Posts

Showing posts from July, 2016

Toward a Safe and Secure Internet of Things

Image
I wrote up a white paper about the cybersecurity issues that we will face as the Internet of Things becomes more common. I discuss issues like physical security, scale, lack of experience by manufacturers, and lack of tools and best practices. One idea I also advance is this pyramid of IoT Devices. At the top tier we will all have a few devices that have a lot of computational horsepower, such as laptops, smartphones, and glasses. In the middle tier we will have dozens of devices that have moderate computational capabilities, but also only require a little bit of our attention. These include TVs, refrigerators, and smart toys. At the bottom tier are hundreds of cheap devices or ones that we are barely aware of. These include RFIDs, smart toilets, digital picture frames, electronic locks, smart meters, cheap environmental sensors, and more. The bottom two tiers are the ones we need to worry about the most. The top tier already has major tech manufacturers worrying about the cyb

Chase Fraud Alert from SMS 28107

I got a fraud alert on my phone this morning from SMS short code 28107. Is this legitimate? The short story, from what I can tell, is yes. The alert I got was: FREE MSG: Chase Fraud-Did you use card ending xxxx for $xx.xx at INGLES MARKETS on 07/13? If YES reply 1, NO reply 2 In cybersecurity, getting these kinds of alerts is a pretty common kind of scam. Attackers will send out lots of these kinds of SMS and email and try to get you to verify your account, essentially tricking you into sharing sensitive information. If you ever get one of these kinds of alerts, you should try to verify it independently. So I logged into my credit card account and saw that there were several purchases that morning. Looking up the name of the store, it appears to be a chain of grocery stores in North Carolina. Ok so definitely fraud. So I responded with a "1" to the SMS message, and it said that Chase would call when a specialist is available, or call the number on the card. There&