fbpx

IC Realtime introduces video search engine technology that will augment surveillance systems using analytics, natural language processing, and machine vision.

LAS VEGAS--()--PEPCOM at CES 2018 – IC Realtime, a leader in digital surveillance and security technology announces today the introduction of Ella, a new cloud-based deep-learning search engine that augments surveillance systems with natural language search capabilities across recorded video footage.

#helloella - @ICRealtime introduces Ella, a deep learning engine for #surveillance systems at #CES2018

Ella uses both algorithmic and deep learning tools to give any surveillance or security camera the ability to recognize objects, colors, people, vehicles, animals and more. Ella was designed with the technology backbone of Camio, a startup founded by ex-Googlers who realized there could be a way to apply search to streaming video feeds. Ella makes every nanosecond of video searchable instantly, letting users type in queries like “white truck” to find every relevant clip instead of searching through hours of footage. Ella quite simply creates a Google for video.

“The idea was born from a simple question: if we can search the entire internet in under a second, why can’t we do the same with video feeds,” said Carter Maslan, CEO of Camio. “IC Realtime is the perfect partner to bring this advanced video search capability to the global surveillance and security market because of their knowledge and experience with the needs of users in this space. Ella is the result of our partnership in fine-tuning the service for security applications.”

The average surveillance camera sees less than two minutes of interesting video each day despite streaming and recording 24/7. On top of that, traditional systems only allow the user to search for events by date, time, and camera type and to return very broad results that still require sifting, often taking hours of time.

Ella instead does the work for users to highlight the interesting events and to enable fast searches of their surveillance & security footage for the events they want to see and share. From the moment Ella comes online and is connected, it begins learning and tagging objects the cameras sees. The deep learning engine lives in the cloud and comes preloaded with recognition of thousands of objects like makes and models of cars; within the first minute of being online, users can start to search their footage.

Hardware agnostic, Ella also solves the issue of limited bandwidth for any HD streaming camera or NVR. Rather than push every second of recorded video to the cloud, Ella features interest-based video compression. Based on machine learning algorithms that recognize patterns of motion in each camera scene to recognize what is interesting within each scene, Ella will only record in HD when it recognizes something important. By learning from what the system sees, Ella can reduce false positives by understanding that a tree swaying in the wind is not notable while the arrival a delivery truck might be. Even the uninteresting events are still stored in a low-resolution time-lapse format, so they provide 24x7 continuous security coverage without using up valuable bandwidth.

“The video search capabilities delivered by Ella haven't been feasible in the security and surveillance industry before today,” said Matt Sailor, CEO for IC Realtime. “This new solution brings intelligence and analytics to security cameras around the world; Ella is a hardware agnostic approach to cloud-based analytics that instantly moves any connected surveillance system into the future.”

Ella works with both existing DIY and professionally installed surveillance and security cameras and is comprised of an on-premise video gateway device and the cloud platform subscription. Ella subscription pricing starts at $6.99 per month and increases with storage and analysis features needed for the particular scope of each project. To learn more about Ella, visit www.smartella.com.

For more information about IC Realtime please visit http://www.icrealtime.com.

For more information on Camio please visit https://camio.com.

About IC Realtime

Established in 2006, IC Realtime is a leading digital surveillance manufacturer serving the residential, commercial government, and military security markets. With an expansive product portfolio of surveillance solutions, IC Realtime innovates, distributes, and supports global video technology. Through a partnership with technology platform Camio, ICR created Ella, a cloud-based deep learning solution that augments surveillance cameras with natural language search capabilities. IC Realtime is revolutionizing video search functionality for the entire industry. IC Realtime is part of parent company IC Real Tech, formed in 2014 with headquarters in the US and Europe. Learn more at http://icrealtime.com

Connect with IC Realtime on Facebook at www.facebook.com/icrealtimeus or on Twitter at www.twitter.com/icrealtime.

Contacts

Caster Communications
Peter Girard
This email address is being protected from spambots. You need JavaScript enabled to view it.

Source: This article was published businesswire.com

Categorized in News & Politics

IOT IS COMING and a lot of IT execs are scared silly. Or maybe it’s more accurate to say they are resigned to their fates.

