Wilford  Pagac

Wilford Pagac

1596830400

Why 5G Security Will Suffer From 4G Vulnerabilities

The fifth generation of mobile communication networks isn’t on its way; it’s already here. You’ve probably heard plenty about 5G in the past few years, as this promising new generation of wireless technology is what’s enabling the continued spread of the internet of things and a host of other digital innovations. Virtually all tech experts agree that 5G technology is a good thing, given that it will lead to faster connectivity and more secure networks. However, there are good reasons to believe that the staggered deployment of 5G technology will mean that it remains vulnerable to a number of security woes currently plaguing 4G technology.

Here’s why 5G security will suffer from some 4G security vulnerabilities.

5G Must Connect with Legacy Networks

The key reason that 5G security will continue to suffer from 4G security issues is that an entirely 5G network can’t be rolled out all at once.

The digital communications network that modern society depends upon is truly massive and very complex. Therefore, it must be upgraded and replaced using a piecemeal approach rather than all at once. This means that 5G technology must connect to legacy networks (4G networks, for the most part) that will leave it vulnerable to some old school security threats.

This isn’t the end of the world, as there’s no way to truly eliminate all security vulnerabilities in the world of digital technologies. However, this poses some unique security challenges that tech gurus have to be aware of.

Fortune’s analysis is probably the most reliable in this regard. While 5G technology could increase the security of our mobile networks, it will also deliver some security hurdles that will render some aspects of our network more vulnerable than we’d otherwise expect.

The good guys trying to protect our fragile communications network and nefarious hackers alike will both find that 5G technology helps them achieve their goals. Places where 5G networks are only partially implemented and have to exist side-by-side with old 4G networks for extended periods of time are especially at risk.

Why 5G Will be Widely Embraced

The continued deployment of 5G technology is quite like online slots, in that we can win big or suffer from serious losses depending on a wide variety of things. However, 5G will be widely embraced despite these security concerns for two reasons:

  1. 5G technology is different from but superior to its 4G predecessor
  2. No digital innovation is entirely free of security concerns

It’s worth exploring the specific security vulnerabilities that 5G networks will have to face in the near future, as they’re forced to interoperate with the legacy networks of yesterday.

We’ll still have to deal with fraud, spoofing, and DDoS attacks.

4G and 5G Security Issues

A number of problems continue to make 4G networks rife with security issues that hackers can exploit. Distributed denial of service attacks, usually just labeled DDoS attacks, were on the rise between 2018 and 2019. While the continued spread of COVID-19 makes it difficult to collect accurate data from the period between 2019 and 2020, we can likely assume DDoS attacks continued to rise during that period too.

Given that 5G technology will be forced to interoperate with 4G technology from the past, it will likely still have to face DDoS attacks from those who seek to clog up our networks with huge sums of digital traffic.

The fact that 5G networks will also depend upon GPRS tunneling protocols also means that they’ll be vulnerable to some security flaws that will roll over from the 4G era. As a matter of fact, GPRS tunneling protocol has been an important part of connectivity since we upgraded from 2G networks to 3G networks.

According to one recent report, vulnerabilities that GPRS tunneling protocol users will run into will also plague the 5G networks of tomorrow, something tech experts are going to have to grapple with as we upgrade our contemporary communications network. Given that GPRS tunneling protocols don’t have to validate the location of users who connect to a network, and given that 5G networks will rely on these protocols, it will thus be possible for spoofing to occur.

Spoofing, or misidentifying yourself as another person connecting from a different location than where you actually are, continues to be a major threat in the world of contemporary IT security.

