February 28, 2014 No Comments-
Kristian A. Bognaes, Director, Norman Safeground Development Center
– February was filled with continuing news on cleanup- and investigative efforts related to previous data leaks and thefts. Still, we saw a few stories that point to problem areas that I expect will become more important as the year progresses.
Data security and the Internet of Things
We have earlier seen stories about WiFi chips being hidden in water heaters and refrigerators with built-in computers that are accessed over the internet. In the past month, Wall Street Journal ran an interesting story about how medical information from several nursing homes has leaked onto data sharing sites on the internet. The article was based on the new report about ‘Health Care Cyberthreat Report’ from SANS institute, which is well worth a read. The challenge is that medical facilities are increasingly looking to keeping records electronically, and using networked computers to do so. When you throw network-enabled medical devices into the mix, the situation can get very difficult seen from a security perspective. The immediate concern is of course the risk of losing confidential data from these internal networks. However, as the report points out, quite a bit of malicious traffic originated from imaging devices and other specialized medical equipment. The thought of your x-ray machine being infected with malware is quite chilling, and the consequences can be grave!
The Bitcoin affairs
You have probably heard about Bitcoin by now. Bitcoin is one of the better known so-called Crypto-currencies available. It is a money system where you own money based on cryptographic keys, and can make and receive payments by transferring data over the internet. Virtual currencies like Bitcoin is a good idea. So far, however, most transactions done in Bitcoin have been related to speculation rather than paying for goods and services. Two things happened in February that affects users trust in Bitcoin: it was discovered that a weakness in data protocols of one of the largest Bitcoin trading exchanges, Mt.Gox, had been exploited over several months to steal Bitcoins. It is still a developing story, but it may seem that values equivalent to about $350 million has vanished!
Another security-related news item in February had to do with a new malware spreading. Called ‘Pony’, the malware is designed to steal the Bitcoin wallet data files from users who store their wallets locally, along with account credentials. The malware is part of a large botnet and indicates that this criminal effort is well organized. It may be a worrisome indication of things to come.
SSL issue in iOS
Finally, in February, a serious security flaw was found in several versions of Apple’s iOS operating system. The issue involved SSL certificate checking and would, among other things, enable phishing attempts and man-in-the-middle attacks to go undetected by the built-in SSL implementation. What this tells us is that, like all software, Apple software will also have security bugs that need immediate fixing. Whatever platform you are on, make sure to keep up with patches and updates that are issues by the manufacturer, no matter if it is iOS, Windows, or Android.