Connect with us

Security

Without Naming Huawei, E.U. Warns Against 5G Firms From ‘Hostile’ Powers

Published

on

A 5G supplier from a “hostile” country could be forced by its home government to wreak havoc by causing cyberattacks, a European Union report warned on Wednesday, but the bloc stopped short of naming the Chinese giant Huawei, which the United States blacklisted after the White House labeled it a tool for espionage by Beijing.

The advisory report, drafted with input from all 28 European Union members, laid out the types of major security failures that 5G networks could be vulnerable to.

It said that putting all functions of a 5G network — including hardware and software, operations and maintenance — in the hands of a single company could leave entire countries at risk.

In May, the United States Commerce Department put Huawei on a so-called entity list of firms that need special permission to buy American components and technology because they have been deemed security threats.

President Trump has called on the European Union to follow his lead in barring the company from its market.

The European Union report, intended to provide advice to member states, said a “strong link” between a 5G technology supplier and a government “where there are no legislative or democratic checks and balances in place” could prove a major source of vulnerability.

The language appears to point to Huawei. The company has vehemently denied all allegations of being under the control of the Chinese government, stressing that it is owned by its employees and that only about 1 percent of the company is held by its founder.

In a statement that brushed aside any implied criticism, Huawei said it welcomed the report and would “work with European partners” to develop a cybersecurity framework “and deliver safe and fast connectivity for Europe’s future needs.”

The idea behind 5G, a major leap from the 3G and 4G telecommunications technology used currently, is that it will become ubiquitous, connecting almost everything, from defense systems to domestic devices like refrigerators and coffee machines, to an ultrafast wireless network.

Huawei is thought to be ahead of other 5G equipment providers around the world, including European Union companies such as Ericsson and Nokia, in being able to install networks. Also, it has traditionally been a cheaper provider of technology.

Mr. Trump and other critics contend that a 2017 Chinese law could be used to force Huawei to hack its customers through preinstalled “back doors” into the network’s software, on behalf of Beijing.

The European report sounded some related concerns. “In particular, as 5G networks will be largely based on software, major security flaws, such as those deriving from poor software development processes within equipment suppliers, could make it easier for actors to maliciously insert intentional back doors into products and make them also harder to detect,” it found.

Abraham Liu, Huawei’s vice president for Europe, has said his company does not and will not use back doors to spy on customers.

“In the past, we have never planted any back door, and we are committed not to do anything like this, forced by any government, including U.S. government, Chinese government or any other government. We are committed to this,” he said in a recent interview.

The report presented on Wednesday could pave the way for the European Commission, the executive arm of the European Union, to recommend that its member states take additional security measures when procuring 5G networks.

The commission is expected to publish a “toolbox” of measures that countries can take to mitigate the risks, but it can’t force them to comply. Officials hope that by publicizing the risks and proposing ways to address them, countries that take a lax approach to security will be pushed into action by their citizens.

But when it comes to Huawei, neither the European Commission nor the majority of national cybersecurity agencies in member states have shown much interest in complying with Mr. Trump’s demand that they bar it.

In part, this is down to practical concerns.

No single company, experts say, will be able to handle all the demand for 5G work once network operators begin making the transition. Therefore, unless Huawei is barred from the European Union or by individual countries, it will most likely play some part in the Continent’s 5G future.

And in Europe, Huawei already has a deep and long presence in countries like Britain and Germany, which other nations look to for expertise and guidance.

A Nokia spokesman said that “it is vital that all parties commit to the highest levels of security and resilience of 5G networks, and realize that 5G will only deliver on its promise if the networks that underpin it are and remain secure.”

“There can be no exceptions,” he added.

Source: https://www.nytimes.com/2019/10/09/world/europe/eu-huawei-report.html

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

Firm introduces new cyberthreat detection service

Published

on

By

Sophos, a global leader in network and endpoint security, has announced the availability of a fully managed threat hunting, detection and response service, called Sophos Managed Threat Response.

The firm said the re-sellable service would provide organisations with a dedicated 24/7 security team to neutralise the most sophisticated and complex threats.

According to a statement, these threats include active attackers leveraging fileless attacks and administrator tools such as PowerShell to escalate privileges, exfiltrate data and spread laterally.

