Connect with us

Security

Domestic 5G development at core of US communications security plan

Published

on

In late March, during the first phase of the coronavirus lockdown, the White House issued a little-noticed document entitled The National Strategy to Secure 5G of the United States, which articulates a “vision for America to lead the development, deployment, and management of secure and reliable 5G communications infrastructure worldwide, arm-in-arm with our closest partners and allies.” The document was the White House’s effort to comply with the Secure 5G and Beyond Act, which required the president to” develop a strategy to ensure the security of next generation mobile telecommunications systems and infrastructure in the United States.”[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they’re for, what they cost, and which you need. | Sign up for CSO newsletters. ]

The Act also required the president to submit within 180 days an implementation plan developed in consultation with a host of government departments and agencies. In May, the Commerce Department’s National Telecommunications and Information Administration (NTIA) began a proceeding to receive comments on how it might implement the vision of the White House Strategy, with the comment period ending on June 25. Early this week, NTIA posted the comments it received from 80 organizations, corporations and interested individuals.

Key 5G security objectives

The seven-page White House document is a bare bones overview of strategic objectives, painting only broad-brush strokes on how to achieve the 5G security objectives it outlines. The goals of the strategy are to:

  • Facilitate domestic 5G rollout: Pointing to an FCC strategy to facilitate American superiority in 5G technology, the National Strategy also aims to work with the private sector on more R&D to facilitate domestic 5G rollout.
  • Assess the risks and identify core security principles for 5G infrastructure: The strategy says that in partnership with state, local and tribal governments as well as private sector partners, the government will “seek to continuously identify and characterize economic, national security, and other risks posed by cyber threats to and vulnerabilities in 5G.”
  • Manage the economic and national security risks from the use of 5G infrastructure: The strategy primarily relies on the federal Acquisition Supply Chain Security Act of 2018, which “creates a unified, whole-of-government approach to protecting Federal systems from supply chain risks in covered articles” as well as Executive Order (E.O.) 13873, “Securing the Information and Communications Technology and Services Supply Chain,” signed in May 2019.
  • Promote responsible global development and deployment of 5G infrastructure: The White House says the US will participate in international 5G security principles through frameworks, such as the Prague 5G Security Conference, and continue working with relevant standards-setting 5G organizations with the private sector. The administration also plans to “work with the private sector, academia, and international government partners to adopt policies, standards, guidelines, and procurement strategies that reinforce 5G vendor diversity to foster market competition.”

US aims to retake lead in 5G development

“It’s critically important that the United States and, on a broader level, the West get 5G right and lead the world in this development,” Senator Mark Warner (D-VA), Vice-Chair of the Senate Intelligence Committee, said this week during a webinar on 5G security strategy hosted by US Telecom. “Unfortunately, I would argue through a variety of twists and turns in the wireless industry over the past 20 years on the equipment side, we no longer have an American provider on 5G.”

The United States was “so used to leading in wireless; we’re so used to setting the rules, the protocols, the procedures, the standards,” Warner said. “Suddenly, over the last five to seven years, more specifically the last couple of years, we’ve seen that normal western and American-specific dominance really be questioned by an emerging China.”

Warner, who is well-versed in mobile technology and business, having founded a top wireless company, Nextel, that he later sold to Sprint, is particularly concerned right now by the Chinese communist party’s control over telecom technology. He worries even more about the precedent that China’s dominance in telecom technology might establish for future innovation.

“I fear what’s playing out in 5G is the blueprint for what will be happening with China in artificial intelligence, quantum computing, and a host of other areas,” he said.” It is a preview of what may be, in a sense, the technology arms race of the future.”

Software-dependent systems seen as more secure

One idea Warner embraces to improve 5G security is to “move away from a closed, hardware-dependent system and move to a software-dependent system” that plays to the strength of American companies. In particular, Warner is promoting a bill he introduced in January, the so-called O-RAN bill, which requests $1 billion in federal funds to invest in open radio access network technology. The goal of jumpstarting the software alternative is to help American companies develop technology that is price-competitive with Chinese telecom tech companies such as industry leader Huawei.

The good news for Warner is that the O-RAN bill was added to must-pass legislation, the National Defense Authorization Act, which will pass by the end of the year. The bad news, he said, is that the Senate appropriators dramatically cut back on his request, whittling R&D funding for the initiative down from $750 million to $50 million for the first year. Funding for collaboration with international partners was likewise slashed, down from a requested $500 million to only $25 million.

Meanwhile, NTIA is plowing through the 80 sets of comments it received on the White House strategy. Commenters range from telecom giant AT&T to New York City to concerned citizens worried over the latest conspiracy theory that 5G is a technology that will be used to control the people. NTIA hopes to soon produce a summary of the comments it has received, Evelyn Remaley, Associate Administrator, Office of Policy Analysis and Development, NTIA, said during the US Telecom webinar.

Source: https://www.csoonline.com/article/3565390/domestic-5g-development-at-core-of-us-communications-security-plan.html

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Delete this SMS: Your WhatsApp can be stolen

Published

on

By

If you Google how to hack whatsapp ”, in less than 0.4 seconds you get more than 2.5 million results. WhatsApp has the gift of being the most used messaging application in the world, and one of the most popular, since 1/4 of the entire world population uses it every month. But the more than 2 billion active users carry the curse of being one of the favorite apps of cybercriminals, due to the enormous viral reach that WhatsApp offers.

Steal your WhatsApp account with a simple message

In mid-February, when this Coronavirus was something that only affected China, the Civil Guard of Navarra warned of an attempted scam that ran through WhatsApp after receiving several complaints that shared the same starting point. A Phishing campaign (identity theft) that begins by first receiving an SMS message with a code that you have not requested, and then you receive this message on your WhatsApp:

“Hello, I’m sorry, I sent you a 6-digit code by SMS by mistake, can you come to me please? It’s urgent”

The message is sent to you by WhatsApp by a contact that you have in your agenda, an acquaintance with whom you speak through the app, therefore you have no reason to doubt. The problem is that if you send that code, the person on the other side of the conversation can steal your WhatsApp account and take over your number, your contacts and your chats.

The thing works like this:

  • A cybercriminal steals the WhatsApp account of a contact of yours from the app, gaining access to their contact list. Now decide to go for them, you included / a.
  • To achieve this, the guy installs WhatsApp on a device he owns and enters your phone number to associate it with the application
  • The WhatsApp system sends to that number that the hacker tries to register (your number) the verification code he needs for security reasons, to verify that it is the correct user and to finish the installation of the app
  • The hacker knows that you have just received an SMS with a 6-digit code, and using the number that he has taken from one of your contacts, he pretends to be this to ask you to please pass it on.
  • If you do, the cybercriminal will be able to complete the registration of your WhatsApp account on his device, and at that moment he will remove your access to it, having access to your contacts and groups.

In case this message reaches you, delete it immediately and notify your contact to tell him what happens to his account – but not by calling him on his mobile, but at another number. You can also do like this Twitter account and troll the hacker that well.

Continue Reading

Security

Some fast-charging USB products can now expose your phones to hackers

Published

on

By

It is quite ironical that a tool that’s suppose to save charging time now exposes users to hackers’ threat. A Tencent report revealed recently that a group of researchers discovered some safety defects in fast-charging products, a phenomenon called ‘BadPower’.

This implies that hackers can now hijack some products that support fast charging and access the powered device in order to cause physical damage due to excessively high voltage — either to cause a complete explosion, or destruction of an important hardware which renders the device useless.

This is possible because the malware introduced by the hackers into the product overrides its capacity to restrict more charges beyond the level of voltage permitted.

It will interest you to know that most new devices like phones, PC, tablets, notebooks all have the fast-charging technology. But then, BadPower has nothing to do with invading your privacy.Advertisement

According to the report, there’s usually a signal between the power-generating source and the power-receiving port and the firmware inside a normal-functioning fast-charging product. This is meant to ensure that only the required charge is absorbed.

But when corrupted, the firmware’s communication is altered, hence, nothing to regulate the voltage.

A trigger is needed from the phone/device

The report stated that a BadPower attack can happen in two ways: using a corrupted device to infiltrate a charger’s firmware first before connecting it to the targeted device(s), or exploiting the vulnerability of a charger through a malware installed on the powered device.

What is clear in either case is that a device has to be responsible to trigger the BadPower feature in the charger.

Touseef Gul, a Pakistani Penetration Tester, explains that this fault could have only resulted from a misconfiguration of these chargers, because it is impossible for a hacker to interact remotely with a flaw in a charger.

And this was also confirmed by the researchers involved in the report.

Unfortunately, a lot of misconfigured chargers with this defect are reportedly out in the market. Out of 34 tested chargers, 18 has such fault; and this includes 8 brands.

Likewise, it was discovered that the chip in some chargers activates this fault by default after the production process is complete.

“Xuanwu Lab investigated 34 fast-charging chip manufacturers and found that at least 18 chip manufacturers produce chips that can update firmware after finished products,” the report stated.

How to protect your devices

The report described how users can protect themselves by updating the device’s firmware which will also prevent other software vulnerabilities.

Also, it explicitly stated that users should not easily give their chargers, power banks, etc. to others.

At the same time, it recommended not to use Type-C to other USB interface cables which allows the fast charging device to supply power to powered devices that do not support fast charging.

While device manufacturers continue to devise means to help prolong phone usage time, there’s no telling that vulnerabilities like this will continue to put users at risk.

If this is anything like the introduction of longlasting lithium-sulfur batteries —  which are reportedly at the risk of explosion — it is expected that manufacturers will get the BadPower concern under control before more users are put at risk of device explosion.

Source: https://techpoint.africa/2020/07/22/fast-charging-chargers-hacker/

Continue Reading

Research

TikTok Could Be A Huge Security Risk…And Other Small Business Tech News

Published

on

By

Here are five things in technology that happened this past week and how they affect your business. Did you miss them?

1 — Wells Fargo directed employees to remove TikTok from company devices.       

This past week Wells Fargo announced that they have told employees that if they have TikTok on any devices that belong to the company they need to remove it immediately due to privacy issues and concerns. Wells Fargo is the most recent company to respond to concerns regarding security regarding employees utilizing the app. It was reported that the Chinese-owned app reached 2 billion downloads this past April, but has been flagged due to several security issues. (Source: The Verge)

Why this is important for your business:

Wells Fargo is not the only organization to show concern with TikTok’s security. Both the U.S. government and the country’s two major political parties have banned its use over privacy concerns and even Amazon warned its employees to stop using the app, although the company later retracted the order. Regardless, the Chinese-owned social service – which has had problems in the past – has caused many technology executives to re-think its use on company owned devices that are used by employees. It may be a consideration for you. Yahoo Finance’s Daniel Howley has a great perspective on the issue here.

2 — This is the cheapest 4K laptop right now.

The cheapest 4K laptop on the market right now comes from a company you might not be familiar with: Chuwi. The AeroBook Plus by Chuwi can be purchased for less than $600. The device’s dual-core processor was rolled out in 2015 and the device runs off of 8GB RAM, contains Bluetooth 5.0, and has a battery that can last up to eight hours. Currently the AeroBook Plus is able to be shipped all over the world. (Source: Tech Radar)

Why this is important for your business:

Chuwi has been selling technologies for more than 15 years on many online platforms, including Amazon. But the company’s finances and operations are a little murky. Does that matter if you’re getting a good price? I think it does. Laptops and devices need support and – for security purposes – should be bought from known brands if you want to minimize any potential headaches in the future. I would avoid these bargain price options and stick with names you know because hey, when something sounds too good to be true….

3 —Amazon has unveiled its own smart grocery cart in a new effort to automate physical retail checkout.  

This past week, Amazon announced that they will be rolling out a smart grocery cart, making it the first of its kind. The grocery cart— known as “Dash Cart” —will operate using sensors, cameras, and a scale in order to immediately recognize and log merchandize using a digital screen located behind the cart’s handle. Using the cart will allow shoppers to shop and exit the store while negating the need to stand in a line in order to checkout. Rather than stores having to install sensors on shelves or cameras throughout the building, Dash Cart will be able to operate independently. (Source: GeekWire)

Why this is important for your business:

The Internet of Things (IoT) is alive and well. Variations of smart shopping carts have been around for a few years, but with Amazon’s new entry the market for these rolling devices will certainly become larger and more recognizable. And why not? The shopping cart we’re using at the grocery store today is the same cart our parents used decades ago. If you own a retail store you can bet that customers will soon be demanding – no, expecting – a smarter, more automated cart to help make their shopping experience better and – more importantly – faster.

4 — Twitter gets hacked. Big time.

Many celebrities – from Barack Obama to Elon Musk – found their Twitter accounts hacked last week in a massive effort to promote digital currencies like Bitcoin. (Source: New York Times)

Why this is important for your business:

No one was hurt and no reputations were ruined. But when an enormously popular mainstream service like Twitter – who, we are to believe has all the resources necessary to protect their users’ security and privacy – gets hacked it really does call into question how secure all systems are that maintain our most confidential personal and corporate data. Spoiler alert: not as secure as you may think.

5— This free tool can test how good your security is when you’re working remotely.     

With more and more companies having employees work from home due to COVID-19, cybersecurity has become an even bigger issue than before. Thanks to the National Cyber Security Centre (NCSC), individuals working from home can now have access to a free set of tools to help test how secure their systems are from attacks. The new toolkit is aimed at assisting SMBs to prepare for potential cyberattacks through allowing employees to role play real hacking scenarios and providing approaches for how to effectively handle them. (Source: ZDNet)

Why this is important for your business:

If you’re not up for hiring an IT firm to help with security the least you can do is have your remote employees download and run this free tool to check for any vulnerabilities. More work may be needed after that, but at least you’ll have the facts.

Source: https://www.forbes.com/sites/quickerbettertech/2020/07/19/tiktok-could-be-a-huge-security-riskand-other-small-business-tech-news/#28149cb728bb

Continue Reading
Advertisement

Trending

Copyright © 2020 Inventrium Magazine

%d bloggers like this: