Tag Archives: Security

Facial Recognition – here to stay?

23 Friday Aug 2019

Posted by in Security

Leave a comment

Tags

,

Facial RecognitionLove it or Hate it Facial Recognition technology is here to stay. What is now being recongnised is a need for governance and controls over systems that use it and in line with any current country legislations and data laws.

The ability to recongnise objects and faces is not new, but an evolving technology that is getting better at what it does.

When the use of ANPR (Automatic Number Plate Recognition) systems came out similar debates were had and these systems are controlled and governed by a set of strict guidelines. ANPR systems are now widely used across the world from Police Forces to Car Parks checking the time you have stayed against the ticket you have purchased.

Our acceptance of these Facial Recognition systems may take a similar route.

There have been a lot of stories recentrly about Facial Recognition and its use such as the UK Kings Cross Development which is now under investigation by the ICO around the storage and use of the data.

Many Police forces in the US have been using it and in the UK there have been trials of the technology with some trials not going forward due to human rights discussions and also some technology not picking up everyones faces correctly. Advancements are being made in the systems to resolve these issues and increase the ability to capture and recognise the information.

Some states in the US have banned the use of the technology (or are considering banning) and the EU are also starting to consider bans.

The UK Home Office and Border Force are currently looking at a version of Facial Recognition to help cut down on the queues at the border. The e-queues already do facial matching from camera pictures to passports to automate the system.

For me I am okay with the technology as long as its being used to help us police and keep us safe. Also the ability to recognise for financial and security systems. You can build your own system that you can teach it to recognise your face using a Raspberry Pi,

 

 

 

More Scam Callers – time for some fun

10 Friday Aug 2018

Posted by in Security

1 Comment

Tags

PhishingIt it just me or is this on the rise? Recently I have noticed an increase in the number of scam phone calls that I have been receiving on my land line and on mobile. All from different countries and trying various scams to get information, money or both.

ts nothing new, calls like this go on all the time and unfortunately people do get scammed as they fall for what is being said on the other end of the line.

The game is how long you can keep them on the phone so they can’t spend time trying to scam someone who doesn’t know they are being scammed.

Recently an automated call with a computer voice called my home number saying that my internet router was going to be shutdown from my service provider as it had been identified as being hacked. Yeah – Right! So I played along and decided to record the call, which I will probably use in a future podcast. I got put onto a woman in India who evidently didn’t know what type of scam front end had put me through. She then went on to tell me my computer had a virus. Eventually I did ask “How many people had she scammed today”. The reply was lots and she put the phone down. – Time on call 30 Mins

Another call today was one of those, insurance accident ones, but this time they tried a different tack. Saying it was a follow up call to my wife about the accident she had. Again scam and I asked the lady who called if she had job satisfaction scamming people. This call came from London so I have reported it to the action fraud centre. – Time on call 5 Mins.

And as I am writing this post another call comes in – Can you spare me 20 seconds to answer 2 questions, then starts to ask me to confirm my phone number and tries to ask me about my home ownership. When I ask whats the end part of the the call, are they trying to sell me something or scam information out of me they hang up. Another call from London so again have reported it to the action fraud centre. – Time on call 5 Mins.

At least that’s 40 mins that other people haven’t been bothered or scammed by these callers.

A lot more can be done though and needs the teleco’s and authorities to go after the numbers where these calls come from and start prosecuting or at least shutting them down. That said the police get these calls as well – here is a great video on youtube of an IRS scammer trying to scam a police officer and he gets the scammer to explain how that particular scam works.

Lots of people already add numbers to online systems such as Who Called Me, and these are normally the first place I go when number comes up I don’t recognise. You can also put the number in the search engine which bring up sites where its been logged as a problem/scam caller.

If you don’t know how to protect yourself on the phone, one of the best place to get tips is from your or other banks websites. Plenty of good information on keeping safe on there.

Just because you call saying your from my bank doesn’t mean I’m going to answer your security questions.

 

 

 

 

 

Joining the World of Dashcams

10 Tuesday Jul 2018

Posted by in Security, Tools

Leave a comment

Tags

,

DashcamI have decided to be a lemming and follow everyone in the move to equipping my car with Dashcams. Although not a new thing a recent boom in the use of cameras in vehicles has made this  now a very common practice to have one. It is easy to fit a Dashcam to any vehicle to record the driving habits of the driver and other road users.

These range from cheap Dashcams that can record to an SD Card through to more expensive models that send recordings to the cloud (Servers on the Internet) that can then be viewed through a mobile phone app.

