It’s become a cliché that the smart fridge – one with sensors inside and connection to the Internet on the outside – will one day automatically order milk or replenish other items before they run out.
The reality is not only different, but also darker: smart appliances have little protection from hackers, and may be a way for cybercriminals to hijack devices, as well as invade privacy. Especially as smart TVs become standard – both in South Africa and across the world – we are exposing ourselves to dangers we don’t even know exist.
From TVs and fridges to security cameras and Wi-Fi routers, the very devices that are meant to make our lives easier are also the ones that make us more vulnerable. And this is not theoretical. As long ago as 2014, cybercriminals created a “botnet” – when a large amount of hacked computers are used in concert to mount a spam or other attack – which hijacked 100 000 devices, including routers, TVs and even a fridge.
“For some time we’ve seen attacks on security cameras, routers, and networking equipment,” said Marco Preuss, head of research at cybersecurity leaders Kaspersky Lab. “There are a lot of things happening to abuse these devices for malicious activities against other users, but also using them as entry point to the owner’s system.”
Preuss was speaking at the recent Kaspersky Transparency Summit in Zurich, when the company announced the opening of a Transparency Centre in Switzerland for regulators and other organisations to view its software code directly.
A panel discussion during the event, on the risks and rewards of transparency in cybersecurity, highlighted the absence of trust in technology. In the past, if a cybersecurity company said one could trust them, most people believed it. But that time is past, said Jan-Peter Kleinhans, project director for a project called Security in the Internet of Things at a German think tank, Stiftung Neue Verantwortung.
“The term ‘trust me’ is 1990s cybersecurity,” he said. “If someone says trust me, I want proof of it. How do we trust them?”
This problem will become far worse once we cannot trust even appliance makers, he said in an interview after the event.
“In the future every product will be connected. For commercial off-the-shelf devices (COTS), we already see rapidly increasing demand for voice assistants, smart lighting, and Smart TVs. So the question is not IF something gets connected but WHEN.
“All these devices will be vulnerable. Here the question is more how easy it is for criminals to exploit those devices – right now it’s extremely easy. For COTS devices I think the biggest problem are botnets that form a globally distributed botnet that the criminal can rent out for attacks against websites or credit card fraud or attacking production servers.”
The worst of it, he said, is that there is little the consumer can do. Kleinhans called on regulators to steps in, and pointed to the European Union’s Cybersecurity Act as a potential solution.
“It focuses on voluntary certification and security standards in the hopes that manufacturers see IT security as a competitive advantage. I don’t think voluntary certification by itself is enough, but it’s a solid first step. At the same time there is a growing debate about ‘software liability’ in many European countries. I think over the next five years we will see tighter and clearer regulation regarding IT security in general.”
In the meantime, it is not only the home user whois at risk, said Preuss.
“It affects everyone from consumer to small and medium businesses to enterprises. There is no limit in this whole environment, because more and more gets connected. In Germany you have smart connected production facilities, and public infrastructure like power plants and water supply that gets more and more connected, so that one can control what power needs to be produced to keep the network as stable as possible.”
The danger will escalate as energy production shifts from “classic nuclear and coal power plants” to solar and wind-based energy systems, which all depend on smart connected systems to pull their energy into the grid and keep it stable, said Preuss.
“Every company is an IT (information technology) company nowadays, whether they are working with wood or stone or clothes. The problem is everybody still does not realise they are an IT company, because most are still in the mindset of just working with wood and creating furniture, for example. No, you’re an IT company, because all your machines are connected, all your manufacturers are connected, and all your customers are online and connected. You have all this customer information digitalised.”
Preuss outlined a wide range of potential cyber attacks in this environment, from ransom attempts by encrypting company data to stealing company information to pretending to have cracked your account through password leaks and demanding payment not to publish sensitive information.
“The borders between consumer, small and medium business, enterprise, and government are less and less visible, ands everyone of us is now a node in the whole network. On the Internet, there is no longer a difference anymore between personal and business life. When I am private on a social network, I can still be targeted by people trying to get into my company. Everything is connected.”
The best known example of a potential danger is the idea that smart fridges can be accessed by hackers and pulled together into a massive network, or botnet, that launches what is known as a DDoS, or distributed denial of service attack, when a large number of computer attempt to connect to the same computer at the same time, causing it to crash. The most widely distributed software used for this is called Mira (see sidebar), which looks for unprotected Internet of Things devices. It is available as open source software for any hacker to download.
Said Preuss, “Mira was automated to spread on web cameras connected to the Internet by using default user name and password combinations. In most cases, users don’t change the default user name and password or don’t know how or are not aware that they should. Many of these systems also ship with very old hardware and you can’t update them, or updates are not shipped by vendors.
“The result is that you have less control of these devices. Just on the consumer level, you already probably have a router, smart TV, and smart security system. You may have smart controllers in kitchen. We’re talking a lot of different devices and platforms from a lot of different vendors.”
The home user, said Preuss, needs to be like system administrators from enterprises in the past, but the home user is not an IT expert.
“Yet these devices still do not offer the ease of use or functionality, by design, to make them more secure by ease of update and configuration.”
What can consumers do?
“Consumers can think about which device they buy, ask about security, ask about transparency, what happens with data, and do I need to connect it to the Internet? Just because a fridge has Wi-Fi, doesn’t mean I need to connect it.”
Did an earthquake take out SA Internet?
Seabed avalanches caused by an earthquake could have cut several undersea cables, leading to one of South Africa’s biggest Internet outages yet, writes ARTHUR GOLDSTUCK.
There is still no official explanation for freak breaks 11 days ago in two separate undersea cables that provide international access to South Africa’s Internet users. However, as reported in the Sunday Times yesterday, the most common causes of such breaks are damage by ship anchors and earthquakes at sea.
However, the freak occurrence of two separate cables being cut simultaneously far out at sea, as happened on the morning of 16 January, can only be explained by sea-bed activity. One of the cables was cut in two places, and it is widely believed that a third major cable was also cut.
The cable damage mostly occurred in or near an area called the Congo Canyon, which starts inland and extends 220km into the sea. It is known for having the world’s strongest “turbidity currents”, underwater sediment avalanches over hundreds of kilometers, which are known to destroy undersea cables.
The most likely culprit is a 5.6 magnitude earthquake that struck the Atlantic Ocean near Ascension Island shortly before the cables were cut on the morning of 16 January. The earthquake occurred just before 8am South African time, and local ISPs reported losing international access from just before 10am. The epicentre of the earthquake was more than a thousand kilometres off the coast of Africa, but disturbances caused by seismic activity at sea become more powerful as they approach the coast. Combined with turbidity currents, this could well have taken out all cables in the area.
The West Africa Cable System (WACS) was cut in two places, and the South Atlantic 3 (SAT3) cable in one location. Industry insiders believe that the Africa Coast to Europe (ACE) cable was also cut, but it has not been publicly confirmed.
South Africa is connected to the global Internet via seven such cables, with a total capacity of 42.3 terabits per second (tbps). These cables, in turn, connect to additional cables connecting the West and East coasts of Africa, with a single cable running from Angola to Brazil providing another 40 tbps.
However, it emerged in the past week that smaller ISPs in South Africa had bought capacity on only one or two cables. In a freak occurrence, two of the most commonly used cables, the WACS and SAT 3 cables, were cut simultaneously, plunging millions of Internet users into data darkness.
Customers of the major mobile network operators – Vodacom and MTN – were largely unaffected, as these tend to have both part-ownership and access to most of the cables running up both the East and West coasts of Africa.
Visit the next page to read about how ISPs have battled to reroute access, how massive resources are needed to deal with these kinds of outages, and when the ship will reach the breakage points.
Lenovo express-delivers new range from CES to SA
Lenovo has unveiled its new range of ThinkBook laptops, barely two weeks after they were showcased at the Consumer Electronics Show in Las Vegas.
The company’s newest sub-brand, ThinkBook, is intended to meet the demand for more aesthetically pleasing, yet agile and powerful devices.
The new range is aimed at small and medium enterprises. According to the Small Enterprise Development Agency (SEDA), there are more than 2-million SMEs in South Africa – although there are only 667,433 in the formal sector. This tallies with estimates in recent editions of SME Survey, produced by World Wide Worx, which suggest 650,000 active, formal businesses in South Africa. These SMEs employ about 14% of the South African workforce.
Lenovo argues that access to affordable, yet efficient, technology is a crucial factor in aiding business success and contributing towards the success of the nation. The company has found, in its own research, that younger people prefer working, creating and communicating online “with stylish devices that make a statement”. This means they require streamlined laptops which can be used to collaborate from any remote location, to enhance productivity.
Lenovo said in a statement on Thursday night: “Backed by customer research, ThinkBook is specially designed for SMEs, who typically purchase consumer laptops for perceived design and price advantages but can no longer rationalise their lack of extended services and warranties – core needs of any business. ThinkBook allows growing firms to keep a competitive edge in attracting today’s young tech-savvy execs with trendy yet cost-effective devices.
Thibault Dousson, general manager of Lenovo for Europe, Middle East and Africa, said at the launch event: “With the capacity, SMEs have to grow and upskill the country’s workforce, they are perfectly positioned to bridge the gap between the public sector and large enterprise. Bearing in mind the demands of the digital economy, this sector needs skills and resources in order to compete, and that is where devices such as the ThinkBook come in.”
In South Africa, ThinkBook laptops are now available in 13-, 14- and 15-inch variants. The flagship ThinkBook 14 and ThinkBook 15 devices are powered by Windows 10 Pro and up to 10th Gen Intel Core processing, which Lenovo says combines high performance with intuitive, time-saving features. Options include Intel Optane memory, WiFi 6, and discrete graphics.
The ThinkBook 15 comes at just 18.9mm thin, while the ThinkBook 14 is a mere 17.9mm, both with FHD displays and two Dolby Audio speakers, dual-array, Skype certified microphones and a USB 3.1 (Gen2, Type-C) port.
Lenovo has also introduced the ThinkBook S series, including an elegant 13.3-inch ThinkBook 13s. The sleek and light device is constructed of a metallic finish on an all-aluminium chassis, alongside a narrow bezel display. As with the ThinkBook 14 and 15, the ThinkBook 13s also features advanced Intel processing and an FHD display, Dolby Vision and Harman speakers with Dolby Audio.
Visit the next page to read about the design and features of the new ThinkBook range.