#technology #security #network-security #5g #5g-networks #iot #hackernoon-top-story #tech

What is GEEK

Buddha Community

Why 5G Security Will Suffer From 4G Vulnerabilities
Wilford  Pagac

Wilford Pagac

1596830400

Why 5G Security Will Suffer From 4G Vulnerabilities

The fifth generation of mobile communication networks isn’t on its way; it’s already here. You’ve probably heard plenty about 5G in the past few years, as this promising new generation of wireless technology is what’s enabling the continued spread of the internet of things and a host of other digital innovations. Virtually all tech experts agree that 5G technology is a good thing, given that it will lead to faster connectivity and more secure networks. However, there are good reasons to believe that the staggered deployment of 5G technology will mean that it remains vulnerable to a number of security woes currently plaguing 4G technology.

Here’s why 5G security will suffer from some 4G security vulnerabilities.

5G Must Connect with Legacy Networks

The key reason that 5G security will continue to suffer from 4G security issues is that an entirely 5G network can’t be rolled out all at once.

The digital communications network that modern society depends upon is truly massive and very complex. Therefore, it must be upgraded and replaced using a piecemeal approach rather than all at once. This means that 5G technology must connect to legacy networks (4G networks, for the most part) that will leave it vulnerable to some old school security threats.

This isn’t the end of the world, as there’s no way to truly eliminate all security vulnerabilities in the world of digital technologies. However, this poses some unique security challenges that tech gurus have to be aware of.

Fortune’s analysis is probably the most reliable in this regard. While 5G technology could increase the security of our mobile networks, it will also deliver some security hurdles that will render some aspects of our network more vulnerable than we’d otherwise expect.

The good guys trying to protect our fragile communications network and nefarious hackers alike will both find that 5G technology helps them achieve their goals. Places where 5G networks are only partially implemented and have to exist side-by-side with old 4G networks for extended periods of time are especially at risk.

Why 5G Will be Widely Embraced

The continued deployment of 5G technology is quite like online slots, in that we can win big or suffer from serious losses depending on a wide variety of things. However, 5G will be widely embraced despite these security concerns for two reasons:

  1. 5G technology is different from but superior to its 4G predecessor
  2. No digital innovation is entirely free of security concerns

It’s worth exploring the specific security vulnerabilities that 5G networks will have to face in the near future, as they’re forced to interoperate with the legacy networks of yesterday.

We’ll still have to deal with fraud, spoofing, and DDoS attacks.

4G and 5G Security Issues

A number of problems continue to make 4G networks rife with security issues that hackers can exploit. Distributed denial of service attacks, usually just labeled DDoS attacks, were on the rise between 2018 and 2019. While the continued spread of COVID-19 makes it difficult to collect accurate data from the period between 2019 and 2020, we can likely assume DDoS attacks continued to rise during that period too.

Given that 5G technology will be forced to interoperate with 4G technology from the past, it will likely still have to face DDoS attacks from those who seek to clog up our networks with huge sums of digital traffic.

The fact that 5G networks will also depend upon GPRS tunneling protocols also means that they’ll be vulnerable to some security flaws that will roll over from the 4G era. As a matter of fact, GPRS tunneling protocol has been an important part of connectivity since we upgraded from 2G networks to 3G networks.

According to one recent report, vulnerabilities that GPRS tunneling protocol users will run into will also plague the 5G networks of tomorrow, something tech experts are going to have to grapple with as we upgrade our contemporary communications network. Given that GPRS tunneling protocols don’t have to validate the location of users who connect to a network, and given that 5G networks will rely on these protocols, it will thus be possible for spoofing to occur.

Spoofing, or misidentifying yourself as another person connecting from a different location than where you actually are, continues to be a major threat in the world of contemporary IT security.

#technology #security #network-security #5g #5g-networks #iot #hackernoon-top-story #tech

Wilford  Pagac

Wilford Pagac

1596789120

Best Custom Web & Mobile App Development Company

Everything around us has become smart, like smart infrastructures, smart cities, autonomous vehicles, to name a few. The innovation of smart devices makes it possible to achieve these heights in science and technology. But, data is vulnerable, there is a risk of attack by cybercriminals. To get started, let’s know about IoT devices.

What are IoT devices?

The Internet Of Things(IoT) is a system that interrelates computer devices like sensors, software, and actuators, digital machines, etc. They are linked together with particular objects that work through the internet and transfer data over devices without humans interference.

Famous examples are Amazon Alexa, Apple SIRI, Interconnected baby monitors, video doorbells, and smart thermostats.

How could your IoT devices be vulnerable?

When technologies grow and evolve, risks are also on the high stakes. Ransomware attacks are on the continuous increase; securing data has become the top priority.

When you think your smart home won’t fudge a thing against cybercriminals, you should also know that they are vulnerable. When cybercriminals access our smart voice speakers like Amazon Alexa or Apple Siri, it becomes easy for them to steal your data.

Cybersecurity report 2020 says popular hacking forums expose 770 million email addresses and 21 million unique passwords, 620 million accounts have been compromised from 16 hacked websites.

The attacks are likely to increase every year. To help you secure your data of IoT devices, here are some best tips you can implement.

Tips to secure your IoT devices

1. Change Default Router Name

Your router has the default name of make and model. When we stick with the manufacturer name, attackers can quickly identify our make and model. So give the router name different from your addresses, without giving away personal information.

2. Know your connected network and connected devices

If your devices are connected to the internet, these connections are vulnerable to cyber attacks when your devices don’t have the proper security. Almost every web interface is equipped with multiple devices, so it’s hard to track the device. But, it’s crucial to stay aware of them.

3. Change default usernames and passwords

When we use the default usernames and passwords, it is attackable. Because the cybercriminals possibly know the default passwords come with IoT devices. So use strong passwords to access our IoT devices.

4. Manage strong, Unique passwords for your IoT devices and accounts

Use strong or unique passwords that are easily assumed, such as ‘123456’ or ‘password1234’ to protect your accounts. Give strong and complex passwords formed by combinations of alphabets, numeric, and not easily bypassed symbols.

Also, change passwords for multiple accounts and change them regularly to avoid attacks. We can also set several attempts to wrong passwords to set locking the account to safeguard from the hackers.

5. Do not use Public WI-FI Networks

Are you try to keep an eye on your IoT devices through your mobile devices in different locations. I recommend you not to use the public WI-FI network to access them. Because they are easily accessible through for everyone, you are still in a hurry to access, use VPN that gives them protection against cyber-attacks, giving them privacy and security features, for example, using Express VPN.

6. Establish firewalls to discover the vulnerabilities

There are software and firewalls like intrusion detection system/intrusion prevention system in the market. This will be useful to screen and analyze the wire traffic of a network. You can identify the security weakness by the firewall scanners within the network structure. Use these firewalls to get rid of unwanted security issues and vulnerabilities.

7. Reconfigure your device settings

Every smart device comes with the insecure default settings, and sometimes we are not able to change these default settings configurations. These conditions need to be assessed and need to reconfigure the default settings.

8. Authenticate the IoT applications

Nowadays, every smart app offers authentication to secure the accounts. There are many types of authentication methods like single-factor authentication, two-step authentication, and multi-factor authentication. Use any one of these to send a one time password (OTP) to verify the user who logs in the smart device to keep our accounts from falling into the wrong hands.

9. Update the device software up to date

Every smart device manufacturer releases updates to fix bugs in their software. These security patches help us to improve our protection of the device. Also, update the software on the smartphone, which we are used to monitoring the IoT devices to avoid vulnerabilities.

10. Track the smartphones and keep them safe

When we connect the smart home to the smartphone and control them via smartphone, you need to keep them safe. If you miss the phone almost, every personal information is at risk to the cybercriminals. But sometimes it happens by accident, makes sure that you can clear all the data remotely.

However, securing smart devices is essential in the world of data. There are still cybercriminals bypassing the securities. So make sure to do the safety measures to avoid our accounts falling out into the wrong hands. I hope these steps will help you all to secure your IoT devices.

If you have any, feel free to share them in the comments! I’d love to know them.

Are you looking for more? Subscribe to weekly newsletters that can help your stay updated IoT application developments.

#iot #enterprise iot security #how iot can be used to enhance security #how to improve iot security #how to protect iot devices from hackers #how to secure iot devices #iot security #iot security devices #iot security offerings #iot security technologies iot security plus #iot vulnerable devices #risk based iot security program

Houston  Sipes

Houston Sipes

1602781200

Grindr's Bug Bounty Pledge Doesn't Translate to Security

SAS@Home 2020– After a Grindr security flaw was disclosed this week, the dating site promised it would launch a bug-bounty program in an effort to “[keep its] service secure.” But Katie Moussouris, CEO of Luta Security and a bug bounty program expert, warned at this week’s SAS@home virtual event that simply launching a bug-bounty program won’t result in better security.

The Grindr bug, which allowed attackers to launch password resets without accessing a user’s email inbox, made news headlines as it was extremely trivial to exploit. Speaking during a Tuesday virtual session, Moussouris said that if organizations have that level of “low-hanging fruit” when it comes to vulnerabilities, bug-bounty programs can sometimes pose more problems than they solve.

“We have a lot of hope for bug-bounty programs, but they’re not the ‘easy button’ we thought they were,” she said, speaking on Tuesday at SAS@Home, which is Kaspersky’s virtual Security Analyst Summit conference.

Grindr isn’t alone – many companies are looking to adopt, or have already adopted, bug-bounty programs or vulnerability-disclosure programs (VDPs). It’s important to distinguish the two: A bug-bounty program offers cash rewards for finding flaws (which in theory should then be fixed by the organization), while a VDP covers when a vulnerability is reported by a third party to an organization. Ideally, those involved would follow the ISO standards for vulnerability disclosure (ISO 29147) and vulnerability handling (ISO 30111) processes.

Katie Moussouris talks about the separate definitions of VDPs, bug-bounty programs and pentesting during SAS@Home.

But companies are rushing in to adopt bug-bounty programs and VDPs without first fleshing out important issues — whether that’s defining what’s in scope, looking at how an organization can handle an influx of vulnerabilities being reported, or properly training triage teams.

In December, for instance, a CISA directive was proposed that would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet-connected systems. While CISA recommended that agencies consider guidance around what’s in-scope and who to contact, Moussouris noted that holes remained in terms of setting up the back-end processes to receive reports, or gaining the resources that are necessary to fix the bugs reported.

#government #hacks #security analyst summit #vulnerabilities #web security #bounty hunter #bug bounty #bugcrowd #cisa #grindr #hackerone #katie moussouris #luta security #pentesting #security vulnerability #vdp #vulnerability disclosure program #zoom

Ida  Nader

Ida Nader

1593209400

Apple Jailbreak Zero-Day Gets a Patch

The zero-day vulnerability tracked as CVE-2020-9859 is exploited by the “Uncover” jailbreak tool released last week.

Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak toolreleased last week.

In its notes for the release, Apple says very little else about the patches overall that it pushed out Monday — for iOS (including 13.4.6 for HomePod) and iPadOS 13.5.1, watchOS 6.2.6, tvOS 13.4.6, and macOS 10.15.5 — other than that they provide “important security updates” that are “recommended for all users.”

A further look at the details of the iPhone updates explains that the release addresses the bug tracked as CVE-2020-9859, used in the Unc0ver jailbreak. The impact of the vulnerability is that “an application may be able to execute arbitrary code with kernel privileges.” The description of the fix is that “a memory-consumption issue was addressed with improved memory handling.”

The update comes less than a week after hackers released the Unc0ver jailbreak tool, which they said uses a zero-day exploit to break into any iPhone, even those running the latest iOS 13.5. the hackers did not disclose which unpatched iOS flaw they use in their new tool, but they lauded it as the first zero-day jailbreak for the iPhone platform since iOS 8. Jailbreak tools take advantage of vulnerabilities in iOS to allow users root access and full control of their device, in order to load programs and code from outside of the Apple walled garden.

However, one report from Vice Motherboard last week said that the jailbreak takes advantage of a kernel vulnerability, which was subsequently identified as CVE-2020-9859.

The team behind jailbreak tool said at the time that they expected Apple to find the flaw and release a patch for it, calling it the “nature” of the business, a hacker called Pwn20wndtold Vice Motherboard.

The ability for a threat actor to execute arbitrary code with kernel privileges is indeed a critical security problem that Apple would want to patch as soon as possible once it’s been discovered or exploited. Kernel privileges gives someone control over everything in the OS, so a hacker who uses this ability can basically take over, modify or access whatever data or functionality they choose to on someone’s iOS device.

Some pro-jailbreak Apple users on Twitter are encouraging users to skip the security update.

#mobile security #vulnerabilities #apple #cve-2020-9859 #hackers #ios #ipad #ipados #iphone #jailbreak #kernel #macos #operating system #patch #pwn20wnd #security #security update #security vulnerability #twitter #unc0ver #zero-day

Shawn  Durgan

Shawn Durgan

1596423180

OkCupid Security Flaw Threatens Intimate Dater Details

Attackers could have exploited various flaws in OkCupid’s mobile app and webpage to steal victims’ sensitive data and even send messages out from their profiles.

Researchers have discovered a slew of issues in the popular OkCupid dating app, which could have allowed attackers to collect users’ sensitive dating information, manipulate their profile data or even send messages from their profile.

OkCupid is one of the most popular dating platforms worldwide, with more than 50 million registered users, mostly aged between 25 and 34. Researchers found flaws in both the Android mobile application and webpage of the service. These flaws could have potentially revealed a user’s full profile details, private messages, sexual orientation, personal addresses and all submitted answers to OKCupid’s profiling questions, they said.

The flaws are fixed, but “our research into OKCupid, which is one of the longest-standing and most popular applications in their sector, has led us to raise some serious questions over the security of dating apps,” said Oded Vanunu, head of products vulnerability research at Check Point Research, on Wednesday. “The fundamental questions being: How safe are my intimate details on the application? How easily can someone I don’t know access my most private photos, messages and details? We’ve learned that dating apps can be far from safe.”

Check Point researchers disclosed their findings to OKCupid, after which OkCupid acknowledged the issues and fixed the security flaws in their servers.

“Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours,” said OkCupid in a statement. “We’re grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first.”

The Flaws

To carry out the attack, a threat actor would need to convince OkCupid users to click on a single, malicious link in order to then execute malicious code into the web and mobile pages. An attacker could either send the link to the victim (either on OkCupid’s own platform, or on social media), or publish it in a public forum. Once the victim clicks on the malicious link, the data is then exfiltrated.

The reason this works is because the main OkCupid domain (https://www.OkCupid.com) was vulnerable to a cross-site scripting (XSS) attack. Upon reverse-engineering the OkCupid Android Mobile application (v40.3.1 on Android 6.0.1), researchers found the app listens to “intents” that follow custom schemas (such as the “OkCupid://” custom schema) via a browser link. Researchers were able to inject malicious JavaScript code into the “section” parameter of the user profile settings in the settings functionality (https://www.OkCupid.com/settings?section=).

Attackers could use a XSS payload that loads a script file from an attacker controlled server, with JavaScript that can be used for data exfiltration. This could be utilized to steal users’ authentication tokens, account IDs, cookies, as well as sensitive account data like email addresses. It could also steal users’ profile data, as well as their private messages with others.

#vulnerabilities #web security #cross origin resource sharing #dating app #hack #malicious code #mobile app flaw #okcupid #okcupid security #security flaw #vulnerability