In a May study of 553 IT decision makers, 78% said they thought it was at least somewhat likely that their businesses would suffer data loss or theft enabled by IoT devices. Some 72% said the speed at which IoT is advancing makes it harder to keep up with evolving security requirements.

Such fears are rooted in reality. Last October, hackers took down the company that controls much of the Internet’s domain name system infrastructure using some 100,000 “malicious endpoints” from IoT devices. More recently, the WannaCry ransomware attack crippled some Bank of China ATM networks and washing machine networks. For naysayers, those attacks validated fears that hackers could cause mayhem by commandeering our IoT devices.

At the same time, the IoT industry continues its steady growth path. Gartner predicts that by 2020 there will be some 21 billion IoT devices in existence, up from 5 billion in 2015. About 8 billion of those devices will be industrial, not consumer devices. Both present a juicy target for hackers.

For some, it seems like IoT is a slow-motion wreck playing out in real time. “The reason that the industry hasn’t backed off is the value proposition is very powerful,” said Chris Moyer, CTO, and VP-cybersecurity at DXC. “The risk proposition is also very powerful and that’s where the balancing is going on.”

Regardless of the industry’s appetite, IoT isn’t likely to get a scale until the industry addresses its security issue. That will take a cooperation among vendors, government intervention, and standardization. In 2017, none of those things appear to be on the horizon.

What’s wrong with IoT security

The consensus is that IoT is still under-secured and presents possibly catastrophic security risks as companies trust IoT devices for business, operational and safety decisions.  Existing standards are not in place and vendors keep struggling to embed the right level of intelligence and management into products.  Add the increasing collaboration among attackers and then it creates a need to address these challenges across a set of dimensions.

Consider what we face with the security of IoT devices;

  • Unlike PCs or smartphones, IoT devices are generally short on processing power and memory. That means that they lack robust security solutions and encryption protocols that would protect them from threats.
  • Because such devices are connected to the Internet, they will encounter threats daily. And search engines for IoT devices exist that offer hackers an entrée into webcams, routers and security systems.
  • Security was never contemplated in the design or development stages for many of these Internet-connected devices.
  • It’s not just the devices themselves that lack security capability; many of the networks and protocols that connect them don’t have a robust end-to-end encryption mechanism.
  • Many IoT devices require manual intervention to be upgraded while others can’t be upgraded at all. “Some of these devices were built very rapidly with limited design thinking beyond Iteration 1 and they’re not update-able,” said Moyer.
  • IoT devices are a “weak link” that allows hackers to infiltrate an IT system. This is especially true if the devices are linked to the overall network.
  • Many IoT devices have default passwords that hackers can look up online. The Mirai distributed denial of services attack was possible because of this very fact.
  • The devices may have “backdoors” that provide openings for hackers.
  • The cost of security for a device may negate its financial value. “When you have a 2-cent component, when you put a dollar’s worth of security on top of it, you’ve just broken the business model,” said Beau Woods, an IoT security expert.
  • The devices also produce a huge amount of data. “It’s not just 21 billion devices you have to work with,” said Kieran McCorry, director of technology programs at DXC. “It’s all the data generated from 21 billion devices. There are huge amounts of data that are almost orders of magnitude more than the number of devices that are out there producing that data. It’s a massive data-crunching problem.”

Taking such shortcomings into account, businesses can protect themselves to a certain extent by following best practices for IoT security. But if compliance isn’t 100% (which it won’t be) then, inevitably, attacks will occur and the industry will lose faith in IoT. That’s why security standards are imperative.

Who will set the standards?

Various government agencies already regulate some IoT devices. For instance, the FAA regulates drones and the National Highway Traffic Safety Administration regulates autonomous vehicles. The Department of Homeland Security is getting involved with IoT-based smart cities initiatives. The FDA also has oversight of IoT medical devices.

At the moment though, no government agency oversees the IoT used in smart factories or consumer-focused IoT devices for smart homes. In 2015, the Federal Trade Commission issued a report on IoT that included advice on best practices. In early 2017, the FTC also issued a “challenge” to the public to create a “tool that would address security vulnerabilities caused by out-of-date software in IoT devices” and offered a $25,000 prize for the winner.

