The ascension of man over fridge

Comments I’ve seen indicate that many are concerned about the advent of IoT. Specifically, misgivings are about the security and privacy of data. Historically, the information technology sector has not had a good track record with security and privacy, and people are worried that more connected devices will only exacerbate the situation.
Continue reading

Dridex elicits same old tired advice

This week saw a resurgence of the Dridex malware. There is little novel or outstanding about the malware – it infects PCs through a Microsoft Office document which victims are encouraged to open in order to trigger a malicious macro. Once installed, the malware harvests data when the victim conducts online banking. Normal stuff. Reports say £20 million has been stolen.
Continue reading

The future shape of IoT

ThingBook5

Three core components make up the IoT ecosystem: Things, People and Events. A simple example is a smart thermostat (Thing), operated by the home owner (People), which activates home heating when the temperature drops below a certain point (Event). IoT is essentially about the interaction and relationships between, and within, these three core components.
Continue reading

IoT’s PII tsunami

Thelma Arnold, a 62-year old widow living in Lilburn Georgia with her beloved dog Dudley, was quietly minding her own business. Dudley had an incontinent problem and consequently peed on everything. In 2006 Mrs Arnold was suddenly thrust into the spotlight. An employee at her ISP thought it would benefit academic researchers if he published the anonymised 3-month search histories of more than half a million of their customers. Little did the over-zealous employee realise, but individuals can be identified from snippets of anonymous information, such as their search history. A reporter examined the published search history of person #4417749, and through the search items was able to identify Mrs Arnold and track her down.
Continue reading

IoT inference attacks from a whole lotta talkin’ going on

It was late at night in Arlington county on 16th January 1991. An unusual number of lights were on in the offices of the Pentagon. The employee car park was much fuller than normal. Another telling indication a keen observer would have noticed was the frequency of late-night pizza deliveries to the building. This seemingly innocuous information indicated something big was up at US Defence HQ. It was of course, the start of Operation Desert Storm. One local pizza outlet reported deliveries to the Pentagon up 600% that night. Seemingly innocuous data can lead an acute observer to infer meaningful information and conclude that a military offensive was imminent.
Continue reading

Hacking for asymmetry in military capabilities

After completing school, like all fellow countrymen my age, I was conscripted into the South African army. While coerced into military servitude my time was split between being trained in infantry combat and working on the Defence HQ computer system. This was a world of punch cards and mainframes, before the invention of the PC. In those days, the only hacking we knew was how to use a 10 cent diode to get free calls on a payphone. While the army taught me about bits and bytes, my colleagues made a conventional force ground incursion deep into Angolan territory. Once there, they discovered to their chagrin, an important asymmetry between the enemy’s Cuban-piloted MIG fighters and our own French-built Mirage jets. Without vital supremacy in the air, our ground troops were in some danger.
Continue reading

Securing the “God Platform” in IoT

Forbes magazine coined the term “god platform”. At the nucleus of IoT is a Command Centre that provides the user interface, data storage and sharing junction. The million dollar question is how to secure the “god platform” and the IoT ecosystem.
Continue reading

I am Shrödinger’s cat

I live in Austria with my owner Shrödi – Mr Shrödinger as everyone else calls him – and he is a really cool guy. He talks about me quite a bit. Shrödi told me that I will become famous as he has even had a chat with Einstein about me. Yes, that Einstein – Albert – my owner Shrödi is mates with Albert.
Continue reading

Everything glitters for IoT gold

Aspects of the California gold rush of 1849, and the oil rush in Pennsylvania ten years later followed by similar events at Spindletop, Texas in 1901, are being repeated today as large companies rush to stake their claim in the rapidly emerging IoT world. Recognising the hugely lucrative potential of IoT, the largest information technology companies in the world are rapidly developing and acquiring technology in order to own a piece of the landscape.
Continue reading

Don’t mess with encryption, Mr Cameron

After a spectacular election win for the Conservative Party, there is now concern that UK authorities will tamper with encryption. Back in January, on a visit to the US, David Cameron indicated his strong desire for intelligence agencies such as GCHQ, to have the capability to eavesdrop on encrypted communications.
Continue reading