•   
  •   
  •   

Technology IoT devices need security standards built in, UL says

15:30  06 december  2019
15:30  06 december  2019 Source:   cnet.com

Smart home devices are being hit with more cyberattacks than ever

  Smart home devices are being hit with more cyberattacks than ever After setting up honeypots to lure cybercriminals, Kaspersky has learned more about where IoT attacks originate and how many devices have become part of botnets.This figure is seven times higher that the number found in H1 2018 when only around 12m attacks originating from 69,000 IP addresses were detected.

UL said that it's working with IoT makers and that the standards are still in the early stages. It expects to be able to make more announcements in the first UL doesn't expect to see changes overnight for IoT security , either. The hope is that as the UL security ratings gain traction, people will be more

Internet of Things -connected devices are indisputably changing how we work and live. IoT devices are connected to the Internet and can be installed in cars, oil rigs, retail merchandise and other items to gather critical data. The data gathered from these devices can serve myriad purposes.

When you buy a new lightbulb, you know that it's energy efficient and will last for a while because of an Energy Star label on the package. But when you buy an internet-connected lightbulb, there's almost no way of telling if it's secure from hackers.

a close up of a screen: There's currently no security standards for the millions of Internet-of-Things devices out on the market. James Martin/CNET© Provided by CBS Interactive Inc. There's currently no security standards for the millions of Internet-of-Things devices out on the market. James Martin/CNET

Underwriters Laboratories, the electronics safety organization, is looking to fix that by introducing security ratings for internet-of-things devices. UL is known for its safety standards certifications for products, ensuring, for instance, that the charger you bought online isn't a counterfeit that'll set your house on fire.

Google's USB-C Titan hardware security key works on Android phones too

  Google's USB-C Titan hardware security key works on Android phones too The key is designed to keep attackers at bay, even if they have your username and password.Hardware security keys are catching on with services from Microsoft, Google, Facebook, Twitter, GitHub and Dropbox to make it harder for attackers to gain access to your account. To use them, you typically have to insert one into a USB port after entering your password. That stops attackers who might have your username and password through a security breach. And it's a step toward dumping passwords altogether, when used in combination with biometric systems like fingerprint and face identification.

IoT involves extending internet connectivity beyond standard devices , such as desktops, laptops IoT device security . The interconnection of traditionally dumb devices raises a number of questions A little more conservative, IHS Markit said the number of connected devices will be 75.4 billion in

Overviews of protocols involved in Internet of Things devices and applications. Help clarify with IoT layer technology stack graphics and head-to-head comparisons. The Internet of Things covers a huge range of industries and use cases that scale from a single constrained device up to massive

Now UL wants to set the security standard for cybersecurity threats -- a notorious issue for IoT devices.

"These days, when you look at products, they have been moving from an analog function to a digital function," said Andrew Jamieson, UL's director of security and technology. "From that context, the security of the software directly affects the safety of the product, so we have to really start thinking about that."

There is no unified standard for connected gadgets, which means that the smart TV you buy could be a hacking concern waiting to get plugged in. Unless you researched all your connected gadgets yourself, there'd be no way of knowing without a standard.

Samsung announces more powerful Exynos processor without built-in 5G

  Samsung announces more powerful Exynos processor without built-in 5G The 7nm Exynos 990 will go into production by the end of the yearWhile it seems strange to see two processors announced in such quick succession, the Exynos 990 seems to be targeted at a slightly different market. VentureBeat notes that it lacks the integrated 5G modem found in the 980, meaning it will be better suited to 4G devices. It’s the faster processor of the two, but Samsung would need to pair it with a separate modem — like the 5G Exynos Modem 5123 that it also announced today — if it wants to use it in a 5G device.

Internet -connected speakers — and in turn, IoT devices — may be exposing information that can be used by attackers in malicious schemes. With all the information fed to internet -connected devices , it is considerably difficult for users to know if these are protected properly by the built - in security that

UL watching IoT developments. Underwriters Laboratories ( UL ), the more-than-century-old industrial In interviews with SearchHealthIT, Anura Fernando, UL 's principal engineer for medical software and The agency's policy essentially says that the devices are low risk and do not need FDA approval

Connected devices are expected to sell up to 20.4 billion units by 2020, and without security standards, it leaves massive potential for hackers to take over devices and use them for cyberattacks. In 2016, hackers took advantage of exposed cameras and DVRs to launch one of the largest cyberattacks ever, causing widespread internet outages.

There's currently no security standards for the millions of Internet-of-Things devices out on the market. © CNET

There's currently no security standards for the millions of Internet-of-Things devices out on the market.

A 2018 Worldwide Threat Assessment from Robert Ashley, director of the US Defense Intelligence Agency, warned that weak security on IoT devices posed one of the "most important emerging cyberthreats" to national security.

Lawmakers have proposed legislation to improve IoT security, and experts have suggested security labels like what UL plans to roll out.

The security standards come in five tiers: diamond, platinum, gold, silver and bronze.

Netflix is ending support for old devices from Samsung, Roku, and Vizio in December

  Netflix is ending support for old devices from Samsung, Roku, and Vizio in December Everyone needs a set-top box eventuallySamsung says the move will affect its 2010 and 2011 range of TVs, while Cord Cutters News reports Vizio TVs that are four years old or older will lose support. BBC News reports that affected Roku players include the Roku 2050X, Roku 2100X, Roku 2000C, Roku HD Player, Roku SD Player, Roku XR Player and Roku XD Player.

The Internet of Things ( IoT ) is a system of interrelated computing devices , mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs)

IoT protocols and standards transfer data between IoT devices ✓ They are means of communication between connected objects and LAN (Local Area Network) — a network covering the area of one building . Most Popular Internet of Things Protocols, Standards and Communication Technologies.

UL's security ratings for IoT devices will have five tiers. UL© Provided by CNET UL's security ratings for IoT devices will have five tiers. UL

They are given based on seven requirements: software updates, data and cryptography, logical security, system management, customer identifiable data, protocol security, and process and documentation.

Each requirement has its own checklist of security practices. For example, to get the bare minimum verification under data and cryptography, your device can't have default passwords. To get the diamond verification, your device would need to be protected from brute-force attacks -- when hackers spam password attempts until the correct one is chosen.

UL laid out its standards and requirements in a whitepaper it published in June.

Jamieson noted that only a small percentage of available IoT products would meet that diamond standard and that many connected devices currently on the market might not even meet UL's minimum standards. It's not a reflection of UL's strict requirements, but rather how poor the security is on the majority of IoT devices.

"The commercial pressures have not allowed for people to differentiate in security," Jamieson said. "That's resulted in security not being built in, even at the lowest level."

Don't expect to see this on products immediately. UL said that it's working with IoT makers and that the standards are still in the early stages. It expects to be able to make more announcements in the first quarter of 2020.

UL doesn't expect to see changes overnight for IoT security, either. The hope is that as the UL security ratings gain traction, people will be more likely to buy the secured products and push IoT makers to focus more on improving security.

"If people come up and see two TVs, and one is $100 more expensive, but it has the security rating, we're hoping people will decide on the more secure systems," Jamieson said. "It's about finding a way to incentivize companies to build security in."

Your iPhone now serves as a Google security key .
You no longer need Android to use your phone as a Google security key. Google has updated Smart Lock for iOS to let you use your device's "built-in security key" -- that is, the Secure Enclave built into every iOS device with Touch ID or Face ID. From then on, you'll just need your iPhone or iPad nearby (plus your usual password) for two-factor authentication when you sign into Google on a desktop using Chrome. It uses a Bluetooth connection to ensure that it's really you and not some distant intruder.This won't help you authenticate non-Google accounts, of course, and it could be a pain if you're the sort who upgrades devices frequently.

—   Share news in the SOC. Networks

Topical videos:

usr: 2
This is interesting!