Forget passwords and PIN codes — Pindrop wants to make our lives more secure with voice biometrics.
From VentureBeat Article:
Pindrop brings voice authentication to IoT devices, intelligent assistants, and connected cars
The Atlanta, Georgia-based company today announced Voice Identity Platform, a speech authentication solution for IoT, voice assistants, smart homes and offices, and connected cars.
Its platform-agnostic tech is akin to Google’s Voice Match in Google Assistant, which can differentiate among the unique voice signatures of up to 10 Google Home users, and Amazon’s voice profiles in Alexa.
Pindrop’s patented Pindrop Protect technology takes into account factors such as location, behavior, device type, audio, voice, and time of day to confirm identity. By scoring each voice interaction based on AI-driven anomaly detection and using voice printing to correlate matches with what Pindrop claims is one of the world’s largest audio databases of its kind, the company contends it is able to lower handle times by up to 60 seconds.
European Parliament regrettably missed an opportunity to establish mandatory security requirements for connected products such as smart watches, baby monitors or smart locks. This is the outcome of a vote in its industry (ITRE) committee.
PRESS STATEMENT – 10.07.2018
Consumers in Europe are exposed to a string of unsecure connected products. These range from hackable security cameras, door locks and heating thermostats in people’s homes, to the possibility for strangers to easily tap into connected toys and smart watches for children.
Consumer groups had urged the EU to ensure that the upcoming Cybersecurity Act would plug this gaping hole in EU legislation to finally protect the security of our lives and homes.
Yet, despite the immense threat to consumers and society as a whole because of unsecure connected products, the European Commission, Member States and (as of today) Parliament are content with only a voluntary scheme that will not appropriately protect consumers’ privacy, security or safety.
A cyber hacker, by the pseudonym Anarchy, claims to have made a botnet within 24 hours by utilizing an old vulnerability that has reportedly compromised 18, 000 routers of Chinese telecom goliath Huawei.
As indicated by a report in Bleeping Computer, this new botnet was first recognized in this current week by security researchers from a cyber-security organization called Newsky Security.
Following the news, other security firms including Rapid7 and Qihoo 360 Netlab affirmed the presence of the new danger as they saw an immense recent uptick in Huawei device scanning.
The botnet creator contacted NewSky security analyst and researcher Ankit Anubhav who believes that Anarchy may really be a notable danger who was already distinguished as Wicked.
The activity surge was because of outputs looking for devices that are vulnerable against CVE-2017-17215, a critical security imperfection which can be misused through port 37215. These outputs to discover the vulnerable routers against the issue had begun on 18 July.
Russian hackers have won remote access to the control rooms of many US power suppliers, the Wall Street Journal reports.
The access could have let them shut down networks and cause blackouts, US officials told the newspaper.
The state-backed hackers won access even though command centre computers were not directly linked to the web.
The attacks succeeded by targeting smaller firms which supply utilities with other services.
#IoT #cybersecurity must be a vital and integral part of every organization’s strategic plan.
According to a 2018 report from security company Symantec, the number of Internet of Things (IoT) attacks increased from about 6,000 in 2016 to more than 50,000 in 2017, which translates into a 600% rise in just one year. IoT devices are increasingly the attack vector of choice for cybercriminals around the world. IoT is particularly popular for ransomware attacks and illegal cryptocurrency miners.
According to Verizon’s Mobile Security Index 2018, only 14% of the responding organizations said they had implemented even the most basic cybersecurity practices, with an astonishing 32% of these IT professionals admitting that their organization sacrifices mobile security to improve business performance on a regular basis. That general lax attitude toward cybersecurity goes along way toward explaining why IoT attacks have spiked 600% in one year.
Research by Bain & Company ﬁnds that enterprise customers would be willing to buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might buy if their concerns remain unresolved (see Figure 2). In addition, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9 billion to $11 billion.
See Bain Brief:
Cybersecurity Is the Key to Unlocking Demand in the Internet of Things
See The Register Article:
VPNFilter router malware is a lot worse than everyone thought
Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly named by Cisco’s Talos Intelligence whose products are being exploited by the VPNFilter malware.
As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the firewall, and sports a “poison pill” to brick an infected network device if necessary.
From BBC Article: “Amazon and eBay are among retailers pulling a brand of cuddly smart toys from sale after warnings they pose a cyber-security threat.
Concerns were raised about CloudPets products in February 2017 after it was discovered that millions of owners’ voice recordings were being stored online unprotected.
Manufacturer Spiral Toys claimed to have taken “swift action”.
But subsequent research commissioned by Mozilla found other vulnerabilities.
The devices’ California-based maker has not responded to requests for comment.
One independent expert told the BBC it was “great to see retailers acting responsibly”, but added she wished they had done so sooner.
“It seems that refusing to sell products that threaten customers’ security and privacy is the only way to make designers and manufacturers of these products care about these risks,” said Angela Sasse, professor of human-centred technology at University College London.
BSI, the business improvement company, has today launched a new BSI KitemarkTMfor IoT Devices, the first of its kind in the internet of things (IoT) space. The BSI Kitemark has been developed in response to the growth of internet connected products, and is designed to help consumers confidently and easily identify the IoT devices they can trust to be safe, secure and functional.
In March 2018 the Government’s Secure by Design review announced a series of measures to make connected devices safer to use. The Kitemark builds on these guidelines by providing ongoing rigorous and independent assessments to make sure the device both functions and communicates as it should, and that it has the appropriate security controls in place. Manufacturers of internet connected devices will be able to reassure consumers by displaying the Kitemark on their product and in their marketing materials.
There are three different types of BSI Kitemark for IoT Devices, which will be awarded following assessment according to the device’s intended use: residential, for use in residential applications; commercial, for use in commercial applications; and enhanced, for use in residential or commercial high value and high risk applications.
The assessment process involves a series of tests that help ensure the device is fully compliant to the requirements. Before being awarded the Kitemark the manufacturer is assessed against ISO 9001, and the product is required to pass both an assessment of functionality and interoperability, as well as penetration testing scanning for vulnerabilities and security flaws. Once the BSI Kitemark is achieved the product will undergo regular monitoring and assessment including functional and interoperability testing, further penetration testing and an audit to review any necessary remedial action. Importantly, if security levels and product quality are not maintained the BSI Kitemark will be revoked until any flaws are rectified.
See full BSI press release here:
BSI launches Kitemark for Internet of Things devices
Article from The Register:
US pair’s private chat sent to coworker by AI bug
It’s time to break out your “Alexa, I Told You So” banners – because a Portland, Oregon, couple received a phone call from one of the husband’s employees earlier this month, telling them she had just received a recording of them talking privately in their home.
“Unplug your Alexa devices right now,” the staffer told the couple, who did not wish to be fully identified, “you’re being hacked.”
At first the couple thought it might be a hoax call. However, the employee – over a hundred miles away in Seattle – confirmed the leak by revealing the pair had just been talking about their hardwood floors.
The recording had been sent from the couple’s Alexa-powered Amazon Echo to the employee’s phone, who is in the husband’s contacts list, and she forwarded the audio to the wife, Danielle, who was amazed to hear herself talking about their floors. Suffice to say, this episode was unexpected. The couple had not instructed Alexa to spill a copy of their conversation to someone else.
For the full article see:
You know that silly fear about Alexa recording everything and leaking it online? It just happened