Page 12 - aruba-today-20201210
P. 12
A12 TECHNOLOGY
Thursday 10 december 2020
Research: Millions of smart devices vulnerable to hacking
BOSTON (AP) — Research- cause open-source soft-
ers at a cybersecurity firm ware isn't owned by any-
say they have identified one, said Elisa Costante,
vulnerabilities in software Forescout's vice president
widely used by millions of of research. Such code is
connected devices — flaws often maintained by volun-
that could be exploited by teers. Some of the vulner-
hackers to penetrate busi- able TCP/IP code is two de-
ness and home computer cades old; some of it is no
networks and disrupt them. longer supported, Costan-
There is no evidence of te added.
any intrusions that made It is up to the device man-
use of these vulnerabilities. ufacturers themselves to
But their existence in data- patch the flaws and some
communications software may not bother given the
central to internet-con- time and expense required,
nected devices prompt- she said. Some of the com-
ed the U.S. Cybersecurity promised code is embed-
and Infrastructure Security ded in a component from
Agency to flag the issue in a supplier — and if no one
an advisory. documented that, no one
Potentially affected devic- may even know it's there.
es from an estimated 150 "The biggest challenge
manufacturers range from comes in finding out what
networked thermometers This file photo shows an LED-illuminated wireless router in Philadelphia. you've got," Rashid said.
to "smart" plugs and print- Associated Press If unfixed, the vulnerabili-
ers to office routers and ties could leave corporate
healthcare appliances as water, power and auto- sible from the internet and of devices, is particularly networks open to crippling
to components of indus- mated building manage- should be isolated from complicated because they denial-of-service attacks,
trial control systems, the ment could be crippled, corporate networks. reside in so-called open- ransomware delivery or
cybersecurity firm Fores- said Awais Rashid, a com- The discovery highlights source software, code malware that hijacks de-
cout Technologies said in puter scientist at Bristol the dangers that cyberse- freely distributed for use vices and enlists them in
a report released Tuesday. University in Britain who re- curity experts often find in and further modification. In zombie botnets, the re-
Most affected are con- viewed the Forescout find- internet-linked appliances this case, the issue involves searchers said. With so
sumer devices including ings. designed without much at- fundamental internet soft- many people working from
remote-controlled temper- In its advisory, CISA recom- tention to security. Sloppy ware that manages com- home during the pandem-
ature sensors and cameras, mended defensive mea- programming by develop- munications via a technol- ic, home networks could
it said. sures to minimize the risk ers is the main issue in this ogy called TCP/IP. be compromised and used
In the worst case, control of hacking. In particular, it case, Rashid said. Fixing the vulnerabilities in as channels into corporate
systems that drive "critical said industrial control sys- Addressing the problems, impacted devices is par- networks through remote-
services to society" such tems should not be acces- estimated to afflict millions ticularly complicated be- access connections. q
Apple to tighten app privacy, remove apps that don't comply
warned it could kick apps Federighi said in an online choice."
off its widely used App keynote speech to the Eu- Apple is itself the subject
Store if they don't obey its ropean Data Protection of complaints by European
requirements. and Privacy Conference. privacy activists who say
Called App Tracking Trans- Privacy campaigners say the company uses software
parency, it will require apps the move is a vital step that that tracks the behavior of
to clearly ask for users' could strengthen respect iPhone users. Vienna-based
permission before track- for privacy but tech rivals group NOYB, founded by
ing them. It was due to be like Facebook that make lawyer and activist Max
launched this year but was money from digital adver- Schrems, last month asked
delayed to allow devel- tising that tracks users have data protection authori-
opers more time to make pushed back against the ties in Germany and Spain
changes. measure. to examine the legality of
"Its aim is to empower our Federighi said tech users unique codes that they say
users to decide when or if should be empowered to amount to tracking without
In this Sunday, Dec. 6, 2020 file photo, the logo of Apple is illumi- they want to allow an app have more control of their users' knowledge or con-
nated at a store in the city center of Munich, Germany. to track them in a way that data and dismissed argu- sent, a practice banned
Associated Press could be shared across ments from advertisers and under strict European Union
other companies' apps or tech companies who say privacy rules.
By KELVIN CHAN if they don't comply with a websites," Senior Vice Presi- the anti-tracking feature In a separate policy up-
LONDON (AP) — Apple is new anti-tracking measure, dent of Software Engineer- will hurt the online ad indus- date, apps in the App Store
stepping up privacy for app a company executive and ing Craig Federighi said. try. will soon start giving users
users, forcing developers to regulators said Tuesday. "Developers who fail to "When invasive tracking is more details about the per-
be more transparent about The U.S. tech giant said it's meet the standard can your business model, you sonal data they use, Brit-
data collection and warn- set to roll out the anti-track- have their apps taken tend not to welcome trans- ain's competition watch-
ing they could be removed ing feature next year and down from the app store," parency and customer dog said. q
