Data Privacy Alert Vol 13.80 – CES 2015 Trends that Can Impact Data and Privacy

As the International Consumer Electronice Show (CES) 2015 brings forth the next generation of devices to watch out for, it also opens issues of digital security. While new technologies and devices are always interesting, they also have the potential to burn consumers and vendors with risks to security and privacy. With these in mind, we picked out four tech trends from CES 2015 can impact your data and privacy.

Wearables and Portables

Vendors are now in a “war for your wrists” as newcomers jump in with wrist-worn smart devices that can connect to mobile devices, take calls, get reminders, answer messages, log fitness data, display social notifications, track sleep patterns, and/or even control a car system. One Bluetooth-connected bracelet can reportedly last a year on one charge by displaying your mobile notifications in E-ink.

Other types of wearables were featured as well. Notable—even quirky—ones include a smart belt that tracks your weight, a smart ring that lets you control home appliances, and a thumb-sized clip-on camera that takes photos every half-minute.

Most of these wearables connect to an app that can be remotely controlled via smartphones or tablets. As a result, they may rely on security settings afforded by mobile devices, which is rather disconcerting given that there are now a total of 4.37 million malicious and high risk apps out there, including fake ones that may allow cybercriminals access to data from wearables.

You are what you wear, but, in this day and age, you might just be what your wearable devices say you are. Seeing as wireless connections allow wearables to sync data in real time, bad guys may just get an accurate picture of your personal life to the last second—personal conversations, social shares, time of sleep, owned appliances, and photos included.

Suggested reading:

3 Security-Related Categories of Wearables

2 Ways Attackers Can Get Data on Wearables

The Most Damaging Type of Attack for Wearables

Health Trackers and Gadgets

Health records are sensitive pieces of data as they can affect many external aspects of an individual’s life, such as employment, insurance liabilities, or social standing. CES 2015 served as host to a number of digital health innovations that transfer health records, such as a diabetes tracker that can log insulin injection time and share it to your doctor, a smart scale for pregnant women, and blood pressure monitors that connects to mobile devices.

The mentioned technologies promised convenient ways of tracking one’s health but did not say what happens to the data once they’re shared to others—relatives, doctors, or other health professionals—or if there are ways to limit access to them. With the number of healthcare breaches last year, consumers who may use these products prior to ensuring their privacy and security policies may end up with stolen health data.

Innovative Smart Home Appliances

Who wasn’t impressed by the ultra-high definition screens of the 4K television sets unveiled during this year’s CES?  More than these, the floor was peppered with appliances that promise a bright, smart home future. Known home kit hubs add more brands and gadgets for setting up a connected home system. A new keyless lock system connects to your Apple device, assuring end-to-end encryption and authentication.

We did see home system providers improve on security by encrypting data, but other system holes remain at risk. A new router model’s ultra-fast connection, for instance, may prove convenient for hackers. Moreover, the complex requirements of running a connected home may prove too much for households.

“Managing a household full of smart devices calls for the skills of both a multi-user IT administrator and a handyman. Let’s call this role the Administrator of Things (AoT). Ordinary users are being asked to take on this role despite scant evidence that they are ready for it.” – Geoff Grindrod, Trend Micro Director of Threat Intelligence Services

3D Printing

“Beyond the standard security concerns of any connected device, the primary security concern with 3D printing is around intellectual property.”– Mark Nunnikhoven, Trend Micro VP of Cloud and Emerging Technologies

With intuitive 3D printers advertised to “beginners and enthusiasts” starting to come into the market, 3rd parties will likely enforce digital rights management (DRM) to restrict what you can or cannot print on a printer. However, we have seen issues of DRM being used by 3rd parties outside their purpose.

In addition, affordable 3D scanners and printers may help consumers as much as it helps scammers. Soon the ads that have been spotted in the underground market for mass producing ATM skimmers via 3D printing may become a norm in the global threat landscape.

CES is a major technology event followed by consumers and vendors alike, one that effectively answers the question of what’s hot, what’s new, and what’s next in the world of consumer electronics. But should it stop at that? Given its vast reach, we should also think about “What Happens Next”—stoking discussions on the real-world impact of the presented technology, including the security implications to its possible users.

Related Posts

 

Michelle Drolet published in NetworkWorld – Throw your vendor under the bus after a breach? Not quite so fast

VendorBus

Our Michelle Drolet is quoted in NetworkWorld’s article “Throw your vendor under the bus after a breach? Not quite so fast“. Read more below:

In everyday business, a complex set of external relationships is commonplace. Services, infrastructure, and even software live in the cloud, supplied by third parties. An organization’s value is often in the data it generates, but how secure is that data across your digital supply chain? Do your external vendors and partners adhere to your security standards? How do you know for sure?

They may have filled out a questionnaire and ticked your compliance boxes. But, if a legal or regulatory issue comes up down the line, or there’s a serious data breach, that questionnaire is not going to save you from exposure. Trust your partners, but make sure you verify. There’s no substitute for comprehensive due diligence, and you must continue to monitor partners for as long as the relationship lasts.

Click here to read the entire article on NetworkWorld >

 

Image credit: Cutcaster

 

Data Security Alert Vol 13.79 – The Top Hacks of the Year

As we approach the end of the year, let’s have a look back at the top hacking incidents of 2014. This year, we might have witnessed the most damaging attack of the decade. It will not be easy beating the Sony attack.

SONY

On November 24th all of Sony Pictures employees’ computer screens started showing a picture of a skeleton and a message threatening to release sensitive data to the world. As a response to the hacking, Sony shut down all its systems, including email servers, to prevent more data leakage. All this effort however was not enough, the attackers who identify themselves as the Guardians of Peace (#GOP) claim to have stolen over 100 TB of data. They have so far released some 40 GB of data – a tiny fraction. The attackers demanded (and succeeded) of Sony Pictures not to release a controversial movie named ‘The Interview’ – a comedy about the assassination of the North Korean leader Kim Jong-Un. As a response Sony cancelled the release of the movie. FBI investigation blames North Korean government for the attack, while North Korea denies any involvement.

HOME DEPOT

The Home Depot, a major chain of home improvement stores in the U.S. had suffered a very large data breach. Over 56 million customers’ credit and debit card information was exposed. According to report, the cybercriminals behind the attacks infiltrated the company’s systems at least 5 months prior to discovery. Many blamed Home Depot for not having proper security measures in place.

REGIN APT

Called the most advanced cyberespionage campaign to date, the Regin APT is a highly complex,state funded threat. The Regin malware carried the ability to intercept and manage GSM communication systems. The main countries of focus are Afghanistan, Iran, Syria, and others. It is believed the campaign was designed by the British intelligence agency GCHQ and the NSA.

THE FAPPENING

A collection of nude celebrity photos and videos was stolen from Apple’s iCloud online storage in September, published on 4Chan, and later released in a number of parts for download via torrents. The database included many well-known celebrities, such as Jennifer Lawrence and Kate Upton’s very revealing photos. Apple claimed that their cloud storage has not been breached, many were left unconvinced.

THE SNAPPENING

After iCloud, next in line to get breached was the picture messaging app Snapchat. Photos on Snapchat auto-destroy, but there are services that are able to save these for you – one of which (snapsaved.com) was hacked. The entire 13GB database was made available for download on Pirate Bay.

CHASE

One of the largest breaches this year (although not the most devastating) was the J.P. Morgan Chase data breach, where over 76 million households and 7 million businesses. According to Chase, no financial information, SSNs, login information, etc., was stolen. Only emails and phone numbers and addresses were compromised.

Although there were others, including many attacks involving crypto-currencies, these comprised the top 6 hacking incidents in our opinion. If you believe others should have made the list, please leave a comment below.

Happy Holidays to all of our readers. Enjoy safe holidays and secure new year!