Moyer said that while the government will regulate some aspects of IoT, he believes that only the industry can create a standard. He envisions two pathways to such a standard: Either buyer will push for one and refuse to purchase items that don’t support a standard or a dominant player or two will set a de facto standard with its market dominance. “I don’t think it’s going to happen that way,” Moyer said, noting that no such player exists.

Instead of one or two standards, the industry has several right now and none appears to be edging toward dominance. Those include vendor-based standards and ones put forth by the IoT Security Foundation, the IEEE, the Trusted Computing Group, the IoT World Alliance and the Industrial Internet Consortium Security Working Group. All of those bodies are working on standards, protocols and best practices for security IoT environments.

Ultimately what will change the market is buyers, who will begin demanding standards, Moyer said. “Standards get set for lots of reasons,” Moyer said. “Some are regulatory but a lot is because buyers say it’s important to me.”

Lacking standards, Woods sees several paths to improve IoT security. One is transparency in business models. “If you’re buying 1,000 fleet vehicles, one might be able to do over-the-air updates and the other we’d have to replace manually and it would take seven months,” Woods said. “It’s a different risk calculus.”

Another solution is to require manufacturers to assume liability for their devices. Woods said that’s currently the case for hardware devices, but it is often unclear who assumes liability for software malfunctions.

AI to the rescue?

A wildcard in this scenario is artificial intelligence. Proponents argue that machine learning can spot general usage patterns and alert the system when abnormalities occur. Bitdefender, for instance, looks at cloud server data from all endpoints and uses machine learning to identify abnormal or malicious behavior. Just as a credit card’s system might flag a $1,000 splurge in a foreign country as suspicious, a ML system might identify unusual behavior from a sensor or smart device. Because IoT devices are limited in function, it should be relatively easy to spot such abnormalities.

Since the use of machine learning for security is still new, defenders of this approach advocate using a security system that includes human intervention.

The real solution: A combination of everything

While AI may play a bigger role in IoT security than initially thought, a comprehensive IoT solution will include a bit of everything, including government regulation, standards, and AI.

The industry is capable of creating such a solution, but the catch is that it needs to do it on a very accelerated timetable. At the moment, in the race between IoT security and IoT adoption, the latter is winning.

So what can companies do now to latch on to IoT without making security compromises? Moyer had a few suggestions:

  1. Take an integration approach. This is a case where more is better. Moyer said that companies using IoT should integrate management solutions and bring the IoT platform in for primary connectivity and data movement and pull that data into an analytics environment that’s more sophisticated and lets them do a behavioral analysis, which can be automated. “By integrating those components, you can be more confident that what you’ve got from a feed in an IoT environment is more statistically valid,” he said.
  2. Pick the right IoT devices. Those are devices that have a super-strong ecosystem and a set of partners that are being open about how they’re sharing information.
  3. Use IoT Gateways and Edge Devices. To mitigate against an overall lack of security, many companies are using IoT gateways and edge devices to segregate and provide layers of protection between insecure devices and the Internet.
  4. Get involved in creating standards. On a macro level, the best thing you can do to ensure IoT security over the long run is to get involved in setting standards both in your particular industry and in tech as a whole.

This article was produced by WIRED Brand Lab for DXC Technology.

Categorized in Internet of Things

Rather than becoming ubiquitous in homes as expected, the Internet of Things (IoT) has become the butt of jokes, in part because of major security and privacy issues. UK mobile chip designer ARM -- which created the architecture used by Qualcomm, Samsung and others -- has a lot to lose if it doesn't take off. As such, it has unveiled a new security framework called Platform Security Architecture (PSA) that will help designers build security directly into device firmware.

ARM notes that "many of the biggest names in the industry" have signed on to support PSA (sorry ARM, that's a bad acronym). That includes Google Cloud Platform, Sprint, Softbank, which owns ARM, and Cisco. (A complete list is shown in the image below.)

The main component of it is an open-source reference "Firmware-M" that the company will unveil for Armv8-M systems in early 2018. ARM said that PSA also gives hardware, software and cloud platform designers IoT threat models, security analyses, and hardware and firmware architecture specifications, based on a "best practice approach" for consumer devices.

Despite Intel's best efforts, ARM is far and away the most prevalent architecture used in connected homes for security devices, light bulbs, appliances and more. ARM says that over 100 billion IoT devices using its designs have shipped, and expects another 100 billion by 2021. Improving the notoriously bad security of such devices is a good start, but it also behooves manufacturers to create compelling devices, not pointless ones.

Source: This article was published engadget.com By Steve Dent

Categorized in Internet of Things

Check out these four tips to make the most of DuckDuckGo’s privacy and security features | Shutterstock


DuckDuckGo is a fantastic search engine if you’re fed up with the spying eyes of Google and other search providers. The service vows to never collect information about you and certainly never sell your searches to advertisers.

While that’s enticing in itself, there are features within DuckDuckGo you can take advantage of to enhance your privacy and security even more. The search engine is highly customizable, so that puts the control in good hands: your own. Make the most of DuckDuckGo with these useful tips to boost your privacy online and intensify your security.

1. Turn on WOT Icons

Enabling WOT icons in your search results means you’ll be able to stay away from potentially dangerous websites. WOT stands for Web of Trust, which is a service that analyzes the possible security threats from each website. A green circle means it’s in the clear (safe), yellow means take caution before visiting the website and red means avoid at all cost.

duckduckgo-privacy-security-wot-cloud-redirect-directions-6

Since DuckDuckGo has this functionality built in, you can turn this on from the Advanced Settings. Click the Menu icon at the top right of the DuckDuckGo homepage and choose Advanced Settings. Click the Appearance tab, then scroll all the way down to find the WOT Icons option. Click Off to then turn it on and be sure to click Save and Exit to apply the changes.

duckduckgo-privacy-security-wot-cloud-redirect-directions-5

Tip: All tips in this article will require you to first click the Menu icon and choose Advanced Settings so keep that in mind for later.

2. Ditch Google Maps

If you’re particularly anti-Google and don’t want any aspect of your online life tracked, then you probably don’t want DuckDuckGo using Google Maps to find you directions. Depending on your current settings, however, this might be the case.

duckduckgo-privacy-security-wot-cloud-redirect-directions-2

To ensure that DuckDuckGo uses a different provider for directions, head into your DuckDuckGo Advanced Settings to pick something different. Under the General tab, scroll to find Directions Source.

duckduckgo-privacy-security-wot-cloud-redirect-directions-1

Then pick your preference: either Bing Maps, Google Maps, HERE Maps or OpenStreetMap. Apple Maps is also available if you’re using a Mac.

3. Prevent Websites from Knowing How You Got There

DuckDuckGo has a nifty little feature called Redirect. With Redirect enabled, websites won’t be able to track which search term you used to land on the page. This is because when you click a link, DuckDuckGo temporarily redirects to a subdomain before bringing you to the website. (You won’t even notice.)

duckduckgo-privacy-security-wot-cloud-redirect-directions-3

Note: While this prevents the websites from gathering information about your search, it can still gather your information just from the browser itself. Check out our guides for enabling Do Not Track in Google Chrome and Internet Explorer to stop this snooping activity as well.

Head to the Advanced Settings on DuckDuckGo, click the Privacy tab then click to ensure that Redirect is on to enable this feature. Click Save and Exit to apply.

4. Anonymous Cloud Save

Since DuckDuckGo doesn’t collect information about you, that means it can’t always recognize that it’s you performing your search. However, if you’re one to tweak with settings (like the ones above) or the theme, you might want to keep these settings in sync across multiple devices. That way you don’t have to go back and make the changes every time.

duckduckgo-privacy-security-wot-cloud-redirect-directions-8

DuckDuckGo’s Cloud Save feature is completely anonymous, so it still won’t collect information about you. When you have all your settings lined up that you want to sync, just click Save Settings under Cloud Save in the Advanced Settings. This will prompt you to Enter a pass phrase that you’ll need to remember for the future to restore your data later. Click Save and you’re all set.

duckduckgo-privacy-security-wot-cloud-redirect-directions-7

Now, when you want to restore your DuckDuckGo preferences, you can do so in the same spot: click Load Settings under Advanced Settings and enter in that pass phrase.

Source: This article was published on guidingtech.com By 

Categorized in Search Engine

Think your password is secure? You may need to think again. People's perceptions of password strength may not always match reality, according to a recent study by CyLab, Carnegie Mellon's Security and Privacy Institute.

