How To Stop Cyber Attacks During Lockdown

The world is slowing down during this COVID-19 pandemic. People are no longer going out. We’re told to quarantine or self-isolate and not engage in groups.

You can bet there’s one group that’s not slowing down at all. In fact, they’re probably working overtime while the rest of us have our lives turned upside down. Cybercriminals and hackers know there’s no better time to strike than during a global crisis. While you are distracted and spending your time trying to make sense of this new normal, they are finding new ways into your IT network so they can steal data and passwords, compromise your clients’ private information and even demand large ransoms.

dark web scanning

Cybercrime is already on the rise and is expected to cause $6 TRILLION in damages by 2021! But, if history repeats itself, hackers will be out in full force throughout this coronavirus scare. We fully expect in the upcoming weeks that headlines will change from stories about COVID-19 to accounts of a frenzy of cyber-attacks on corporations and small businesses.

Here are solutions you can implement now to help protect your business data, money and productivity:

1. Be more suspicious of incoming e-mails

Because people are scared and confused right now, it’s the perfect time for hackers to send e-mails with dangerous malware and viruses. At this moment, your in-box is probably filled with “COVID-19” subject lines and coronavirus-focused e-mails. Always carefully inspect the e-mail and make sure you know the sender. There are realistic looking gov e-mail address out there now that are not legitimate and are spamming in-boxes across the country.

Avoid clicking links in the e-mail unless it’s clear where they go. And you should never download an attachment unless you know who sent it and what it is. Communicate these safeguards to everyone on your team, especially if they are working from home.

2. Ensure your work-from-home computers are secure

Another reason we expect a rise in cyber-attacks during this pandemic is the dramatic increase in employees working from home. Far too many employers won’t think about security as their team starts working at the kitchen table. That’s a dangerous precedent.

First, if possible, make sure your employees are not using their home computers or devices when working. We know this is economically and practically difficult for many firms, but there can be problems with malware and viruses on unsecured home computers, particularly if its the family computer used by everyone.

Second, ensure your work-at-home computers have a firewall that’s turned on. Finally, your network and data are not truly secure unless your employees utilize a VPN (virtual private network) or are using secure remote connections. If you need help in arranging your new work-from-home environment, we would be happy to get your entire team set up.

3. Improve your password strategy

During crises like the one we are all facing right now, your passwords could mean the difference between spending your time relearning how to grow your business and trying to recoup finances and private data that’s been hacked. Make a point now to reevaluate your passwords and direct your team to create stronger passwords.

Also, while it’s so convenient to save your passwords in your web browser, it also lessens your security. Because web browsers simply require their own password or PIN to access saved passwords, a skilled hacker can bypass this hurdle. Once they access your saved passwords, they can steal as much as they want – credit card information, customers’ private data and more!

Instead, you should consider a password manager to keep all of your passwords in one place. These password managers feature robust security. A few options are LastPass, 1Password and Keeper Security Password Manager.

You, your team and your family have enough to concern yourselves with in regards to staying healthy, living a more isolated lifestyle and keeping your business strong. There’s no need to invite in more problems by letting your computer and network security slide during these times.

If you need additional security advice or would like to have a consultation to discuss how to keep your data safe, simply connect with us today.

Globalnet works with businesses throughout London, Essex, Kent and Herts to ensure their data and networks are secure from all threats. Call us on 0203 005 9650 today to find out how we can provide the right protection for you.

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

‘SiliconX’ Next-Generation Battery Material Discovered

Norwegian scientists at IFE claim to have discovered a new wonder-material for future battery production that they have dubbed ‘SiliconX’.

Years Of Research

The new material, discovered by scientists at Norway’s Department of Energy Technology (IFE) reportedly offers a way to stabilise silicon anodes for Li-ion batteries. This is an aim that years of targeted research and experimental trials with nano-particles has been intended to achieve.

The Challenge

The challenge has been that silicon anodes can far-exceed the lithium ion storage capacity of carbon anodes, and the change in size as they absorb the ions causes a physical swelling and shrinking that can destroy the structure of a Si-Li-ion battery.

The Solution – SiliconX

The solution that the Norwegian scientists claim to have found is to use nano-particles in a finely divided mixture of silicon and another material that the scientists have called ‘the matrix’. It is this matrix that helps the silicon to withstand the big volume changes, and thereby solve the bulging / shrinking problem that would normally wreck the battery.

Much Greater Charge Capacity

The end result has been, as well as the stability, that the new SiliconX battery is reported to have three to five times the charge capacity of the negative electrode compared to common graphite technology.

Freedom From Daily Phone Charging

In short, if your smartphone battery was made from SiliconX that behaves the way that the Norwegian scientists claim, you would not need to charge that smartphone every day.

What Does This Mean For Your Business?

Problems with phone batteries have damaged the performance of many phones, and tarnished the reputation of their manufacturers e.g. Samsung’s Galaxy Note 7 batteries catching fire.

The obvious benefits of a SiliconX battery for business users are the convenience of not having to keep charging your phone, and the elimination of the worry that a lack of sufficient battery charge will leave you incommunicado when you’re not near a charging socket / in the middle of nowhere, and / or in the middle of / needing to make calls that are vital to the business.

The fact that the battery materials are more stable may also eliminate some of the safety worries about batteries that have been in the back of many users’ minds since the Galaxy Note 7 fire incidents.

Globalnet is a managed servicer provider for a wide range of businesses throughout London, Essex, Kent and Herts. Call us today to find out how we can improve your IT infrastructure and increase productivity.

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Microsoft Launches Free Version of Collaborative Chat App ‘Teams’

Microsoft has announced the launch of a free version of its collaborative chat app ‘Teams’ which doesn’t require an Office 365 subscription.

What Is Microsoft Teams?

Introduced back in November 2016, ‘Teams’ (as the name suggests) is a platform designed to help collaborative working, and combines features such as workplace chat, meetings, notes, and attachments. Described by Microsoft as a “complete chat and online meetings solution”, it normally integrates with the company’s Office 365 subscription office productivity suite, and Teams is widely considered to be Microsoft’s answer to ‘Slack’.

Slack is a popular, multi-channel collaborative working hub that offers chat channels with companies and businesses you regularly work with, direct voice or video calls and screen-sharing, integrated drag-and-drop file sharing, and an App Directory with over 1,500 apps that can be integrated into Slack.

Teams is now believed to be used by around 200,000 organizations.

Free Version

The free version of Teams, which does not require an Office 365 account, offers the same basic features as regular Teams to anyone who wants to try it out. The hope is, of course, that this will increase user numbers, and tempt users away from Slack. Microsoft is also extending 365 cloud suite with the free version of Teams to try and bridge Microsoft 365 with Office 365.

Space and Features

The free version of Teams offers 10GB of team storage plus an additional 2GB for each user, with up to 300 people supported. Also, users have unlimited messages and search, there is guest access, as well as audio and video calls and screen sharing.

Within the Teams app, users can collaborate with colleagues on Word, Excel and PowerPoint documents.

What’s Missing?

Even though the free version offers quite a lot of storage space, the full version would offer users a massive 1TB. Also, unlike the full version, the free version doesn’t come with Yammer, Planner, SharePoint and OneDrive, plus the free version lacks some of the security features of the full version. This could make it less attractive to enterprises that are also looking to maximise compliance.

Warning To Help With Team Etiquette

One interesting aspect of Microsoft’s approach to the collaborative working platform is to build-on features that warn a user when they are doing something that goes against good practice and etiquette within teams. One key example of this is, with MyAnalytics, which works as an intelligent collaboration assistant in Outlook, is where users are warned / alerted if they are sending emails to co-workers outside their normal working hours.

What Does This Mean For Your Business?

One good way to increase user numbers quickly, gain some ground in a battle with competitors, and to entice people to try and perhaps switch to a new service is to offer a good, usable, value-adding version of that service for free. That’s exactly what Microsoft is doing with its version of Teams.

Although larger enterprises may already be a long way down the road with their chosen collaborative working platform, and might be a bit put off by the idea of using a free version of a platform that is not quite on a par with the full version in terms of security features, a free version of Teams may be very attractive to SMEs looking to move into collaborative working with a low risk, trusted, scalable solution.

Globalnet is a managed servicer provider for a wide range of businesses throughout London, Essex, Kent and Herts. Call us today to find out how we can improve your IT infrastructure and increase productivity.

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

NHS Still Reliant On Fax Machines

A Poll by the Royal College of Surgeons using freedom of information requests has revealed that 8,946 fax machines are still in use in NHS Trusts in England.

NHS World’s Largest Purchaser of Fax Machines

The poll was carried out after a report last year by DeepMind Health revealed that the NHS was the world’s largest purchaser of fax machines.

The new RCS poll revealed that the NHS Trust with the most fax machines still in use is Newcastle upon Tyne NHS with 603. Barts Health NHS Trust still uses 369 fax machines.

Labour Party Says There Are More

In June this year, the Labour Party reported that it believed that there were at least 11,620 fax machines still in use across the NHS in England, costing £137,000 a year to maintain.

Fax Machines

What is considered to be the first commercial version of a modern fax machine (short for facsimile) was introduced (and patented) by Xerox Corporation in 1964. Fax machines, however, reached the peak of their popularity in the late 1980s.

NHS Also Largest User of Pagers

A report by telecoms consultancy CommonTime from last year showed that the NHS is the largest user of pagers, with 130,000 of them still in use in the NHS, mainly in acute hospitals. Pagers reached their peak of popularity back in 1994 (61 million in use), and it is believed that there are now only 1 million users worldwide. The NHS, however, spends £6.6m on them each year.

The reason for their continued popularity in the NHS is thought to be their simplicity, their use of radio frequencies rather than their reliance on Internet connections, their resilience, the fact that there’s an audit trail, they’re easy to carry, and they have a long battery life.

The CommonTime report suggests that the NHS could save up to £2,718,009 per year / over £10m across four years by simply replacing pagers with smartphone-based applications.

Hopes For Greater Move To Digital

These reports and polls appear to show that the NHS is lagging behind in the digital revolution and clinging to obsolete technology where its internal communications are concerned.

The last Health Secretary, Jeremy Hunt, had wanted a paperless NHS by this year, and the new Health Secretary, Matt Hancock, is known to be a supporter of technology and digitisation.

What Does This Mean For Your Business?

Those in the NHS have pointed out that years of austerity, cuts, lack of funds, and the need to pare back spending on facilities and technology in order to keep the service going are the reasons why the NHS still uses outdated communications technology like fax machines.

The natural substitute and successor to fax machines appears to be apps like SnapChat and WhatsApp. In fact, during the WannaCry cyber attack that brought down NHS computer systems, many NHS staff used WhatsApp to communicate, with an estimated 500 patients a day being diagnosed from X-ray images sent on the app.

Clearly, there is a need for an affordable, reliable, fast and easy to use day-to-day communications platform for NHS Trust staff to use that could help them to save the Trusts money, save themselves time, and add value to the provision of services. Continuing to rely on fax machines will probably only lead to stealth IT anyway. Apps appear to be the natural way forward, provided they offer the right level of security for patient data, but the NHS also has an internal email system called NHSmail that is not being used widely enough.

Globalnet is a managed servicer provider for a wide range of businesses throughout London, Essex, Kent and Herts. Call us on 0203 005 9650 today to find out how we can improve your IT infrastructure and increase productivity.

Misleading Broadband Adverts

The Advertising Standards Authority (ASA) has been criticised by CityFibre for a lack of regulation of the use of the term “fibre” in broadband adverts, which has meant that some consumers may have been misled.

Findings of CityFibre Research

The findings of the research, commissioned by network provider CityFibre, appear to show that customers may be confused about the fibre aspect of the broadband service they have.

