Thursday, August 28, 2014

A switch is not enough to turn off threats

Would you kill your phone? No, it's not a set phrase. We are not referring to those moments when it gets stuck just when you need it, or those times when it dials your mother by itself. The question is if you would leave your cellphone useless for ever and ever.

You may think we make a slightly odd questions, right? Why would you immolate your phone? Maybe because someone stole it and there is plenty of private information or even compromising data stored on it? Or simply because you do not want the thief using it or selling it? Lawmakers in California (USA) believe they have come up with an effective measure to reduce the number of stolen phones, which has become a serious problem in its streets. The law will require phone manufacturers to implement a default "kill switch" on all of them by next July. This system must be able to remotely lock the device and wipe all its data. It is expected that the switch arrives to all the cellphones worldwide once manufacturers abide the California standard.

But the recently passed law raises concerns among some civil liberties groups like the Electronic Frontier Foundation, which fear such kill switch being abused by law enforcement, attackers who want to prevent their victims to seek help or even by hackers.

Indeed sooner or later hackers usually find a way to compromise any system, even when it comes to overcome the strong layers of security one of the largest banks in the world, JPMorgan Chase. According to Bloomberg, in mid-August it took place an attack against the U.S. financial system, presumably from Russia in response to the sanctions imposed on that country due to the Ukraine’s case. Chase lost gigabytes of sensitive information as a result of the attack and at least one other financial institution fell against the hackers. The sophistication of this attack leads to think that was sponsored by a state or a powerful adversary.

However, large organizations are used to be hit by such attacks almost daily so they have erected defenses, which repel them in the vast majority of cases. But still, we live in a world in which 160,000 malicious pieces of software sprout every day, of which nearly 6 in 10 are Trojans, according to PandaLabs report for the Q2 2014. Therefore staying protected is a tough task for a common user. In fact, in Spain, 37.67% of devices are infected.

Moreover software vulnerabilities, lack of updating, bad computer and networks configurations, poor passwords and many other security aspects neglected by a lot of users and organizations could bring unpleasant surprises. In this regard, The U.S. Department of Commerce Office of Inspector General has urged the National Oceanic and Atmospheric Administration to immediately fix many of the 23,868 of high-risk vulnerabilities instances detected in its ground system used to collect and distribute information from numerous meteorological satellites.

Unfortunately, no one warns small businesses of the risks of managing their own website. Most of them don’t worry about their site’s security believing that they are too small to turn out interesting for cybercriminals. Perhaps they are not even aware that the Wordpress platform on which their web is based is highly vulnerable if they do not updated it in regular basis. In fact, a domain and a hosting like theirs can be very useful to malicious actors in order to conduct phishing campaigns, host malware or add it to a botnet to carry out DDoS attacks.

Perhaps it will exist a "kill switch" for websites someday. Meanwhile you better stay well informed. To do so, follow us through our social channels (find links at the right sidebar) or here on our blog.


Post a Comment