For example,  expected ieatkale88 to be roughly as secure as iloveyou88; one said "both are a combination of dictionary words and are appended by numbers." However, when researchers used a model to predict the number of guesses an attacker would need to crack each password, ieatkale88 would require four billion times more guesses to crack because the string "iloveyou" is one of the most common in passwords.

"Although participants generally had a good understanding on what makes passwords stronger or weaker, they also had some critical misunderstandings of how passwords are attacked and assumed incorrectly that their passwords need to withstand only a small number of guesses," said Blase Ur, the study's lead author and a Ph.D. student studying societal computing in Carnegie Mellon's School of Computer Science.

Participants, on average, also believed any password with numbers and symbols was a strong password, which is not always true. For example, [email protected] was thought to be more secure than pAsswOrd, but the researchers' attacker model predicted that it would take 4,000 times more guesses to crack pAsswOrd than [email protected] In modern day password-cracking tools, replacing letters with numbers or symbols is predictable.

"In order to help guide users to make stronger passwords, it is important for us to understand their perceptions and misperceptions so we know where interventions are needed," said Lujo Bauer, a co-author on the study and a professor in Carnegie Mellon's Department of Electrical and Computer Engineering and Institute for Software Research.

The CyLab researchers' study was presented and awarded an honorable mention at this week's Association for Computing Machinery (ACM) Conference on Human Factors in Computing Systems in San Jose, California.

The team of researchers, based in the CyLab Usable Privacy and Security (CUPS) Lab, asked 165 online participants—51% male, 49% female from 33 U.S. states ranging from 18 to 66 years of age—to rate the comparative security and memorability of 25 carefully juxtaposed password pairs. In addition, participants were asked to articulate how they would expect attackers to try to guess their passwords.

"As companies are designing tools that help people make passwords, they should not only be giving users real-time feedback on the strength of their , but also be providing data-driven feedback on how to make them stronger," Ur said.

The team will incorporate these findings into an open-source password feedback tool, which they aim to release before the end of the year.

Other authors of the study included Research Assistant Sean Segreti, Institute for Software Research and Engineering and Public Policy professor Lorrie Cranor, Electrical and Computer Engineering Assistant Research Professor Nicolas Christin and Penn State undergraduate engineering student Jonathan Bees.

Test your perceptions of password security through an online passwords quiz, produced by Nature

Source : This article was published in techxplore.com By Daniel Tkacik

Categorized in Internet Privacy

How much damage can a ‘smart’ toaster do? Lots, and not just burning your bread.

In the beginning, devices on the internet were fun. My favorite was the Carnegie-Mellon’s Computer Science Department Coke Machine. Starting in the 1970s, you could “ping” it to see if it had sodas ready and if they were cold yet. It was good, silly fun. Now everything except the cat* is hooked to the internet, and that’s not so funny at all.

Oh, sure, some internet of things (IoT) devices are enjoyable and useful. I have an Amazon Echo in my bedroom and a Google Home in my kitchen. I use them every day. But I’m aware of their privacy problems. You should be too.

For example, both devices are always listening to you. And when I say “always,” I mean every single second of every single day. In theory, they’re both just waiting for their activation phrases, “Alexa” and “OK Google,” respectively. In practice, that means they’re listening to you constantly.

I’m not too worried about this. Unlike with Windows 10 Cortana, you can tell these devices to stop listening. Of course, they’ll be a lot less useful that way, but at least you have the option.

No, what really concerns me about the IoT aren’t the new devices that are explicitly connected to cloud services, it’s the ordinary gadgets that are now listening in.

Take, for example, my Vizio M50-C1 50-inch 4K ultra-HD smart LED TV. It’s a fine TV, but until recently it was tracking my viewing habits and sharing this information with advertisers. Vizio wasn’t the only TV company guilty of snooping. LG and Samsung have peeked into your viewing habits too.

Even devices such as “smart” toasters — yes there is such a thing — can tell their vendors what time you make toast in the morning. Or, more seriously, a hacker camping in your internet connection can track your toasting habits to figure out when you’re not at home.

You see, IoT devices tend not to have any security to speak of. Heck, even IoT security systems have been shown to be as secure as a lock made out of rubber bands.

Leaving aside how much damage home IoT devices can do for their owners, IoT gadgets are becoming the agents of choice for massive distributed denial-of-service (DDoS) attacks. Who knew your DVR could help wreck a business over the internet? Hackers knew, that’s who!

