Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Home Security. Show all posts
U.S. Patent and Trademark Office
Cyber Security Cyber Trust Mark FCC Federal Communications Commission Home Security Joe Biden NIST U.S. government U.S. Patent and Trademark Office

Cyber Trust Mark: U.S. Administration Introduces Program to Boost Home Security


This Tuesday, Joe Biden’s government announced a ‘U.S. Cyber Trust Mark’ program that will focus on cybersecurity certification and product labels of smart home tech, as a step to help consumers choose products that provide better protection against cyber activities.

The new program was proposed by the Federal Communications Commission Chairwoman Chairperson Jessica Rosenworcel. The program apparently aims at helping consumers make well-informed decisions over purchasing products, like identifying the marketplace with advance cybersecurity standards.

"The goal of the program is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes," the administration said.

U.S. Cyber Trust Mark

Under the proposed programs, consumers are likely to see a newly formed “U.S. Cyber Trust Mark” label, that will serve as a shield logo, distinguishing the products that satisfies the established cybersecurity criteria. Apparently, these criteria will be decided by the National Institute of Standards and Technology (NIST), which will include criteria like unique and strong default passwords, data protection, software updates and incident detection capabilities.

According to the administration, a number of significant retailers, trade groups, and manufacturers of consumer goods such electronics, appliances, and consumer goods have made voluntarily commitments to improve cybersecurity for the products they sell. Amazon, Best Buy, Google, LG Electronics USA, Logitech, and Samsung Electronics are among the participants.

Plans for the program was prior discussed by the Biden administration in late 2022 to establish a voluntary initiative with internet of things makers to help ensure products meet minimum security standards.

Reportedly, the FCC, which is responsible for regulating wireless communication devices is set to seek public comment regarding the labeling program by 2024.

According to the administration, the FCC is applying for registration to the U.S. Patent and Trademark Office to register a national trademark that would be used on products that satisfy the predetermined standards. 

"The proposal seeks input on issues including the scope of devices for sale in the U.S. that should be eligible for inclusion in the labeling program, who should oversee and manage the program, how to develop the security standards that could apply to different types of devices, how to demonstrate compliance with those security standards, how to safeguard the cybersecurity label against unauthorized use, and how to educate consumers about the program," the FCC notice says.

The proposal highlights inclusion of a QR code to products that will provide consumers with information, pending a certification mark approval by the U.S. Patent and Trademark Office.

Read more »
Vulnerabilites and Exploits.
CISA Home Security Malicious actor Patch Fix Smart Devices Software Vulnerabilites and Exploits.

Nexx Garage Door Cyber Vulnerabilities: Risks in Smart Home Security

Smart home devices have become increasingly popular in recent years, promising convenience, efficiency, and security. However, recent cyber security vulnerabilities in the Nexx Garage Door Opener have highlighted the risks of relying too heavily on technology without considering the potential consequences.

The Nexx Garage Door Opener is a smart home device that allows homeowners to open and close their garage doors remotely using their smartphones. However, security researchers have discovered that the device is vulnerable to hacking, allowing unauthorized access to the garage and potentially the entire home network.

According to a report by Bleeping Computer, hackers can easily exploit the vulnerabilities in the device's software and gain access to the device's firmware, allowing them to take control of the device remotely. There is currently no fix for this vulnerability, leaving homeowners vulnerable to potential cyber-attacks.

This is not the first time the Nexx Garage Door Opener has been found to be vulnerable to cyber-attacks. In 2019, security researchers discovered that the device was susceptible to a brute force attack, allowing hackers to access the garage door opener by guessing the password. The manufacturer released a patch to fix the vulnerability, but the recent discovery of the new vulnerability suggests that more work needs to be done to improve the security of smart home devices.

The vulnerability in the Nexx Garage Door Opener is just one example of the risks associated with smart home devices. As more and more devices are connected to the internet, the risk of cyber-attacks increases. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the vulnerability and urged users to take immediate action to secure their devices.

In light of these vulnerabilities, it is crucial for homeowners to take a proactive approach to smart home security. This includes choosing devices from reputable manufacturers, keeping software and firmware up to date, and regularly changing passwords. Additionally, it is essential to monitor devices for any suspicious activity and be aware of the potential risks associated with using smart home devices.

In conclusion, the Nexx Garage Door Opener cyber vulnerabilities are a stark reminder of the importance of cyber security in smart homes. While the convenience and efficiency of smart home devices are appealing, it is essential to take precautions to protect against potential cyber-attacks. Homeowners must be proactive in their approach to smart home security, and manufacturers must take responsibility for improving the security of their devices.

Read more »
Ring Home Security
Android Central Cyber Safety Cyber Security Data Stolen Eufy Home Security Home Surveillance Ransomware attack Ring Home Security

Home Security: Breaches and Ransomware Making it Impossible to Review Firms and Their Security


The recent Ring home security ransomware incident and Eufy's insecure network has left numerous researchers and users wondering about the cyber safety these home security and surveillance firms possess. 

Product reviewers and tech journalists are even left with a sense of perplexity on what security camera, or security product must they recommend to potential users, knowing for a fact that the backend could or could not be secure. 

According to Michael Hicks, senior editor at Android Central “When I review a product, I try to be as nitpicky as possible. Not because I want to give a bad review, but because it's my job to go past the idealized press releases and spec sheets to see the cracks beneath the surface.” 

While it is possible to cite certain problems pertaining to a security camera, like the video quality or an unreliable AI detection. However, there is always the possibility of some undiscovered breach, even with the some of the best cameras around, that are tested and appreciated. 

Hicks says, this is not something most tech journalists are qualified to detect. With a smartphone, one can examine most software and security for themselves, and users too have almost complete control to block or enable apps from tracking them. The entire data security for a security camera is managed remotely, therefore we can only trust the company to protect ones data safely. 

The issue is that, if ever, we really can trust a security business to provide an honest assessment of its cybersecurity. 

Companies like LastPass or Eufy, whether they specialize in hardware or software, frequently conceal any ongoing breaches for months until they become public, at which point they play down their seriousness with technical jargons and mitigating factors. 

Some Recent Unsettling Incidents 

According to a report Vice published this past week regarding a third-party associated with Ring being infected by BlackCat ransomware, Ring employees have been instructed to “anything about this,” and that they are unsure yet what user data is at risk if Amazon does not pay. 

Prior to this incident, security researcher Paul Moore found that Eufy cameras were sending users' images and facial recognition data to the cloud without them knowing or consent, that one could stream anyone's private camera feeds from a web browser, and that Eufy's AES 128 encryption was easily cracked due to the use of simple keys. 

In response, Eufy patched some issues and edited its privacy guidelines to provide fewer protections for its users. 

Accepting the Unknown 

The bottom line is: even the renowned security firms with encryption that seems impenetrable can make choices that expose your personal information or home feeds, or they can recruit someone who unethically abuses their position of authority. And even if someone blows the whistle or a security expert notices the error, there is absolutely no guarantee that you will learn about it after that corporation learns about it. 

In an environment like this, casually reviewing any company's security camera on the basis of its merits and recommending online readers seems like an irresponsible take. Michael Hicks in his article wrote “It's my job to do so, and I will write about the Blink Indoor and Blink Mini once it's clear how its parent company handles the Ring ransomware attack.” 

However, in doing so, Michael Hicks adds he will have to include certain big disclaimers that he “just don't know what Blink's (or any company's) weakest link is.” There is a possibility that it could be a dishonest employee, an unreliable third-party team, shoddy encryption, or something else. 

In the meantime, he advises individuals to use security cams with local storage in order to avoid storing their private footages and information on company servers. However, there is no guarantee of security, considering the fact that firms like Eufy was well received and trusted as a local storage option before its numerous problems were revealed.  

Read more »
Ring LLC
ALPHV ALPHV ransomware gang Amazon Data Breach Data Stolen Home Security ransomware attacks Ring Ring LLC

Ring Data Breach: What you Need to Know About the Home Security Company Attack


With innovative doorbells and security cameras making a huge breakthrough for home security across the world, Ring now stores a great amount of data. Although the company has recently been facing ransomware gang threats to expose the data online. 

About Ring LLC 

Ring LLC is a home security and smart home company owned by Tech-giant Amazon. The firm creates home security systems with exterior cameras, such as the Ring Video Doorbell smart doorbell, and runs the Neighbors app, which allows users to share video footage with each other online in a communal setting. 

Ring Data Breach 

According to a report by Motherboard, the ALPHV ransomware gang has claimed to have acquired access to Amazon-owned Ring’s systems and its data. Despite the fact that there is no proof of a system breach, Ring did indicate as much in a statement to the news organization. But, it is well known to them that a ransomware assault has affected one of its third-party providers. 

In a response to Ring, ALPHV shares a post on Twitter saying “There’s always an option to let us leak your data”. The ransomware group has not yet made any of the data it is said to have stolen from the business available. But, there is still cause for alarm when Motherboard discovered a Ring listing on ALPHV's data dump website. 

Ransomware groups like ALPHV have evolved into using data dump sites to entice victims into paying ransoms in order to regain access to their data. In an effort to persuade businesses to cooperate with the hackers holding their data hostage, a tiny percentage of the stolen data from those businesses is frequently posted publicly. 

ALPHV Ransomware Gang 

The ALPHV ransomware gang has attacked companies in the US, Europe, and Asia. The group has also been referred to as BlackCat, named after the malware it deploys. In the past, ALPHV has taken credit for hacking hospitality firms like the Westmont Hospitality Group, which manages IHG and Hilton hotels around the world, as well as leaking medical data from the Lehigh Valley Health Network. 

ALPHV's data dump site, where it posts stolen data in collections referred to as "Collections," is another feature that sets it distinct from other ransomware organizations. Other ransomware organizations may have comparable websites, but ALPHV's is renowned for being indexed and simpler to search. 

Should you be Worried About Your Ring Data? 

Currently, Amazon is looking into a third-party vendor's data breach that ALPHV has claimed responsibility for. We are unlikely to hear anything more until this investigation is over. Ring's products are widely utilized in homes all over the world since they are among the best video doorbells and home security cameras today. 

However, the firm employs end-to-end encryption (E2EE) in the majority of nations to prevent governments and other parties from accessing the data from your cameras and snooping on them. If the ALPHV ransomware gang did end up infiltrating Ring’s third-party vendors, it is possible that the group has also managed to steal corporate or customer data in the attack. 

If you are concerned about your Ring data or even the fact that the firm is charging for features that were previously free, it is a good time to consider some alternatives instead. In any case, we will probably soon learn whether or not the ALPHV ransomware gang managed to steal client data.  

Read more »
Subscribe to: Posts (Atom)