Connect with us

ZDNET

Easy-to-guess default device passwords are a step closer to being banned

New plans designed to protect IoT devices from cyberattacks will ban default passwords and require manufacturers to tell users how long smart devices – including phones – will receive security updates for.

Published

on

Easy-to-guess default passwords will be banned and smart device manufacturers will be required to tell customers how long their new product will receive security updates under plans to protect Internet of Things (IoT) devices and their users from cyberattacks.

Laws will also require manufacturers of smart devices including phones, doorbells, cameras, speakers, TVs and more to provide a public point of contact to make it simpler for security vulnerabilities in the products to be reported – and fixed with software updates.

Households and businesses are increasingly connecting IoT products to their networks – but while they’re being deployed with the aim of providing benefits, insecure IoT devices can be exploited by cyber criminals.

SEE: IoT: Major threats and security tips for devices (free PDF) (TechRepublic)

That can lead to malicious hackers using insecure smart devices as a stepping stone onto corporate or personal networks and using that access as a means of conducting cyberattacks, as well as potentially invading the privacy of users.

In an effort to protect smart devices, the UK government’s department for Digital, Culture, Media and Sport has announced the the need for IoT devices to be Secure by Design will become law. DCMS had previously proposed the the idea, but now it has moved another step towards actually becoming legislation – and smartphones will be included in the plans.

Under the planned new laws, customers must be informed at the point of sale as to the length of time for which a smart device will receive security software updates in a move designed to encourage people to buy devices that are going to receive security patches for a long time – making them more resilient to cyber threats that exploit new vulnerabilities.

This will also apply to smartphones, which are now going to be included in any legislation designed to boost the defences of connected devices.

The addition of smartphones comes following a government call for views on smart device security in which respondents suggested the amount of personal information on smartphones, and the way they’re so widely used, means they should be included in smart device safety legislation.

Manufacturers will also be banned from using default passwords such as ‘password’ or ‘admin’ in an effort to protect users from opportunistic cyberattacks that take advantage of common or weak passwords to gain control of devices.

The proposed legislation builds on a previously published code of practice for IoT device manufacturers – although now the suggestions would be required, not just recommended.

“Consumers are increasingly reliant on connected products at work and at home. The COVID-19 pandemic has only accelerated this trend and while manufacturers of these devices are improving security practices gradually, it is not yet good enough,” said Ian Levy, technical director at the National Cyber Security Centre (NCSC).

“To protect consumers and build trust across the sector, it is vital that manufacturers take responsibility and pay attention to these proposals now,” he added.

SEE: Hackers are actively targeting flaws in these VPN devices. Here’s what you need to do

The NCSC has previously provided advice for consumers on how to keep their IoT devices secure.

There’s currently no indication of when the proposals will be made law, but the government says the legislation will be introduced “as soon as parliamentary time allows” and businesses will be given time to adjust to the laws once they’re introduced.

There’s also no details as yet about how the legislation will be enforced, or what measures will be taken against smart device manufacturers or retailers that aren’t compliant.

MORE ON CYBERSECURITY

SEE: IoT: Major threats and security tips for devices (free PDF) (TechRepublic)

Source: https://www.zdnet.com/article/easy-to-guess-default-device-passwords-are-a-step-closer-to-being-banned/

easy-to-guess-default-device-passwords-are-a-step-closer-to-being-banned

ZDNET

A useful Android privacy feature that most people have never heard of

Android has a useful hidden feature that the iPhone doesn’t.

Published

on

Ever handed your iPhone to someone and then remembered that one thing that you don’t want them to see?

Maybe a photo, or a test, a personal message, something private from work, or your stash of cat memes you’re collecting.

Whatever it is, we carry a lot of sensitive stuff on out smartphones, and it’s only natural to what to keep that stuff private.

But the developers who work on Android have thought about this, and added a feature that allows you to be able to hand your phone to someone else, while keeping your information private.

Must read: The best Android apps for power users in 2021: Track data usage, test connections, and more

That feature is called Guest mode.

This popped into my head the other day following a conversation with an Android user who said they wished there was a way to lock their private data but still allow others to make calls and use the internet.

That’s what this mode does.

Guest mode creates a temporary account on your smartphone that is free from any of your personal information. No photos. No contacts. No messages. No files.

It also disables the phone feature, but you can choose to activate that if you want.

So, how do you access this feature? Well, it normally lives at Settings > System > Advanced > Multiple Users, but not always. If you can’t find it, a search for users should bring it up.

Guest Mode on Android

Guest Mode on Android

When you find it, you’ll see it at the bottom of the list of Google accounts tied to the handset. To switch, tap on it, and the handset will switch over.

The process is fast and only takes a few seconds.

To switch back, navigate back to Multiple Users and tap Remove Guest.

If you want to give the Guest Mode access to the phone, before going into Guest, click on the cog next to it and enable Turn on phone calls.

Guest Mode can also optionally make calls

Guest Mode can also optionally make calls

Also, for quick access, you can make this feature available from the lock screen. Handy if you use it regularly.

It’s a cool feature that helps keep your private stuff private.