“Attacks like these are difficult to detect since they involve an active adversary using legitimate tools for nefarious purposes, and Sophos MTR helps eliminate this threat,” it said.

The Chief Technology Officer at Sophos, Joe Levy, said cybercriminals were adapting their methods and increasingly launching hybrid attacks that combined automation with interactive human ingenuity to more effectively evade detection.

He said, “Once they gain a foothold, they’ll employ ‘living off the land’ techniques and other deceptive methods requiring human interaction to discover and disrupt their attacks.

“For the most part, other managed detection and response services simply notify customers of potential threats and then leave it up to them to manage things from there.

“Sophos MTR not only augments internal teams with additional threat intelligence, unparalleled product expertise, and round-the-clock coverage, but also gives customers the option of having a highly trained team of response experts take targeted actions on their behalf to neutralise even the most sophisticated threats.”

Source:
https://punchng.com/firm-introduces-new-cyberthreat-detection-service/

Continue Reading

Security

Google now treats iPhones as physical security keys

Published

on

By

The latest update to Google’s Smart Lock app on iOS means you can now use your iPhone as a physical 2FA security key for logging into Google’s first-party services in Chrome. Once it’s set up, attempting to log in to a Google service on, say, a laptop, will generate a push notification on your nearby iPhone. You’ll then need to unlock your Bluetooth-enabled iPhone and tap a button in Google’s app to authenticate before the login process on your laptop completes. The news was first reported by 9to5Google.

Two-factor authentication is one of the most important steps you can take to secure your online accounts, and provides an additional layer of security beyond a standard username and password. Physical security keys are much more secure than the six digit codes that are in common use today, since these codes can be intercepted almost as easily as passwords themselves. Google already lets you use your Android phone as a physical security key, and now that the functionality is available on iOS it means that anyone with a smartphone now owns a security key without having to buy a dedicated device.

Attempting to log in to a Google service will send a push notification to your phone over Bluetooth.

The new process is similar to the existing Google Prompt functionality, but the key difference is that Smart Lock app works over Bluetooth, rather than connecting via the internet. That means your phone will have to be in relatively close proximity to your laptop for the authentication to work, which provides another layer of security. However, the app itself doesn’t ask for any biometric authentication — if your phone is already unlocked then a nearby attacker could theoretically open the app and authenticate the login attempt.

According to one cryptogopher working at Google, the new functionality makes use of the iPhone processor’s Secure Enclave, which is used to securely store the device’s private keys. The feature was first introduced with the iPhone 5S, and Google’s app says that it requires iOS 10 or later to function.

The new iPhone support appears to be limited to authenticating Google logins from the Chrome browser. When we attempted to use an iPhone to authenticate a login of the same service (we tested with Gmail) using Safari on a MacBook, we were prompted to insert our key fob (which we don’t have), meaning it created an extra step in our login process where we had to pick an alternative 2FA option.

Source:
https://www.theverge.com/2020/1/15/21066768/google-iphone-ios-security-key-2-factor-authentication

Continue Reading

Security

Samsung made a fingerprint-secured portable SSD

Published

on

By

Portable SSDs have become quite popular lately but only a handful of them offer proper security so Samsung is taking matters into its own hands by introducing the T7 Touch with fingerprint reader identification. This way you can rest assured that your sensitive data is safe even if you misplace the actual drive.

Samsung made a fingerprint-secured portable SSD

The T7 Touch succeeds the T5 from last year by offering a capacitive fingerprint scanner and AES 256-bit hardware encryption and password for added security. Moreover, the T7 Touch boasts about 1 GB/s read and 1 GB/s read speeds, which is almost twice as fast as its predecessor.

Connectivity options include USB-C to USB-C and USB-C to USB-A while the connector of the device supports 10Gbps speeds over USB 3.2 (Gen 2).

The T7 Touch comes in three flavors – 500GB for $129, 1TB for $229 and 2TB for $399 with planned availability this month. The available paint jobs of the titanium case are black and silver and the whole thing weighs just 58 grams.

Source:
https://www.gsmarena.com/samsung_made_a_fingerprintsecured_portable_ssd-news-40949.php

Continue Reading
Advertisement

Trending

%d bloggers like this: