A warning about insecure connected devices available for sale, some cyber advice for manufacturers and take this quiz to find fake celebrities.
Welcome to Cyber Security Today. It’s Monday April 29th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
I’ve spoken before about the dangers of buying Internet-connected devices like security cameras, baby monitors and smart doorbells with weak security. Well, security researcher Paul Marraese has discovered hundreds of brands of devices with a software bug from a Chinese company that can allow hackers to hijack devices and spy on their owners. It seems millions of the devices are in use now around the world. The flaw is in the software that allow users to connect to their devices with a mobile app as soon as they come online. Users either scan a barcode or enter the six-digit ID stamped onto the device and software automatically does the rest. Marraese said he’s discovered a way software could be hacked. He has tried and failed to get hold of the manufacturer. There’s a link to his blog post here. Check it to see if your devices are affected. And if you are shopping for a smart device, make sure it’s made by a reputable manufacturer that you can rely to issue security patches.
You may not think manufacturing companies have valuable data to steal, but you’re wrong. At a cyber security conference last week for Canadian manufacturers, I learned there’s lots they have worth targeting. For one thing, an increasing number of products for cars, aircraft, power stations, water utilities and the like have software. They can be hacked. And manufacturers — especially small ones — may be an easy way for hackers to infiltrate big companies. So here’s the advice I came away with: If you are a manufacturer you need to pay more attention to cyber security. Pay close attention to firms you buy services from: Do they have remote access to your systems? Do you have tight access control? Try to work with other companies in your sector to share best practices and threat information. And don’t forget that information security technology is a tool. You also need proper business process allowing or forbidding staff from doing certain things.
I wrote two stories from this conference: One is from a senior official of the Canadian Cyber Security Centre, and the other advice from experts on combating third party risks.
Finally, hackers find all sorts of ways to trick you. One of them is by creating fake social media pages of celebrities. Security vendor ZeroFox has created an online quiz to help you learn how to spot clues that distinguish between a fake Facebook or Instagram page and a real one. If you go to www.zerofox.com, look under Resources and go to the company blog, you’ll find the quiz.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon