10
10
NEWS IN BRIEF
4G mobile calls still open to eavesdroppers
Armour Communications , a provider of specialist , secure communications platforms explains in a paper entitled , ‘ Is someone listening in on your confidential calls ?’ how the latest 4G network fails to solve the problem of electronic eavesdropping . Firms ’ intellectual property ( IP ) and commercially sensitive information can still be listened into by perpetrators using an IMSI catcher , despite new security measures and stronger encryption used by the 4G network . This type of hack can be set-up with equipment that ’ s highly portable and costs less than £ 1000 .
A rogue base station attracts mobiles by offering a stronger signal , and once connected forces the mobile back to 2G technology , where encryption is negligible and easily bypassed . This attack was demonstrated recently at the Ruxcon Security Conference , in Melbourne .
Andy Lilly , director and co-founder of Armour Communications commented ; “ Given the many years of experience and the huge investment in time to develop the specification for the 4G network , it has been assumed that it would be much better at protecting privacy . While it is to some degree , it does not solve the issue of potential IMSI catcher style attacks leaving commercial and public sector / government organisations vulnerable .”
4G enforces mutual authentication between handset and network base station , unlike 2G / GSM , but it still requires the mobile to transmit its International Mobile Subscriber Identity ( IMSI ) at least once in order to connect . Also , because 4G coverage is not ubiquitous , a fraudulent base station can trick handsets into downgrading to 2G , meaning any communication , voice , text or attachment can be compromised .
Andy Lilly added ; “ There is currently a proliferation of free apps and services that claim to be secure and encrypted , however , organisations should be careful about using such services . These services are not explicit about exactly what is encrypted and therefore there can be gaps that the user is unaware of . Furthermore , companies should not rely on services over which they have no control – for example the carrier service in some countries – in order to protect commercially sensitive information .” n
Free BeyondTrust cloud-based IoT vulnerability scanner
BeyondTrust , has announced the Retina IoT ( RIoT ) Scanner . Powered by Retina , BeyondTrust ’ s award-winning vulnerability management solution , and delivered by BeyondTrust ’ s cloud interface , RIoT gives organisations an attacker ’ s view of their IoT risk across the entire perimeter .
With estimates of 200 billion connected devices being in use by 2020 , these devices represent a significant , vulnerable attack surface . In addition , IoT devices have recently come under siege from a new breed of malware , most notably Mirai . As most IoT devices , by design , follow a ‘ set it and forget it ’ philosophy , they generally operate unmanaged , and mostly unknown . They typically lack any built-in security or mechanisms for programmatically making device-level changes , all of which make them a significant vulnerability on the network . With RIoT , enterprises can easily :
• Pinpoint the make and model of a particular IoT device and identify high-risk IoT devices with an easy-to-use interface
• Safely check for default and hard-coded credentials used with Telnet , SSH , or basic HTTP authentication
• Generate clear IoT vulnerability reports and remediation guidance
• Run free enterprise-grade cloud-based scans with nothing to purchase , install or maintain
Solwise to supply fixed IP SIM cards with public IP addresses
The UK mobile networks provide dynamic , private IP address assignments to 3G / 4G devices , which in most cases are perfectly adequate for home and general business use . Your Mobile Broadband Internet connection is routed through a NAT firewall in your provider ’ s data centre , which adds security but also restricts the ability to connect to your Mobile Broadband device from the Internet .
Your provider will not be able to cater for any port forwarding requirements you may have , so an end to end connection to your device will not be possible even if your device is a 3G / 4G router . This limitation can also prevent site-tosite cellular connections from being established for VPN applications and can be vital in M2M ( machineto-machine ) or IoT ( Internet of Things ) services . It ’ s also worth noting that even services like No-IP or DynDNS will also not work on the virtual addresses from your provider . So , for example , services like remote access to IP cameras will also not work . For these services you need a fixed / public IP address . n
Top concerns in a post BrexIT IT world
The prospect of BrexIT has made 40 % of UK IT professionals feel less secure in their job , and half say their organisation has responded by shelving projects with IT investment plans being hit .
40 % of respondents to an email poll of CBRonline . com ’ s database and Computer Business Review Dining Club members put access to the single market as of key importance , and almost the same number saying they feel less secure in their job because of the referendum result .
Just under half of those polled agreed or strongly agreed with the statement : BrexIT has led to projects being delayed or shelved . In terms of job security 40 % said BrexIT made their job less secure , 13 % said it made their position more secure and just under half said it would have no impact on their job security .
54 % of respondents agreed that as a result of BrexIT and the falling pound the cost of IT hardware has risen . n
www . networkseuropemagazine . com