For example, of the 3,400 broadband customers surveyed, 65% believed that they had already upgraded to a fibre connection and they were no longer on slower copper cables, even though copper is still the most common broadband connection type in the UK.

Also, 24% of the broadband customers surveyed by CityFibre believed they purchased services that used fibre cables running straight to their front door or FTTP (Fibre To The Premises). The reality, however, is that only 3% of the UK population have FTTP connections, as opposed to FFTC (Fibre To The Cabinet) connections, which go to a cabinet in the street, then by copper to the property. Virgin Media offers a slightly different model, using coaxial cable for improved speed between cabinet and premises.

The problem with this, apart from the fact that the UK is still lagging behind in fibre broadband provision, is that almost half of those customers surveyed believed that services advertised as ‘fibre’ delivered internet in this way as standard.

Broadband Providers & ASA To Blame

The report by CityFibre lays the blame for years of apparently misleading advertising information about what “fibre” actually means at the door of broadband providers for how they have used the word in their adverts, and the ASA for appearing to not regulate how the word has been used.

Stop Using The Word Unless…

CityFibre has called upon broadband providers to stop using the word ‘fibre’ unless it is describing a full-fibre connection, and has stated that it plans to take the “backward looking” ASA to court to dispute the ASA’s conclusion that ‘fibre’ is not a misleading term in advertising.

What Does This Mean For Your Business?

Many critics would say that years of misleading advertising of broadband speeds, as well as spurious use of the word ‘fibre’ without explaining what it really means, have left many domestic and business customers totally confused about what they are paying for. This has undermined trust in the industry.

The sad prevailing fact for UK businesses is that, according to a recent survey, the UK is now at 35th place in the global average broadband speed league tables. This is because it has been too late in embracing a full-fibre solution – FTTP (fibre to the premises). Many critics have pointed to UK infrastructure provider Openreach shying away from FTTP because of the perceived costs and level of difficulty of large-scale rollouts.

All this means that UK businesses still have to rely on the slower FTTC (fibre to the cabinet) alternative, which uses copper wires to carry broadband from street cabinets to their premises. This has put UK businesses at a competitive disadvantage with businesses in many other European countries.

Regardless of advertising claims, and despite government plans and announcements, it looks as though the UK may only actually have 7% full fibre coverage by 2020, with full coverage unlikely for another 15 years.

Globalnet is a managed servicer provider for a wide range of businesses throughout London, Essex, Kent and Herts. Call us on 0203 005 9650 today to find out how we can improve your IT infrastructure and increase productivity.

 

UK Slips To 35th Place In Global Broadband Speed Table

A recent comparison of 163 million broadband speed tests across 200 countries shows that the UK has slipped from 31st to 35th place in the global average broadband speed league tables.

Speed Lagging In Europe

This latest result means that, even though average broadband speeds in the UK have risen in the past year and, at 18.5Mbps, are above the global average, the UK is now lagging behind 25 other European countries.

Although the UK’s broadband ranking is now actually above 165 other countries, it is still in the bottom third of EU member states.

Top Speed

Globally, Singapore tops the average broadband speed table with 60 Mbps. In Europe, the Scandinavian countries are top of the broadband league with Sweden at 46Mbps, Denmark at 43.9Mbps, and Norway at 40.1Mbps.

To give some idea of the gulf between broadband speeds at the top and bottom of the table, the lowest average broadband speeds can be found in Yemen (0.3Mbps), East Timor (0.49Mbps), and Turkmenistan (0.56Mbps).

Why The UK Fall In The Broadband Rankings?

It is widely believed that the UK is starting to drop further behind many of its European neighbours in average broadband speeds because it has been too late in embracing a full-fibre solution – FTTP (fibre to the premises). Many critics have pointed to UK broadband infrastructure provider Openreach shying away from FTTP because of the perceived costs and level of difficulty of large-scale rollouts.

At present, many UK homes and businesses, therefore, have to rely on the slower FTTC (fibre to the cabinet) alternative, which uses copper wires to carry broadband from street cabinets to homes.

Openreach

Back in November 2016, partly because of its slowness to move to super-fast broadband but mainly because of a perceived monopoly, BT-owned Openreach was ordered by Ofcom to become a legally separate entity.

Hope

As well as Openreach’s competitors such as Hyperoptic moving forward with plans to offer FTTP to 2 million urban premises by 2022, the UK government has also recently updated its plans to bring FTTC to the UK. For example, the UK government’s National Infrastructure Commission (Nic) is now pushing for FTTC to be deployed around the UK by 2033, and hopefully, to be available to 15 million homes by 2025.

At the end of last year, the UK government announced that six regions of the UK would host trials of full fibre broadband for businesses, schools and hospitals as part of a £200m scheme by the Department for Digital, Culture, Media & Sport (DCMS). The regions are Aberdeen and Aberdeenshire, West Sussex, Coventry and Warwickshire, Bristol and Bath & North East Somerset, West Yorkshire and Greater Manchester.

What Does This Mean For Your Business?

This latest drop down the table of average broadband speeds is bad news, but not a surprise for UK businesses. Broadband is now an essential service for business, and businesses know from their own experience that broadband services in the UK can sometimes be slow, patchy, and often expensive. A recent survey by watchdog ‘Which?’, for example, revealed that more than half of UK customers across 12 providers, are having problems with their broadband service or price.

At the moment, better broadband services, particularly for businesses in rural locations, still seem a very long way off as the reality is that the UK ranks only 35th in the world for average broadband speeds, and we may only actually have 7% full fibre coverage by 2020, with full coverage unlikely for another 15 years. This could affect the competitiveness of UK companies compared to their European neighbours and other global competitors for a long time to come.

Globalnet is a managed servicer provider for a wide range of businesses throughout London, Essex, Kent and Herts. Call us on 0203 005 9650 today to find out how we can improve your IT infrastructure and increase productivity.

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. Find out how we can improve your broadband speed.

New, Improved Wi-Fi Security Standard WPA3 Starts Rollout

The non-profit, global trade group, the Wi-Fi Alliance, has announced the commencement of the rollout of the new Wi-Fi Protected Access (WPA) protocol WPA3 which should bring improvements in authentication and data protection.

What’s Been The Problem?

There are estimated to be around 9 billion Wi-Fi devices in use in the world, but the current security protocol, WPA2, dates back to 2004. The rapidly changing security landscape has, therefore, left many Wi-Fi devices vulnerable to new methods of attack, fuelling the calls for the fast introduction of a new, more secure standard known as WPA3.

WPA2 Vulnerabilities

For example, WPA2 which is mandatory for Wi-Fi Certified devices, is known to be vulnerable to offline dictionary attacks to guess passwords. This is where an attacker can have as many attempts as they like at guessing Wi-Fi credentials without being on the same network. Offline attacks allow the perpetrator to either passively stand and capture an exchange, or even interact with a user once before finding-out the password. Using Wi-Fi on public networks with the current protocol has also left people vulnerable to ‘man-in-the-middle’ attacks or ‘traffic sniffing’.

One key contributor to the vulnerability of using Wi-Fi with the WPA2 standard is the home / business using obvious / simple passwords.

What’s So Good About WPA3?

The new WPA3 standard has several advantages. These include:

  • The fact that WPA3 has been designed for the security challenges of businesses, although it has two modes of operation: Personal and Enterprise.
  • The equivalent of 192-bit cryptographic strength, thereby offering a higher level of security than WPA2.
  • The addition of Easy Connect, which allows a user to add any device to a Wi-Fi network using a secondary device already on the network via a QR code. This makes the connection more secure and helps simplify IoT device protection.
  • WPA3-Personal mode offers enhanced protection against offline dictionary attacks and password guessing attempts through the introduction of a feature called Simultaneous Authentication of Equals (SAE). Some commentators have suggested that it ‘saves users from themselves’ by offering improved security even if a user chooses a more simple password. It also offers ‘forward secrecy’ to protect communications even if a password has been compromised.
WPA2 and WPA3 in Tandem

The current standard WPA2 will be run in tandem with the new WPA3 standard until the standard becomes more widely used.

Protection Against Passive Evesdropping

In June, the Wi-Fi Alliance also announced the rollout of the Wi-Fi Enhanced Open, a certification program. This provides protection for unauthenticated networks e.g. coffee shops, hotels and airports, and protects connections against passive eavesdropping without needing a password by providing each user with a unique individual encryption that secures traffic between their device and the Wi-Fi network.

What Does This Mean For Your Business?

Wi-Fi security and the security of a growing number of IoT devices has long been a source of worry to individuals and businesses, particularly as the nature and variety of attack methods have evolved while the current security standard is 14 years old.

The introduction of a new, up-to-date standard / protocol which offers greater security, has been designed with businesses in mind, offers more features, and protects the user from their own slack approach to security is very welcome. WPA3 will be particularly welcomed by those who use networks to send and receive very sensitive data, such as the public sector or financial industry.

Globalnet IT Innovations offer a range of managed IT services and on-demand IT services, including secure Internet and Wi-FI solutionsCall us on 0203 005 9650 to speak to one of our IT consultants and discover how we can help you reach your business goals.

 

Privacy Calls to Stop Storage of Personal Communications Data

Privacy groups have led calls to halt the blanket collection and storage of personal communications data in the EU area, and the creation and storage of the “audio signatures” of 5.1 million people by HM Revenue and Customs (HMRC).

Collection of Personal Communications Data

The privacy groups Privacy International, Liberty, and Open Rights Group, have filed complaints to the European Commission which call for EU governments to stop making companies collect and store all communications data. Their complaints have also been echoed by dozens of community groups, non-governmental organisations (NGOs), and academics.

What’s The Problem?

The main complaint is that communications companies in EU states indiscriminately collect and retain all of our communications data. This includes the details of all calls, texts and so forth (i.e. who with, dates, times etc).

The privacy groups and their supporters argue that not only does this amount to a form of intrusive surveillance, but that the practice was actually ruled unlawful by the Court of Justice of the European Union (CJEU) in two judgments in 2014 and 2016.

Privacy groups have expressed concern that some companies in some EU states have tried to circumvent the CJEU judgements, and the CJEU have clearly stated that general and indiscriminate retention of communications data is disproportionate and can’t be justified.

In the UK, for example, the intelligence agencies collect details of thousands of calls daily, but under the CJEU judgements, this amounts to breaking the law.

HMRC Collecting Recordings of Voices

Perhaps even more shocking is the news this week that, according to privacy group Big Brother Watch, the UK HM Revenue and Customs (HMRC) has a Voice ID system that has collected 5.1 million audio signatures.

The accusation is that HMRC is creating biometric ID cards or voiceprints by the back door. These voiceprints could conceivably be used by government agencies to identify UK citizens across other areas of their private lives.

Big Brother Watch has also expressed concern that customers are not given the choice to opt out of the use of this system.

Helpful and Secure

HMRC, which launched the Voice ID scheme last year, asks callers to repeat the phrase “my voice is my password” to register and access their tax details, and says that the system has been very popular with customers. HMRC has also said that the 5 million+ voice recordings that it already has are stored securely.

Privacy campaigners are calling for the deletion of the voiceprints that are currently stored, and for a different system to be implemented, or to at least allow customers to opt out of Voice ID and to be able to use an alternative method.

What Does This Mean For Your Business?

Businesses may be very aware, after having to adjust their own systems to be compliant to the recently introduced GDPR, that all EU citizens should now have more rights about what happens to their personal data. The term ‘personal data’ in the GDPR sense now covers things like our images on CCTV footage, and should, therefore, cover recordings of our personal conversations and biometric data such as recordings of our voices / voice prints / audio signatures.

While we may accept that there are arguments for monitoring our communications data e.g. fighting terrorism, many people clearly feel that the blanket collection of all communications data, not just that of suspects, is a step too far, is an invasion of privacy, and has echoes of ‘big brother’.

Biometrics e.g. using a fingerprint / face-print to access a phone or as part of security to access a bank account is now becoming more commonplace, and can be a helpful, more secure way of validating / authenticating access. Again, images of our faces, fingerprints, and our audio signatures (in the case of HMRC) are our personal data, and it is right that we would want them to be secure, and as with GDPR, that they are only used for the one purpose that we have given consent for, and not to be passed secretly among states and unknown agencies. Also, the ideas that we can opt in or opt out of systems, and are given a choice of which system we use i.e. not being forced to submit a voice recording, is an important issue, and one that many thought GDPR would address.

As more and more biometric systems come into use in the future, legislation will, no doubt, need to be updated again to take account of the changes.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Tech Tip – Improve Phone Speed With Lightweight Apps

If your phone has limited memory storage and you regularly use Facebook and Twitter, installing lightweight versions of these apps could help to speed up your phone.

Facebook Lite, for example, works just as well as the full version yet uses a fraction of the resources of the full app. The Facebook Lite app is small and allows you to save space on your phone and use Facebook in 2G conditions. To use it:

– Go to play.google.com

– Locate the app, and install it.

– n.b. Google also has lightweight versions of YouTube

Also, Twitter has a lightweight client which you can find at mobile.twitter.com.

Two More Security Holes In Voice Assistants

Researchers from Indiana University, the Chinese Academy of Science, and the University of Virginia have discovered two new security vulnerabilities in voice-powered assistants, like Amazon Alexa or Google Assistant, that could lead to the theft of personal information.

Voice Squatting

The first vulnerability, outlined in a recent white paper by researchers has been dubbed ‘voice squatting’ i.e. a method which exploits the way a skill or action is invoked. This method takes advantage of the way that VPAs like smart speakers work. The services used in smart speakers operate using apps called “skills” (by Amazon Alexa) or “actions” (by Google Assistant). A skill or an action is what gives a VPA additional features, so that a user can interact with a smart assistant via a virtual user interface (VUI), and can run that skill or action using just their voice.

The ‘voice squatting’ method essentially involves tricking VPAs by using simple homophones – words that sound the same but have different meanings. Using an example from the white paper, if a user gives the command “Alexa, open Capital One” to run the Capital One skill / action a cyber criminal could create a malicious app with a similarly pronounced name e.g. “Capital Won”. This could mean that a voice command for Capital One skill is then hijacked to run the malicious Capital Won skill instead.

Voice Masquerading

The second vulnerability identified by the research has been dubbed ‘voice masquerading’. This method of exploiting how VPAs operate involves using a malicious skill / action to impersonate a legitimate skill / action, with the intended result of tricking a user into reading out personal information / account credentials, or to listen-in on private conversations.

For example, the researchers were able to register 5 new fake skills with Amazon Alexa, which passed Amazon’s vetting process, used similar invocation names, and were found to have been invoked by a high proportion of users.

Private Conversation Sent To Phone Contact Security Breach

These latest revelations come hot on the heels of recent reports of how a recording the private conversation of a woman in Portland (US) was sent to one of her phone contacts without her authorisation after her Amazon Echo misinterpreted what she was saying.

What Does This Mean For Your Business?

VPAs are popular but are still relatively new, and one positive aspect of this story is that at least these vulnerabilities have been identified now by researchers so that changes can (hopefully) be made to counter the threats. Amazon has said that it conducts security reviews as part of its skill certification process, and it is hoped that the researchers’ abilities to pass-off fake skills successfully may make Amazon, Alexa and others look more carefully at their vetting processes.

VPA’s are now destined for use in the workplace e.g. business-focused versions of popular models and bespoke versions. In this young market, there are however, genuine fears about the security of IoT devices, and businesses may be particularly nervous about VPAs being used by malicious players to listen-in on sensitive business information which could be used against them e.g. for fraud or extortion. The big producers of VPAs will need to reassure businesses that they have installed enough security features and safeguards in order for businesses to fully trust their use in sensitive areas of the workplace.