If that weren’t bad enough, IoT firmware tends not to be updated at all. Once someone finds a security hole — and it can be as brainless as a single administrative password for all devices — it’s open forever.

Let’s say your gadget can be updated. IoT devices tend to be patched automatically by the maker. Do you really want to try to get a drink of cold water from your refrigerator only to be greeted by a “Update 32% complete” message? I don’t think so!

I love gadgets. I really do. But when it comes to the IoT, I prefer most of my devices to be dumb. They just work better that way.

Source: This article was published on computerworld.com By Steven J. Vaughan-Nichols

Categorized in Internet of Things

Security researcher Gal Beniamini — who works for Google’s Project Zero — recently unearthed a serious vulnerability affecting the Wi-Fi chipsets used in both iOS and Android devices. Detailing the proof-of-concept attack at length, Beniamini explains in an interesting blogpost how an attacker within range on a shared Wi-Fi network could potentially execute arbitrary code on a targeted device.

By chaining together a pair of exploits, Beniamini managed to demonstrate a “full device takeover by Wi-Fi proximity alone, requiring no user interaction.” The attack was deemed to be serious enough that Apple wasted no time in patching up the vulnerability, having released iOS 10.3.1 earlier in the week.

Apple’s release note for the iOS update reads:

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chipDescription: A stack buffer overflow was addressed through improved input validation.

Google, meanwhile, is obviously aware of the vulnerability but a security patch for Android devices isn’t yet widely available. As ArsTechnica notes, “the fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible.”

There haven’t been any reports of a device, iOS or Android, being compromised but you’ll want to upgrade your mobile OS as soon you can. As a final point of interest, the vulnerability impacts all iPhones models since the iPhone 4s, a number of Nexus smartphones and most of Samsung’s Galaxy lineup.

Source : bgr.com By Yoni Heisler

Categorized in Internet Privacy

Your smartphone is surprisingly vulnerable to viruses and malware. But you can protect yourself.

BARCELONA — The smartphone industry has given birth to a vibrant growth sector distinguished by its creativity, drive and entrepreneurship. Unfortunately, that sector is malware.

Conversations with security professionals here at Mobile World Congress, the world’s largest mobile tech show, provided a dismaying, but necessary, reminder that the computers in our pockets are targets for authors of malware and other scams — and that many of us don’t care about those risks.

“The amount of thought that consumers are giving to security is almost nonexistent,” said Gary Davis, chief consumer security evangelist at Intel (INTL).

App anxiety

The major malware risk on smartphones remains downloading a hostile app that tries to compromise your data or run up your phone bill. The best advice to avoid such threat is to stick to the Google (GOOG, GOOGL) Play Store instead of downloading apps from third-party stores or off the Web.

The fact that Google screens its Play Store apps makes the risk of malware there “dramatically less than a third-party app store, by far,” said Davis. Still, the Play Store isn’t immune from crooks.

Last month, for instance, the Slovakian security firm ESET found a trojan app on the Play Store disguised as a world weather app. Google yanked the app after ESET notified the company.

“We encounter these things … I would say every couple of months,” said ESET chief technical officer Juraj Malcho. The risk of downloading malware on iOS is vanishingly small in comparison to Android, thanks in part to the strict limits Apple (AAPL) places on how apps interact with the operating system.

A recent report by Intel’s McAfee subsidiary noted a related issue: Many customers still have copies of apps on their devices that have long since been removed from the Play Store. The report urged more notification and disclosure when apps are taken out of the marketplace.

Read the reviews, please

But many users may ignore those alerts if an app looks legit. The McAfee report noted an example of a photo app that silently signed users up for premium text messaging services — and yet still earned a 3.5 out of 5 rating on the Play Store.

ESET’s Malcho said he wished people would look past apps’ ratings and instead check users’ comments. “Many times, we encounter clear reviews in the text, ‘Don’t install this,’ ‘this is bloody malware,’ and people install it anyway.”

Some of the countries represented at MWC don’t have access to the Play Store, because their governments block Google. That leaves those users subject to whatever defenses their local app store alternatives offer.

