Info Security

Subscribe to Info Security  feed
Updated: 2 hours 9 min ago

Queen’s University Belfast Launches Cyber-Testing Labs

Fri, 06/01/2018 - 10:30
Queen’s University Belfast Launches Cyber-Testing Labs

Queen’s University Belfast is hailing a new £500,000 facility which will help academics and industry partners carry out testing and advanced research.

The state-of-the-art cybersecurity research lab is housed in the university’s Centre for Secure Information Technologies (CSIT) and features a multi-gigabit optical fiber network.

The high-speed network will provide new capabilities to carry out application and appliance pen testing, reverse engineering and advanced malware monitoring, according to the university.

Attack replay and monitoring functionality will also support research into DDoS attacks, it added.

“The CSIT Test Lab is one of the first UK-wide research infrastructures providing an experimental playground for both academia and industry to collaborate, innovate and share equipment, tools, experiments and data-sets,” claimed professor Sakir Sezer, head of connected systems security at CSIT.

“By combining all the new capabilities, the lab facilitates a highly configurable platform for many widespread communication technologies, enabling state-of-the-art ‘capture the flag’ and other red/blue tea’ cybersecurity challenge games and specialized cybersecurity staff training.”

A custom-built Cyber Range will enable researchers to connect remotely and share the facilities ad hoc with partners in other parts of the world, he continued.

The test network has been built using the latest equipment on the market, including Software Defined Networking (SDN) and Network Function Virtualisation NFV appliances, and support for industrial control systems (ICS) for smart grid and manufacturing.

ICS threats in particular are on the rise: with up to 30% of installations facing attack in the second half of 2017, according to Kaspersky Lab

State-backed Russian hackers in particular have been ramping up attacks against this kind of critical infrastructure, with the NCSC and US authorities releasing a joint technical alert to this effect in April.

The new research lab at Queen’s will also include a focus on more consumer-based IoT devices, including home IP Security cameras, health monitors, smart watches, home automation, logistic devices, PCs, phones and tablets.

Categories: Cyber Risk News

Face, Iris and Pulse Biometrics Close in on Fingerprint Tech

Fri, 06/01/2018 - 09:31
Face, Iris and Pulse Biometrics Close in on Fingerprint Tech

Face, iris and pulse-based biometric authentication systems will increasingly eat away at the market share of fingerprint technologies, according to a new report from ABI Research.

The analyst claimed in its Biometric Technologies and Applications report that the falling cost of iris recognition will spur uptake, while facial recognition continues to improve in accuracy thanks to advanced machine learning algorithms.

The latter has already seen significant increase in penetration thanks to Apple’s decision to incorporate it into the iPhone X, while Samsung offers iris recognition in the Galaxy S8 and S9, the analyst continued.

The Internet of Things is also driving an uptake in newer biometric systems: with card-free ATMs being developed by Samsung and Diebold Nixdorf, OEMs in the automotive sector including GM, Nissan and Volvo investing heavily and new government rules in APAC set to mandate biometrics in a range of sectors including banking and telecoms, ABI Research claimed.

However, this is far from the end for fingerprints, according to industry analyst Dimitrios Pavlakis.

“Even though fingerprint sensor ASPs have taken a significant hit over the last couple of years, total fingerprint sensor shipments for the entire consumer market is still estimated to reach 1.2 billion worldwide for 2018, thus ensuring its market dominance,” he claimed.

“However, from established markets such as banking and payments to emerging ones like automotive and future-looking ones including robotics, we expect to see an increase in multi-modal applications and a scenario where biometrics is a critical component of a user’s digital ID in the emerging IoT ecosystem.” 

Ryan Wilk, vice-president at NuData Security, said convenience, context and security are key to the biometric authentication market.

“One thing that does not change is human behavior; an identifier that cyber-criminals cannot mimic. By better understanding and contextualizing human behavior — not just their physical characteristics — companies can have a better understanding of who the human behind the device really is,” he added.

Categories: Cyber Risk News

Honda and UMG Hit by Privacy Leaks

Fri, 06/01/2018 - 08:51
Honda and UMG Hit by Privacy Leaks

Honda and Universal Music Group (UMG) have both been left red-faced this week after researchers revealed sensitive log-in details and customer data were exposed to the public internet via poor configuration of IT infrastructure.

The carmaker’s Indian business left two Amazon AWS S3 Buckets containing personal information on 50,000 Honda Connect App users publicly exposed, according to Kromtech.

They were left exposed despite the firm having been notified about the error by another security researcher back in February.

The leaked info apparently included names, phone numbers for users and their trusted contacts, passwords, gender, email addresses for users and trusted contacts, and information about their cars including VIN, Connect IDs, and more.

“In this particular case, the information leaked could potentially give an attacker access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone's car is currently located, where they went, where they typically drive, how they drive, and where they start and stop,” Kromtech explained.

“Considering how we use our cars, this could give that attacker knowledge of the user's daily activities, including where they live, work, shop, and play, making it very easy to stalk someone.”

Music giant UMG was also exposed this week after ‘expert’ AWS contractor Agilisium left two instances of Apache Airflow server completely unprotected.

The workflow orchestration tool is open by default and active steps need to be taken to secure related servers, according to Kromtech.

The privacy snafu exposed “UMG’s internal FTP credentials, AWS configuration details (secret access key and password), along with internal source code details (SQL passwords),” potentially giving anyone who discovered them full access to its AWS account and key databases.

Both Honda and UMG are said to have acted quickly to resolve the issues when contacted by the security vendor.

Categories: Cyber Risk News