Connect with us

Featured

Cybercrooks eye smart buildings

Published

on

In countries like the United States, the growth of smart buildings is estimated to reach 16.6% by 2020 compared to 2014, although this expansion is not limited to the US but rather is taking place on a global scale.  This growth is largely due to the fact we live in a world increasingly permeated by technology, in which process automation and the search for energy efficiency contribute not only to sustainability, but also to cost reduction – a goal pursued in all industries, public and private alike. Naturally, the construction industry is no exception, says Carey van Vlaanderen, CEO at ESET South Africa.

Smart buildings use technology to control a wide range of variables within their respective environments with the aim of providing more comfort and contributing to the health and productivity of the people inside them. To do so, they use so-called Building Automation Systems (BAS).  With the arrival of the Internet of Things (IoT), smart buildings have redefined themselves. With the information they obtain from smart sensors, their technological equipment is used to analyse, predict, diagnose and maintain the various environments within them, as well as to automate processes and monitor numerous operational variables in real time. Ambient temperature, lighting, security cameras, elevators, parking and water management are just some of the automatable services currently supported by the technology.

To put the possibilities of this smart infrastructure into perspective, is the example of a smart building in Las Vegas where, two years ago, they decided to install a sophisticated automation system to control the use of the air conditioning (keeping in mind Las Vegas has a hot desert climate and very little rain), so it is turned on only when there are people present. This decision led to a saving of US$2 million during the first year after the smart system was installed, due to the reduction in energy consumption achieved by automating the process. Marriott Hotels implemented a similar system across the entire chain that is expected to generate an estimated US$9.9 million in energy savings.

Another example of automation through smart devices is that of a supermarket in the United Kingdom. The store installed a smart system in its parking lot that generates a kinetic energy from the movement of cars passing through it, and then uses that energy to power the checkouts.

At first glance, we may not see any security risk in these smart buildings.  It is likely, however, that at some point the entire smart network is connected to a single database, and that is where the risk is. Particularly if we consider that many IoT devices are manufactured by different suppliers, who may not have paid due attention to security considerations during their design and manufacturing process.

Possibility of a smart building being attacked

The risk of a security incident taking place in an intelligent building is linked to the motivations of cybercriminals, who mainly seek to achieve economic gain through their actions, as well as to impact and spread fear.

There are already some tools such as Shodan that allow anybody to discover vulnerable and/or unsecured IoT devices connected publicly to the internet. If you run a search using the tool, you can find thousands of building automation systems in its lists, complete with information that could be used by an attacker to compromise a device. In February 2019, around 35,000 building automation systems worldwide appeared in Shodan within public reach via the internet.

This means that someone could take control of a BAS after finding it through a search.  If, for example, a criminal used Shodan for building automation systems to attack, they will find IP addresses. If they copy those IP addresses into the address bar of a web browser, in many cases this will bring up an interface for gaining access, where they need to enter a username and password. If the password is a default password of if it can be cracked easily through a brute force attack, the attacker will gain access to the system monitoring panel, which contains information similar to the companies located in the smart building.

Once the attackers have access to this public information and can monitor, for example, how the air conditioning works, they could make a phone call pretending to be from the maintenance company and say they are going to send a technician. At the same time, the attackers could request remote access, which would give them access to the server and allow them to control the building. Once they have control, they could alter the building’s heating or air conditioning or adjust the way any of the other automated systems operate and then demand payment of a ransom in using a system that allow them to remain anonymous, such as cryptocurrency, in exchange for not shutting the building down.

Siegeware: a very real threat

Cybercriminals are already carrying out such attacks when they have the opportunity. This kind of attack is siegeware, or “the code-enabled ability to make a credible extortion demand based on digitally impaired building functionality”

In conclusion, the low cost of IoT devices for buildings and the advances of technology for building automation systems is leading to changes with an impact on security. This drive toward automation and the use of smart devices to gather data – in order to give a building’s users more comfort and to make more efficient use of resources such as energy – is also leading to increased security risks. As a result, the possibility of a cybercriminal launching a ransomware attack on asmart building is already a reality.

Considerations to keep in mind

There are a number of security considerations and requirements to keep in mind:

  • Review the devices’ security specifications and work on the basis of the ‘security by design’ concept
  • Set a suitable budget for security
  • Choose partners that have knowledge of security issues
  • Install software for managing vulnerabilities
  • Ensure cooperation between the different areas and/or departments

For operational issues:

  • Update the devices regularly
  • Implement a replacement plan for when devices’ support life cycles end
  • Exercise a precaution in respect of connected devices
  • Monitor connected devices

Featured

Seedstars seeks tech to reverse land degradation in Africa

A new partnership is offering prizes to young entrepreneurs for coming up with innovations that tackle the loss of arable land in Africa.

Published

on

The DOEN Foundation has joined forces with Seedstars, an emerging market startup community, to launch the DOEN Land Restoration Prize, which showcases solutions to environmental, social and financial challenges that focus on land restoration activities in Africa. Stichting DOEN is a Dutch fund that supports green, socially-inclusive and creative initiatives that contribute to a better and cleaner world.

While land degradation and deforestation date back millennia, industrialization and a rising population have dramatically accelerated the process. Today we are seeing unprecedented land degradation, and the loss of arable land at 30 to 35 times the historical rate.

Currently, nearly two-thirds of Africa’s land is degraded, which hinders sustainable economic development and resilience to climate change. As a result, Africa has the largest restoration opportunity of any continent: more than 700 million hectares (1.7 billion acres) of degraded forest landscapes that can be restored. The potential benefits include improved food and water security, biodiversity protection, climate change resilience, and economic growth. Recognizing this opportunity, the African Union set an ambitious target to restore 100 million hectares of degraded land by 2030.