Niloofar Amini, business developer at Tehran-based Cafe Bazaar, said his Iranian firm has a dedicated review team to assess and re-assess apps. Of course, the company also has to ensure that titles comply with the Islamic Republic’s morality laws and limits on political speech.

If you’re in China? Good luck. Intel’s Davis described app stores there as “just riddled” with malware.

Good and bad news on phones

The show floor provides one reason for optimism about the state of Android security: fingerprint sensors. When even cheap, unlocked phones like the $229 Moto G5 Plus can be unlocked via its fingerprint sensor, we should begin to see more people securing their phones.

Today, a disturbingly high number — 28 percent of Americans, according to a Pew Research Center study released in January — don’t lock their phones at all. Without that, a stolen phone can easily be wiped and resold … after the thief abuses all the personal data on it.

“Let’s stop calling it a phone,” said Raj Samani, Intel Security’s chief technical officer for Europe, the Middle East and Africa. “It’s not even a computing device — it is our digital passport.”

Unfortunately, most of the devices on the floor don’t run the latest version of Android, which can leave them open to security holes. Demo units of Samsung’s new Tab S3 tablet, LG’s G6, Moto’s G5 Plus and HTC’s (headphone jack-deprived) U Ultra all ran Google’s Android 7.0, which shipped in August, not its subsequent updates.

The new Nokia 5 was a refreshing exception, showing the current 7.1.1 release and security patches current through March 1 — but that phone hasn’t been announced for the U.S. market yet.

Meanwhile, the majority of Android phones run older versions that lack the stronger security of 7.0, and the stricter control of apps added in 2015’s Android 6.0. Intel’s Samani called those “brownfield” devices, after the term developers use for environmentally contaminated sites that they sometimes must build on.

ESET’s Malcho mused out loud about a more extreme fix for that brownfield-phone problem: “Make the device so it dies in two years.”

Source : Yahoo.com

Categorized in Internet Privacy

Remember that last time you posted a picture on Facebook and it automatically suggested to tag other people on the photo? Nothing unusual. You’ve tagged these people before, right? You’ve trained the machine learning face-recognition algorithm. And now Facebook can spot where they are on your picture.

 

Now, even if you refuse to tag anyone, this doesn’t mean Facebook never stores this information somewhere. Like, “person A is potentially present on picture B”. Actually, I’m almost 100% sure they do store it. Hell, I would if I was them.

I bet you already see where I’m going with this.

Now imagine you take a selfie in a crowded place. Like an airport or a train station. There are some people walking on the background. Hundreds of them. Some of them facing the camera. Guess what: the Facebook’s AI has just spotted them.

Even if you’re extremely cautious, even if you never post anything on Facebook, even if you have “location services” disabled on your phone at all times etc. etc. Facebook still knows where you are. You can’t stop other people from taking selfies in an airport.

Now all these Jason Bourne movies don’t look so ridiculous any more, do they? All the stupid scenes with people in a control room shouting “OK, we need to find this guy, quick, oh, there he is, Berlin Hauptbahnhof arrival hall just 20 minutes ago, send the asset!” or something like that.

“DeepFace”

This is not just me being paranoid. Various sources indicate that

Facebook uses a program it calls DeepFace to match other photos of a person. Alphabet Inc.’s cloud-based Google Photos service uses similar technology.

The efficiency is astonishing

According to the company’s research, DeepFace recognizes faces with an accuracy rate of 97.35 percent compared with 97.5 percent for humans — including mothers

Face recognition is being built into surveillance systems and law enforcement databases for a while now.

We could soon have security cameras in stores that identify people as they shop (source)

Even being in “readonly” mode doesn’t help

Every time you simply check Facebook without actually posting anything — the app generates a post draft for you, ever saw this? If you have a link or a picture saved in your clipboard, it even offers to attach that to your post. And of course, it has your location.

How can you be sure, it does not communicate that data to the servers?

Actually, I’m pretty sure it does since the app generates that “preview image” of the link stored in your clipboard (you know, that nicely formatted headline with the cover image).

There’s even more. Some evidence suggests that Facebook collects your keystrokes before you actually hit the “Post” button! If you then choose to backspace everything you’ve typed — too late…

Facebook has about 600 terabytes of data coming in on a daily basis (source, 2014).

If I was NSA I would definitely approach Facebook for this data.