That feature is called Guest mode.

Source: https://www.zdnet.com/article/a-useful-android-privacy-feature-that-most-people-have-never-heard-of/

a-useful-android-privacy-feature-that-most-people-have-never-heard-of

Continue Reading

ZDNET

Cisco to acquire Sedonasys Systems for innovative NetFusion platform

Cisco said the Sedona NetFusion platform is the first to deliver complete network abstraction and control.

Published

on

Cisco announced on Tuesday that it was acquiring Hierarchical Controller market leader Sedonasys Systems in an effort to beef up its multi-vendor, multi-domain automation, and software-defined networking offerings.

Kevin Wollenweber, vice president of product management in the Service Provider Network Systems for Cisco, explained in a blog post that in order to expand the internet and operate networks at massive scale for the billions of new users coming down the pipeline, the internet had to be reinvented in certain ways.

Cisco is acquiring Sedonasys Systems primarily for its NetFusion platform, which has a Hierarchical Controller (HCO) that it said, “enables multi-vendor, multi-domain automation, and software-defined networking.”

Wollenweber said the Sedona NetFusion platform was the first company to offer “complete network abstraction and control” that helped CSPs manage their networks across a variety of domains, vendors, layers, and technologies, all as one single network.

The addition of Sedona NetFusion to Cisco Crosswork portfolio will allow the company to offer a more advanced network automation platform for Cisco’s Routed Optical Networking Solution.

“HCO is the brain that enables transformation like 5G network slicing, routed optical networking, and disaggregation. We have one simple goal in our network automation strategy — simplification,” Wollenweber said.

“Now, CSPs can gain real-time, dynamic, and seamless control of IP and optical multi-vendor networks together. They can quickly move from clunky, manual operations across siloed teams and technologies to a completely automated and assured network that’s easily managed through a single pane of glass.”

With Cisco Crosswork and Sedona NetFusion, users will have access to a real-time replica of the entire network to predictively manage any changes to the deployment, connectivity, and activation status of all network inventory.

Operators can preview optimization, assurance, and changes, and then commit them as needed, Wollenweber added.

Source: https://www.zdnet.com/article/ciscos-to-acquire-sedonasys-systems-for-innovative-netfusion-platform/

cisco-to-acquire-sedonasys-systems-for-innovative-netfusion-platform

Continue Reading

ZDNET

Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast’s fuel

The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure.

Published

on

Colonial Pipeline, which accounts for 45% of the East Coast’s fuel, said it has shut down its operations due to a cyberattack.

The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure. The company delivers refined petroleum products such as gasoline, diesel, jet fuel, home heating oil and fuel for the U.S. Military.

In a statement, Colonial Pipeline said:

On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems. Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.

Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.

Cybersecurity: Let’s get tactical | A Winning Strategy for Cybersecurity | Cyberwar and the Future of Cybersecurity

Here’s a look at the Colonial Pipeline system affected by the cyberattack.

colonial-pipeline-system-map.jpg

Colonial Pipeline’s shutdown should it continue may lead to supply shortages since it covers so much territory in the US.

Source: https://www.zdnet.com/article/colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45-of-east-coasts-fuel/

colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45%-of-east-coast's-fuel

Continue Reading

Title

Techcrunch3 hours ago

Maybe SPACs were a bad idea after all – TechCrunch

Welcome back to The TechCrunch Exchange, a weekly startups-and-markets newsletter for your weekend enjoyment.

Techcrunch6 hours ago

Leveling the playing field – TechCrunch

There is an atmosphere of collaboration, not competition, around the creation of hardware for gamers within the assistive technology community.

ZDNET9 hours ago

A useful Android privacy feature that most people have never heard of

Android has a useful hidden feature that the iPhone doesn't.

Coinpedia11 hours ago

Polygon (Matic) Price Continues to Rise Amidst Market Correction!

The MATIC price forecasts are positive as a token supporting such a critical feature right now. After the Ethereum scaling

Reuters14 hours ago

Chip shortage to hit about 100,000 Mazda vehicles in 2021

Mazda Motor Corp (7261.T) said on Friday it expects a semiconductor crunch to affect around 100,000 of the Japanese automaker's...

Blockchain news1 day ago

Ethereum Gas Fees Surge to a Monthly High, Supply on Exchanges Continues to Decline

Ethereum's total fees has hit a monthly high of 746.026 ETH.

CNBC2 days ago

Disney misses on subscriber expectations, parks revenue still hurt by Covid restrictions

Disney+ had been bolstering the company's success as it was losing out on business from Covid restrictions, but it seems...

Entrepreneur2 days ago

Let Go of Assumptions and Reset Your Brand Mindset

Many small businesses make the mistake of trying to please everyone. You can't, so stop trying.

Cointelegraph2 days ago

Polkadot-centric derivatives exchange raises $6.4M in seed funding

The successful private investment round highlights growing conviction in the Polkadot ecosystem.

Ventureburn2 days ago

Hack the Normal winning innovators announced

The Hack the Normal online hackathon has announced the winning innovations in each of the event's categories for this year's...

Review

    Select language

    Trending