In an era where the use of non-PC Internet devices is "exploding", consumers now have more entry points to access the Web. These access points and the various devices used represent, in turn, multiple "playgrounds" for cybercriminals to exploit for financial gain, according to a security expert.
David Hall, regional consumer marketing manager for Symantec Asia-Pacific, said with the increase in entry points and users spending more time online, the opportunity for cyberattacks to occur increases significantly.
He illustrated the scope of the threat by citing an IDC report, which stated that there are over 10 billion non-PC devices that connect to the Internet today and the number is expected to grow to "almost 20 billion by 2014". These non-PC devices already outnumber PC workstations by "five to one", he noted in an e-mail.
Adding to the deluge of Web-enabled devices are Internet-enabled TVs such as the ones Google hopes to introduce in the near future.
The search giant announced its intentions to mesh both the Web with TVs, named Google TV, at its Google I/O conference last month. As early as March this year, Google was said to be collaborating with industry partners such as Sony, Intel and Logitech to deliver set-top boxes and TV sets that are Web-ready, powered by Google's Android mobile operating system (OS).
If Google succeeds with its foray into consumer electronics, it will increase the risk of cyberattacks occurring "any time, any place", warned Hall.
"We see that computing is expanding far beyond the PC as a platform as the connected devices market goes through a period of explosive growth," he said. "Now more than ever, it is critical for consumers to be protected beyond their PCs."
One particular area that could be a security risk is in the area of e-commerce, noted Hall. According to him, there is a "high chance" of cybercriminals stealing credit card details and other personal data through unsecured Web sites and phishing scams, as counterfeit shopping sites offering bogus promotions and low prices surface on non-PC platforms.
To combat this, companies such as Symantec are offering or planning to offer security solutions that look beyond conventional PC protection to other platforms including mobile devices, "smart devices" such as Blu-ray players, digital photo frames and TVs, he said. The protection, he added, could extend to the safeguarding of the user's Internet connection.
Another security expert, Anthony Ung, reckons that with the introduction of Web-enabled TVs, the risk of cybercrooks employing social engineering tactics will come to the fore.
The Country Manager for Southeast Asia at Trend Micro said that Google TV and other such Web-enabled media devices will make TV viewing "a more social experience", particularly in integrating social media elements with conventional broadcast content.
"Social engineering tactics, whether it is through users visiting risky sites and downloading malicious files or [divulging] too much information via their TVs, will surely come into play," said Ung.
He added that in the near future, consumers could possibly see bogus links to certain popular TV shows just to entice users who are fans of the programs to click on them.
Ung also pointed out that manufacturer attention to quality control is now "definitely a necessity" as cyberattacks take on new forms.
An earlier ZDNet Asia report indicated that cybercriminals are targeting non-conventional electronic appliances such as digital photo frames and battery chargers. Web-enabled TVs will no doubt be on their list of targets once such devices come into the market, said the Trend Micro executive.
Users need to understand threats
To better mitigate the threat, Ung called for manufacturers to implement and adhere to proper IT security policies as well as for users to understand the various threats that are currently active and take up proper measures against them.
Concurring with Ung's assessment, Symantec's Hall pointed out that online identity and data theft "equate closely" to the likes of robbery or murder in the physical realm, where individuals are likely to deal with the ramifications of such actions "for years" or experience "profound emotional impact".
He advised users to minimize the amount of personal or financial data they store on interconnected devices, as this limits their exposure in the event the devices are stolen. Additionally, consumers should be actively applying manufacturers' security updates as they become available.
Users should also remove all their data from the storage space of the device or multiple devices they plan to sell or give away before handing them over to the new owner, Hall added.
More than 114,000 Apple iPad users have email addresses exposed in massive hacking attack
The email addresses of more than 114,000 Apple iPad users including celebrities and politicians have been exposed in a targeted hacking attack in the US.
The massive security breach leaves all of those affected open to spam and malicious hacking.
The vulnerability affected only iPad users who signed up for AT&T's 3G wireless internet service.
A hacker group that calls itself Goatse Security claims to have discovered the weakness by tricking AT&T's site into giving up the email addresses.
iPad users in the UK will not have been exposed as the breach was an issue with AT&T's security procedures rather than with Apple itself.
AT&T admitted today that a security weak spot involved an insecure way its website would prompt users when they tried to log into their AT&T accounts through their iPad.
The site would supply users' email addresses to make log-ins easier, based on unique codes contained in the SIM cards inside their iPads.
White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg were among those listed.
The emails of CEOs and executives of companies like The New York Times, Time Inc. and Dow Jones as well as senior military personnel were also compromised.
The list was passed to Gawker's Valleywag technology website.
Gawker is part of the same group as Gizmodo, which has been in a running battle with Apple over the past few months after it picked up a prototype iPhone 4 which had been left in a bar by a member of Apple's staff.
A representative for the Goatse group said today they had contacted AT&T and waited until the vulnerability was fixed before going public with the information.
AT&T issued a statement which said: 'AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
'This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
'The person or group who discovered this gap did not contact AT&T.
'We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'
Even though only emails have been exposed they can still be used to launch an attack.
Criminals could use that knowledge to trick them into opening emails that plant malicious software on their computers.
Apple refused to comment on the breach.
Apple has sold more than two million iPads since they went on sale two months ago.
The iPad comes in two different set-ups - one that only connects to the internet via wi-fi, and another that also can connect through AT&T's 3G network. The wi-fi-only models are not affected by the breach.
The massive security breach leaves all of those affected open to spam and malicious hacking.
The vulnerability affected only iPad users who signed up for AT&T's 3G wireless internet service.
A hacker group that calls itself Goatse Security claims to have discovered the weakness by tricking AT&T's site into giving up the email addresses.
iPad users in the UK will not have been exposed as the breach was an issue with AT&T's security procedures rather than with Apple itself.
The pile of paper which contains more than 114,000 email addresses which was passed to website Gawker by a hacking group.
The site would supply users' email addresses to make log-ins easier, based on unique codes contained in the SIM cards inside their iPads.
White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg were among those listed.
The emails of CEOs and executives of companies like The New York Times, Time Inc. and Dow Jones as well as senior military personnel were also compromised.
The list was passed to Gawker's Valleywag technology website.
Gawker is part of the same group as Gizmodo, which has been in a running battle with Apple over the past few months after it picked up a prototype iPhone 4 which had been left in a bar by a member of Apple's staff.
A representative for the Goatse group said today they had contacted AT&T and waited until the vulnerability was fixed before going public with the information.
Apple's iPad has been at the centre of a security breach in the US
'This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
'The person or group who discovered this gap did not contact AT&T.
'We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'
Even though only emails have been exposed they can still be used to launch an attack.
Criminals could use that knowledge to trick them into opening emails that plant malicious software on their computers.
Apple refused to comment on the breach.
Apple has sold more than two million iPads since they went on sale two months ago.
The iPad comes in two different set-ups - one that only connects to the internet via wi-fi, and another that also can connect through AT&T's 3G network. The wi-fi-only models are not affected by the breach.
Subscribe to:
Posts (Atom)