where you input them.

Online, everything is just a click away, and scammers are keenly aware of that. In their pursuit of your personal information, they use social engineering methods to sucker you into clicking a link or opening a malware-laden attachment.

5 questions to ask yourself before clicking on a link are:

  1. Do you trust the sender of the link?
  2. Do you trust the platform?
  3. Do you trust the destination?
  4. Does the link coincide with a major world event like the FIFA worldcup? (Cyber criminals tend to be opportunistic this way)
  5. Is it a shortened link?

#5 Add a factor

When aiming for secure accounts, you need to up your ante by using two-factor authentication, particularly for accounts that contain Personally Identifiable Information (PII) or other important data. The extra factor will require you to take an extra step to prove your identity when you attempt to log in or conduct a transaction. That way, even if your credentials leak or your password proves inadequate, there is another barrier between your account and the attacker.

#6 Use secure connections

When you connect to the internet, an attacker can sometimes place himself between your device and the connection point. To reduce the risk that such a man-in-the-middle attack will intercept your sensitive data while they are in motion, use only web connections secured by HTTPS (particularly for your most valued accounts) and use trusted networks such as your home connection or mobile data when performing the most sensitive of online operations, such as mobile banking. Needless to say, secure Wi-Fi connections should be underpinned by at least WPA2 encryption (or, ideally, WPA3as soon as it becomes available) – even at home – together with a strong and non-default administrator password and up-to-date firmware on your router.

Be very wary of public Wi-Fi hotspots. If you need to use such a connection, avoid sending personal data or use a reputable virtual private network (VPN) service, which keeps your data private via the use of an encrypted “tunnel”. Once you’re done, log out of your account and turn off Wi-Fi.

#7 Hide behind a firewall

A firewall is one of your key defensive players. Indeed, it is often thought of as the very first line of defense. It can typically be a piece of software in your computer, perhaps as part of anti-malware software, or it can be built into your router – or you can actually use both a network- and a host-based firewall. Regardless of its implementation, a firewall acts as a brawny bouncer that, based on predetermined rules, allows or denies traffic from the internet into an internal network or computer system.

#8 Back up

A backup is the kind of player who doesn’t get much time on the pitch, but when he does get the nod, he can “steal the show”. True, we might have spoken ill of bench warmers earlier, but a reliable backup is definitely not the kind of player to spoil your team’s chemistry.

Your system cannot usually be too – or completely – safe from harm. Beyond a cyber-incident, your data could be compromised by something as unpredictable as a storage medium failure. A backup is an example of a measure that is corrective in nature, but that is fully dependent on how hard you “practiced”. Or, as Benjamin Franklin put it, “by failing to prepare, you are preparing to fail”. It will cost you some time and possibly money to create (time and time again) your backups, but when it comes to averting (data) loss, this player may very well save the day for you.

#9 Select security software

Even if you use your common sense and take all kinds of “behavior-centered” precautions, you need another essential addition to your roster. At a time when you’re pitted against attackers who are ever more skilled, organized and persistent, dedicated security software is one of the easiest and most effective ways to protect your digital assets.

A reliable anti-malware solution uses many and various detection techniques and deploys multiple layers of defense that kick in at different stages of the attack process. That way, you’re provided with multiple opportunities to stymie a threat, including the latest threats, as attackers constantly come up with new malicious tools. This underscores the importance of always downloading the latest updates to your anti-malware software, which ideally are released several times a day. Top-quality security software automates this process, so you needn’t worry about installing the updates.

#10 Mobiles are computers, too!

Much of this article’s guidance also applies to smartphones and tablets. Due to their mobility, however, these devices are more prone to being misplaced or stolen. It is also of little help that users tend to view security software as belonging in the realm of laptops and desktops. But mobile devices have evolved to become powerful handheld computers and attackers have been shifting their focus to them.

There’s a number of measures you can take to reduce risks associated with mobile devices. They include relying on a secure authentication method to unlock your device’s screen, backing up the device, downloading system and app updates as soon as they’re available (preferably automatically, if possible), installing only reputable apps and only from legitimate stores, and making sure to use device encryption if it’s not turned on by default.

A dedicated mobile security solution will also go a long way towards enhancing your protection from mobile threats. This includes a scenario whereby your device goes missing, so you are then able to use the suite’s anti-theft and remote-wipe functionalities.

#11 Be aware

The final team member is, in fact, you – the keeper. Stay vigilant and cyber-aware and educate yourself on safe online habits. Don’t ever say, “it won’t/can’t happen to me”, because everyone is a potential target and victim. Recognize that one click is enough to inflict major damage on yourself and others, and that breaking good security practices for the sake of convenience may come back to bite you worse than Luis Suárez did in 2014. After all, how secure we are is largely dependent on how we use the technology.

So there you have it. You may want to enjoy the soccer now.

Flaws in email encryption revealed 0 572

email encryption

A team of 8 academics have discovered weaknesses in OpenPGP and S/MIME encryption protocols which could lead to the plain text of encrypted emails being exposed to attackers. The academics have named these flaws “EFAIL”.

Insights from cryptography expert Bruce Schneier explained that “[t]he vulnerability isn’t with PGP or S/MIME itself, but in the way they interact with modern e-mail programs.”

To be able exploit the weaknesses, you would first need to access the end-to-end-encrypted email message. This could be by way of stealing it from a compromised account or by intercepting its path. Following this, the attacker would need to alter the email, adding a custom HTML code and then sending this new version onto the victim. The victim’s email client decrypts the email and is tricked by the malicious code into sending the full plaintext of the emails to the attackers. Even messages sent years ago are vulnerable.

The team said that their proof-of-concept exploit has been shown to be successful against 25 out of 35 tested S/MIME email clients and 10 out of 28 OpenPGP clients. The flaws affect email applications such as Apple Mail with the GPGTools encryption plug-in, Mozilla Thunderbird with the Enigmail plug-in, and Outlook with the Gpg4win encryption package. The academics said that, in keeping with the principles of responsible disclosure, they have reported their findings to all email providers concerned.