So why be a Dashcam lemming? Following a near miss the other day with a car pulling out of a junction (give way) on me without looking at the traffic coming from the right, whilst I was coming along the road, I have decided its time to add some evidence just in case! Well I get this most mornings as the estate I live on is used as a short cut to miss out the main roads and queues of traffic. Time to join the masses.

Also because this is becoming the next thing on being able to easily upload footage to the authorities.

Dashcam footage submission website goes live

Advice from Cheshire Police on submission Dashcam footage

I have noticed that since getting camera’s on the car that there has been a reduction in the number of people that have tried to drive in my boot.

Perhaps with enough evidence I can get a Give Way Junction changed to a Stop Junction. I’m not looking to increase the number of drivers prosecuted, just make the estate I live on safer to drive.

And where do Dashcams fit with GDPR? Some good advice on the link below.

Dashboard Cams – do you need notify the ICO?

Smart Home – How many Hubs?

07 Tuesday Nov 2017

Posted by in Connected Home, Digital, IoT, Security

2 Comments

Tags

, , ,

Planning a Connected HomeWith the typical home now being enticed into the world of the “Smart Home”, IoT (Internet of Things) and Connected Everything the number of hubs being offered with each service is growing.

So what is a hub? A hub is a device or service running on a device/computer that acts as a connection point for devices to connect to the internet.

Lets assume that you have 4 devices that need connecting to the internet so that you can control them via a personal assistant (Alexa, Siri, Google, etc) or an app on your mobile phone. For this example think of the devices as light bulbs.

The devices (light bulbs) connect using a wireless protocol to a hub. This will be a protocol that has been chosen by the vendor and is not able to be changed, such as:

  • 6LowPan
  • ZigBee
  • Z-Wave
  • Wi-Fi
  • Bluetooth

See “IoT Device Security Considerations and Security Layers – Network Communication

The hub will then be connected to your home router either by a wired connection or another wireless protocol (Wireless Protocol 2). This will typically be set to the same level that your home WiFi is set to (i.e. WPA2).

The hub will then send its data to which every internet service is providing the service and allow connection to your controlling devices.

Connected Home Hub Diagram

Typical device and hub design

As the number of services grows that you can consume, the number of hubs required will also grow.

Connected Home Multiple Hub Diagram.jpg

Multiple Hubs in the Home

There is currently not much drive for integration of the hubs or a central generic hub to bring these devices together and a home may have between 1 to 5 hubs as the smart home grows.

The services that we consume is currently down to personal choice, however there are developments that will force a level of connectivity onto home owners.  The first will be the Smart Meters, although this is sometime off as the target is 2020 for installations of Smart Meters.

One of the latest developments is the insurance market, looking at the use of IoT to help bring down insurance premiums.

We may not think too much about hubs as they may be hidden within another device, such as the latest Alexa with inbuilt Philips Hue Hub, however they are there.

The hub is here to stay, but how many do we really need within a connected home.

Further Reading:

Blog Series on:  IoT Device Security Considerations and Security Layers. 

 

How much trust should we give apps with device permissions

13 Tuesday Jun 2017

Posted by in Digital, Security, Tools

Leave a comment

Tags

, ,

spyware-2319403_640Have you every gone to the app store and just installed something on there because it looks good and something you want to look at, or purchased a product and then installed the app without thinking or checking it out first? Lots of people do, but do they really know what is going on under the covers?

How often do you install an application onto your personal device without checking the permissions that it requires or know what the app has access to and what its doing?

These are relevant questions that we should be asking ourselves as we become more connected and joined together sharing our personal data. This is a subject that I have written about before on app permissions and is still relevant today.

I have recently been asked to look at a fitness braclet that someone had who wanted to install the app. What struck me about this app that basically allows you to control a basic fitness tracker was the permissions to allow access to the Camera and Microphone, when there is clearly no reason within the product or app to have them. Is this a lazy programmer who hasnt set the right permissions on the app or is there something else going on.

Invite

One of the great things I like about mobile devices now is the ability to actually turn these off myself.

So do I want my coffee app to know where I am all the time, maybe not, but I do know that it may need access to the storage to download the latest offers and store those discount vouchers.

Of course stopping a permission may cause application issues, however the important thing is that a user can say no.

So when was the last time you checked the apps installed on your device and their permissions?

Accepting automation – Do we need safeguards?

09 Tuesday May 2017

Posted by in Automation, Open Source, Productivity, Programming, Security, Tools

Leave a comment

Tags

, , , ,

CogsThere are many and apps available to help us automate basic tasks on our mobiles and computing devices. When choosing these tools, we often read reviews and then download the app, run and set up, then let it run its tasks accepting that it will carry out our requirements. But what happens when there is an issue.

I have a simple IFTTT (If This Then That) recipe running on my mobile phone that sends a test message when I leave an area set up in google maps using Geolocation and GPS to look at my location. A standard recipe for IFTTT.

Today whilst sitting at my desk the recipe triggered saying I had left the area, however I am sat in the middle of my geolocation fence which extends for about 1 mile around to allow some local area travel. The net result is the person who got the message thought I was on my way home, when in fact I was still at work.

Solution to my problem:

The issue with this recipe was caused by the Android operating system and the phone type causing some wonkiness with the location. I fixed this by ensuring all the packages are up to date, rebooting and using another app called GPS Status to assist with ensuring my GPS is working correctly and has the right the location. Also ensuring that the GPS is set to high dependency. The downside may be the drain on the battery with the extra services – I will monitor this going forward.

The main thing this points out is how we accept and then use an app/tool and expect it to work, but not consider the what ifs, such as what if the app triggers incorrectly. Should I have set any safeguards in the recipe or built a counter app.

No harm done in this case as it triggered a text message, but what if this had done something different such as put the heating on, turned on a kettle, opened the garage door, turned something else off? This could be reversed using another recipe to turn things off if I’m within the geolocation fence.

So, what can you do to ensure that your apps/tools and related apps/tools are reliable:

Research – review and research your app. Have there been any issues with running something similar.

Secure – Think about the security of the app and what you can do to protect yourself.

Update, Update, Update – keep the OS, Apps and related apps up to date. In this instance, Android, IFTTT, Google Maps.

Plan – for the what ifs. Allow a reverse control if needed such as turn off the kettle, close the garage, turn on the alarm.

Experiment – Dont be afraid to experiment to get the automation you require.

Safeguards – Think about any Safeguards you may need to build in such as a counter app.

Voice Assistants and The Letterbox Problem

16 Sunday Apr 2017

Posted by in Digital, IoT, Productivity, Security, Tools

Leave a comment

Tags

, , ,

microphone-338481_960_720There are lots of voice activated tools and services now available from software on your PC and in your car to physical hardware you can place around your home. These devices are becoming everyday occurrences, “Alexa, whats the weather”, “Siri, recipe for  Chocolate Cake” (too many to list).

The two main ways to control them is via a button press then speaking such as my car to get it into a listening state, or they are always in a listening state awaiting a set of specific interaction commands, such as the applications name. There is at least a turn of listening mode.

However with all these devices and software, there is a distinct lack of security around voice recognition and lack of interaction security. For instance a recent incident where a TV show caused a number of Dolls Houses to be purchased.

We are busy connecting these devices to all sorts of home automation to make it easier to do things, but how many stop to think of what I term as: “The Letterbox Problem”. This is where you have automated your home to a level that includes things like your lights, powered items and your house alarm. As you walk into your house you can say voice commands to turn on lights, put the kettle on and turn off the alarm. The Letterbox Problem happens when someone has the ability to literally shout through your letterbox and activate or deactivate items in your house. To a would be thief, turning lights on and off will check to see if anyone is at home first before going for the alarm.

There is a security challenge here is to ensure that a level of voice recognition and security controls are in place. Voice recognition by itself is not good enough as I’m sure you’ve heard an impressionist mimic a celebrity on a TV or Radio show.

I would like to see a form of two factor authentication on a voice system so it can be sure its me before it carries out the task. Voice may be one of these, but something else like a token code or app on the phone may be a solution.

There a number of basic steps you can take at the moment to help protect yourself such as:

  • Think about the systems you are connecting the voice device to. Can it compromise your security if anyone else uses it.
  • Use the mute button on devices or turn of listening mode when not in use.
  • Keep the devices updated with the latest patches and firmware.
  • Use good password security practices on any sensitive systems you use (ie Bank Accounts, Paypal etc).
  • Use strong passwords on any associated accounts to the voice assistants, (ie Amazon, Google, Apple etc).
  • If your system allows it, clear out its cache and old activities on regular basis so they can’t be replayed against you.
  • Don’t have a system listening when the TV or Radio is on, especially when your out of the room. You may end up with a new dolls house.

 

Stringing along the Scammers

16 Thursday Mar 2017

Posted by in Security

Leave a comment

Tags

PadlockIts always great when you get a phone call saying “Hello, I’m calling from Microsoft and we have noticed a problem with your computer”. My inner kid springs to life and its time to string on the scammers.

Unfortunately my fun was cut a bit short after the first couple of questions when I was asked what key was next to my Ctrl key on the keyboard. They are evidently looking for a Windows key and they hung up when I gave them the keys of an Apple Mac Keyboard.

The worrying part is that this practice is still going on and people fall for it giving out information and going to web pages that will hack their machine and cost them money.

There is some good advice at this page on not being caught out and what to do if you are:

http://www.pcadvisor.co.uk/how-to/security/microsoft-phone-scam-dont-be-victim-tech-support-call-3378798/

 

How secure is your home in the digital age?

06 Friday Jan 2017

Posted by in Digital, IoT, Security

Leave a comment

Tags

, ,

censorship-610101_640Reports from CES 2017 is seeing some great advancements in consumer tech coming out in the journey to digital. Coupled with some recent reports from around the web I have been thinking about the question “How secure is my home in the digital age?”

There are several ways into your home in the digital age. These could be grouped as several main areas:

  • Physical
  • Electricity/Power
  • Comms ( Landline & Fibre/Broadband/Wifi)
  • Mobile
  • Media (Things you bring into your home)

The below is some food for thought on some recent highlights in the news.

Physical

Physical security is a thing we normally take for granted these days. Good front and back doors with locks. Fences, gates, spiked bushes as well as house alarms make us feel fairly secure in our castles (homes).

There are some considerations though to physical security though as these days you can purchase a lock picking kit off amazon for £10.00. These are mainly for the purposes of learning and taking part in a growing hobby of lock picking for fun (There are national competitions for this) and I am certainly not suggesting any type of activity that is against the law.

Makes you stop and think though! I have taken the steps of upgrading my locks to anti-bump, anti-pick and anti-snapping ones just to be safe.

Most dwellings now have alarms. Some smarter than others as alarms can now be connected through wifi and connected to voice services such as Alexa.

https://www.cnet.com/uk/news/scouting-out-a-security-system-that-talks-to-amazons-alexa/

I’m in two minds about this level of connectivity – “Alexa, disable the house alarm” shouted through the letterbox could be a valid command on some systems.

Electricity/Power

Electricity is the lifeblood of the Digital Age. Without power to devices they are not really going to work.

Batteries and Energy Harvesting aside the main focus area for homes is the smart meter. This is usually placed inline before the electricity cable enters the home.

This is probably the most difficult for a home user to secure against a hacker coming in and from recent press probably the most worrying at the moment.

Hackers can attack smart meters and cause significant damage

http://www.theregister.co.uk/2017/01/04/smart_metres_ccc/

There is still someway to go to ensuring protection from this type of hack in the future.

Comms

Connectivity into the home is common place with routers and a level of firewalls in place. With the rise of connected devices, consumers may need to think about increasing their security and firewalls to cope with the increasing number of devices wanting connectivity back to the web.

LG are going to be putting wifi into every appliance it releases in 2017

http://arstechnica.co.uk/gadgets/2017/01/lg-wi-fi-in-everything/

Its essential to ensure any wifi used is secured and encrypted and router settings are changed from defaults where possible.

Mobile

I could have grouped this into the comms grouping, however the mobile is becoming more a personal control hub for our environments.

Android malware can manipulate your router

http://www.zdnet.com/article/this-android-infecting-trojan-malware-uses-your-phone-to-attack-your-router/

Good practices and checking the validity of apps can help against downloading malware. Also a good security app on the device will help.

Media

In this grouping I am classing anything that you bring into your home outside of the internet and connect it to a device. There are still a lot of USB sticks used and other media so anti-virus and malware checking is essential.

With these things in mind, the consumer has a lot of things to consider as they allow their home to become more connected. Following good security practices needs to become second nature and perhaps more communication to the person on the street on security when an item is purchased.

IoT Best Practice Guidelines – Many more out there…

13 Tuesday Dec 2016

Posted by in IoT, Security

2 Comments

Tags

,

ThingsThe IOT Security Foundation has released three best practice guidelines on:

  • IOT Security Compliance Framework
  • Connected Consumer Products
  • Vulnerability Disclosure

I am currently reading through these with interest, especially the paper on Vulnerability Disclosure. Something that some companies do well and and some not so. I can see companies legal departments advising on this one, however it is an important topic for the industry to address.

These best practices provide one lense to look through on the issue of IoT Security as the industry still has a journey to complete with providing as set of universal standards due to the number of Groups and Communities publishing best practices, guidelines and standards. Some are specific to products and services and some are generic.

I have previously listed a number of IoT Groups in a previous blog post on IoT Standards

Links below from that blog post to some of the Groups/Communities

I had not listed the IoT Security Foundation on that original list so have added above. There are probably groups and comitties not listed here. Please comment below if you know of any others.

Choosing to follow best practices is a good thing. Choosing which best practice to follow can be a harder choice to make.

Until such time as a couple or even one set of standards, a hybrid Best Practice may present a good approach, picking the synergies between the best practices and standards, then bringing in the other ones needed.

These latest best practice standards do state that they are generic and up to the indivudal to adopt.