Land restoration is an urgent response to the poor management of land. Forest and landscape restoration is the process of reversing the degradation of soils, agricultural areas, forests, and watersheds thereby regaining their ecological functionality. According to the World Resources Institute, for every $1 invested in land restoration it can yield $7-$30 in benefits, and now is the time to prove it.

The winner of the challenge will be awarded 9 months access to the Seedstars Investment Readiness Program, the hybrid program challenging traditional acceleration models by creating a unique mix to improve startup performance and get them ready to secure investment. They will also access a 10K USD grant.

“Our current economic system does not meet the growing need to improve our society ecologically and socially,” says Saskia Werther, Program Manager at the DOEN Foundation. “The problems arising from this can be tackled only if a different economic system is considered. DOEN sees opportunities to contribute to this necessary change. After all, the world is changing rapidly and the outlines of a new economy are becoming increasingly clear. This new economy is circular and regenerative. Landscape restoration is a vital part of this regenerative economy and social entrepreneurs play an important role to establish innovative business models to counter land degradation and deforestation. Through this challenge, DOEN wants to highlight the work of early-stage restoration enterprises and inspire other frontrunners to follow suit.”

Applications are open now and will be accepted until October 15th. Startups can apply here: http://seedsta.rs/doen

To enter the competition, startups should meet the following criteria:

  • Existing startups/young companies with less than 4 years of existence
  • Startups that can adapt their current solution to the land restoration space
  • The startup must have a demonstrable product or service (Minimum Viable Product, MVP)
  • The startup needs to be scalable or have the potential to reach scalability in low resource areas.
  • The startup can show clear environmental impact (either by reducing a negative impact or creating a positive one)
  • The startup can show a clear social impact
  • Technology startups, tech-enabled startups and/or businesses that can show a clear innovation component (e.g. in their business model)

Also, a specific emphasis is laid, but not limited to: Finance the restoration of degraded land for production and/or conservation purposes; big data and technology to reverse land degradation; resource efficiency optimization technologies, ecosystems impacts reduction and lower carbon emissions; water-saving soil technologies; technologies focused on improving livelihoods and communities ; planning, management and education tools for land restoration; agriculture (with a focus on precision conservation) and agroforestry; clean Energy solutions that aid in the combat of land degradation; and responsible ecotourism that aids in the support of land restoration.

Continue Reading

Featured

The dark side of apps

Published

on

Mobile device security threats are on the rise and it’s not hard to see why. In 2019 the number of worldwide mobile phone users is forecast to reach 4.68 billion of which 2.7 billion are smartphone users. So, if you are looking for a target, it certainly makes sense to go where the numbers are. Think about it, unsecured Wi-Fi connections, network spoofing, phishing attacks, ransomware, spyware and improper session handling – mobile devices make for the perfect easy target. In fact, according to Kaspersky, mobile apps are often the cause of unintentional data leakage.

“Apps pose a real problem for mobile users, who give them sweeping permissions, but don’t always check security,” says Riaan Badenhorst, General Manager for Kaspersky in Africa. “These are typically free apps found in official app stores that perform as advertised, but also send personal – and potentially corporate – data to a remote server, where it is mined by advertisers or even cybercriminals. Data leakage can also happen through hostile enterprise-signed mobile apps. Here, mobile malware uses distribution code native to popular mobile operating systems like iOS and Android to spread valuable data across corporate networks without raising red flags.”

In fact, according to recent reports, 6 Android apps that were downloaded a staggering 90 million times from the Google Play Store were found to have been loaded with the PreAMo malware, while another recent threat saw 50 malware-filled apps on the Google Play Store infect over 30 million Android devices. Surveillance malware was also loaded onto fake versions of Android apps such as Evernote, Google Play and Skype.

Considering that as of 2019, Android users were able to choose between 2.46 million apps, while Apple users have almost 1.96 million app options to select from, and that the average person has 60-90 apps installed on their phone, using around 30 of them each month and launching 9 per day – it’s easy to see how viral apps take several social media channels by storm.

“In this age where users jump onto a bandwagon because it’s fun or trendy, the Fear of Missing Out (FOMO) can overshadow basic security habits – like being vigilant on granting app permissions,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa. “In fact, accordingly to a previous Kaspersky study, the majority (63%) of consumers do not read license agreements and 43% just tick all privacy permissions when they are installing new apps on their phone. And this is exactly where the danger lies – as there is certainly ‘no harm’ in joining online challenges or installing new apps.”

However, it is dangerous when users just grant these apps limitless permissions into their contacts, photos, private messages, and more. “Doing so allows the app makers possible, and even legal, access to what should remain confidential data. When this sensitive data is hacked or misused, a viral app can turn a source into a loophole which hackers can exploit to spread malicious viruses or ransomware,” adds Badenhorst. 

As such, online users should always have their thinking caps on and be more careful when it comes to the internet and their app habits including:

  • Only download apps from trusted sources. Read the reviews and ratings of the apps as well
  • Select apps you wish to install on your devices wisely
  • Read the license agreement carefully
  • Pay attention to the list of permissions your apps are requesting. Only give apps permissions they absolutely insist on, and forgo any programme that asks for more than necessary
  • Avoid simply clicking “next” during an app installation
  • For an additional security layer, be sure to have a security solution installed on your device

“While the app market shows no signs of slowing down, it is changing,” says Opil. “Consumers download the apps they love on their devices which in turn gives them access to content that is relevant and useful. The future of apps will be in real-world attribution, influenced by local content and this type of tailored in-app experience will lead consumers to share their data more willing in a trusted, premium app environment in exchange for more personalised experiences. But until then, proceed with caution.”

Continue Reading

Trending

Copyright © 2019 World Wide Worx