UPDATE: a little privacy tip: use Facebook in mobile Safari, with an adblocker, and delete the iOS native app — helps a lot AND saves you from tons of ads and 3rd party cookie tracking. Not to mention wonders for the battery. I’m sure there’s a similar solution for Android.

On a desktop — use an extension like Disconnect to block 3rd party cookie tracking.

Author : Alex Yumashev

Source : https://medium.com/@jitbit/facebook-is-terrifying-8dc4a016b64b#.w0mdkcfp1

Categorized in Social

We know that our smartphones are capable of doing just about anything which our desktops can do these days. But all too often, we don’t protect our smartphones nearly as well as we protect our computers.

Hackers are just as capable of breaking into your smartphone and they can do all sorts of damage to you once they are in. As 60 Minutes shows, a hacker could break into your phone and find out who you are calling, where you are, and even listen in on your conversations and read your texts. There is the recent incident where several Democratic staffers recently had their phones attacked by foreign hackers looking to uncover private information.

But while there is no such thing as the perfect protection, implementing protection protocols can help keep your phone safe. Upon seeing even simple protections, most hackers will just move on and search for another less-protected phone. Here are a few things which you can do to keep your phone safe.

1. Keep your Phone safe

You may think of hackers as nerds sitting in some basements inputting some complicated program. But that is not the biggest threat to your phone. Your biggest threat is an ordinary thief who snatches your phone, escapes, and then cracks your password to find what is inside.

So the first step to protecting your phone is to do the same things which you should be doing to protect against thieves. Be aware of your environment when you are using your smartphone. Keep an eye out for suspicious individuals, and grip your phone with both hands so it is harder for the thief to rip it away. Also, back up your mobile data to your computer so that you can easily access it if your phone gets stolen.

2. Don’t use your Phone for everything

One of the biggest reasons why hackers try to go after your phone is so that they can uncover sensitive information such as banking information and passwords. But if you don’t have that sort of data on your phone, then there is nothing for the hacker to uncover.

Obviously, you need certain private information on your phone. But what about something like banking information or work-related affairs? Do you really need to check that information now, or can it wait until you get home and check it on your computer?

Avoid accessing confidential information whenever possible, especially if you are using public Wi-Fi. Also regularly clear your browsing history and caches so that hackers have less information to find.

3. Update your phone

Hacking is a war between hackers and software companies. The hackers find loopholes, software companies fix the holes, the hackers find more holes, and so on. But in order to fix those holes, you have to keep your phone updated so that the earlier holes are filled in.

This is particularly important because less competent hackers have to rely on those holes which other hackers have uncovered to get your information. The longer you choose to not update your phone, the more the opportunity to break in and uncover your information.

4. Look into encryption

There are a lot of people out there who think that encryption and password protection are the same thing. This is incorrect. Encryption scrambles your phone’s data so that even if the hacker just hacks your phone while bypassing the password request (and they can do that), the data will be completely illegible. Just look at the recent controversy between Apple and the FBI on breaking into a terrorist’s Apple phone, and that should give an idea of how hard it can be to break into an encrypted phone.

Encryption can do a lot to protect your phone’s data and the good news is that all iPhones and newer Android versions come with their phone automatically encrypted once you set a password (tip: set a password for your phone). But if you have an older version, you will have to encrypt it yourself by going into the security section of your phone’s settings.

5. Be careful using public Wi-Fi and Bluetooth

Public Wi-Fi and Bluetooth are easy to use, but they are an easy gateway for hackers to get into your mobile phones. As CNN notes, hackers can trick your phones into connecting to spoof Wi-Fi or Bluetooth accounts which just end up sending all your cell phone’s data right to the hacker. Hackers can also take advantage of vulnerabilities in Bluetooth software as another way into your cellphone.

So try to rely on your phone’s 4G network instead of Wi-Fi or Bluetooth, and never let your phone automatically connect to public Wi-Fi hotspots. If you do, then it is possible for hackers to realize your phone is connected and hack in even while you have no idea that your phone is connecting to the Wi-Fi network in the first place.

Author: Michael Prywes
Source: http://www.lifehack.org/466933/5-expert-security-tips-for-your-smartphone

Categorized in Internet Privacy
Page 3 of 5

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media