Page 3 - AccumeView - September 2019
P. 3
Perspective:
State of the
Marketplace
This month we have seen mobile and smart devices become a key topic
of discussion. With the Chinese company Tencent exposing flaws in the
Qualcomm chipsets found in most android devices today, we must
remember to stay vigilant in monitoring who and what our devices are
connected to. The QualPwn bugs flaws, as they are known collectively,
allow hackers to compromise these devices remotely by sending
malicious packets over-the-air with no user interaction required.
In related news, Apple has released multiple security updates to address
vulnerabilities in some of their products. These updates prevent some
of these vulnerabilities from being exploited, denying control of the
affected systems to attackers. The updates needed to block these are
watchOS 5.3.1, iOS 12.4.1, macOS Mojave 10.14.6 and tvOS 12.4.1. As
with all devices, regular updates and maintenance are always key to
maintaining device security and there is no company or software that is
unbreakable.
Smart speakers are also generating a significant amount of buzz. In July
Amazon acknowledged that it does indeed retain recordings and
transcripts of user’s interactions with Alexa Voice Assistant device
indefinitely. With these devices becoming increasingly popular and
found in more and more homes, regulations on these devices and
what/how much data is gathered from them seem to be inevitable.
We also learned that hackers are targeting two widely used VPNs.
Researchers from the Black Hat security conference in Las Vegas found
that the vulnerabilities can be exploited by sending unpatched servers
using Fortigate SSL VPN and Pulse Secure SSL VPN web request
containing a special sequences of characters. Both services released
patches earlier this year to fix these vulnerabilities and is yet another
reminder that we should always stay updated.
~Stay Secure
3
www.accumepartners.com
