Hello Everyone,
I don't know if you heard recently, but investigators found that among the devices used by hackers in a recent attack there was... a fridge. Yes that's right. Here is an article (see the link below for the original) about what happened.
Hacked by your Fridge? When the Internet of Things bites back
In the rush to embrace the Internet of Things and weave connectivity into every aspect of our everyday lives, security must not be forgotten argues Stephen Bonner
To hack: to cut into something with a heavy weapon like an axe. In internet vocabulary to access without permission a website or network, by breaking their security barriers.
Internet of things: a recent concept which means that "things" (computers, kitchen appliances or climate control systems) use the internet to "talk" to each other, without interaction with humans.
To bite back: to defend yourself by biting, like a dog, when you have been bitten first.Rush: impuse to do things quickly, often with the risk of making mistakes.
to weave: the traditional way to make some kinds of clothing or carpets, by inserting different threads or yarn, forming patterns. See here.
To argue: to defend an idea by giving arguments to support it.
Security first: are we forgetting the risks in a rush to embrace the Internet of Things? Photograph: Martin Argles for the Guardian
The common kitchen fridge has always been a potential source of trepidation. Most people will admit that, at some point in their lives, they have opened the fridge door fearful of finding food well past its 'best before' date, leading to the scuppering of well-made dinner plans, or worse infecting the household with unfortunate viruses.
Fearful of: feeling fear that something will happen or appear.
well past its "best before" date: the best before date is the recommended date to consume some products. If it is "well past" it is probably dangerous to consume that product.
scupper: to ruin
As technology advances, so too it seems does our fear of fridges. Only last month there were reports of web-enabled domestic devices (including fridges) being hacked and used to generate spam email messages.
Web-enabled: Devices that can connect to the web.
It led to wonderful headlines such as "Help! My fridge is full of spam!", but the humour belies a simple truth. We live in a world where ever more devices are becoming network enabled. Just a few days ago, for example, a heating ventilation contractor was alleged to be under investigation as the possible source of intrusion into a major retailer's electronic point of sale terminals. Remote monitoring of store temperature and energy consumption is commonplace in the retail sector and might have provided a possible route in.
It led to: to lead/led/led. To give directions, guide or give someone example. also to introduce the consequences of some action. Here the funny headlines are a consequence of the hacker attack. Also, a person who leads is a leader.
to belie: to contradict and invalidate. e.g. What the police found out belies what the criminal declared in court.
Ever more: constantly increasing quantities
heating ventilation contractor: a contractor is a supplier that provides you some services, like building or maintenance. And you have a contract with them.
Alleged: not necessarily true or false but people think so. The alleged thief (we don't know if he was the thief or not).
Point of sale terminals. A point of sale is a place were things are effectively (* check second meaning) sold, usually with machines that can manage money or credit cards. Those machines are called terminals nowadays because they are connected to a central computer.
In the labs, we have already seen attacks against Insulin Pumps and Pacemakers; with the Food and Drug Administration in the US issuing guidance on the cyber security of medical devices. At home, it might be the Internet connection on your television or games console, the smart meter talking to your domestic devices over a home area network, or your car providing remote diagnostics and maintenance information back to its manufacturer.
labs: places where scientists work making experiments.
insulin pumps: devices that supply insulin to patients, usually fixed inside their bodies.
pacemakers: devices that help the heart regulate its rhythm in patients who have a history of cardiac arrest.
smart meter: devices that measure your utility consumption (e.g. water, electricity, natural gas) and send the information wirelessly to the supplier. Therefore they don't need to send anyone to read the meter regularly.
home area network: the area and electronic devices connected to a local area network (LAN) in a house.
remote diagnostics: using electronic devices to diagnose medical conditions without going to a hospital.
In our commercial environments we see intelligent printers and photocopiers, sophisticated building management systems, and now, the advent of Bring Your Own Device – at this stage 'only' a phone, but who knows what employees will wish to connect to the corporate network longer term.
Bring Your Own Device
Analysts suggest that this explosion of multi-connected devices, known as 'the Internet of Things', will grow to over 26 billion connected devices by 2020, a thirty fold increase on today's figures, and a market valued at over a trillion dollars.
thirty fold: Thirty times: if you multiply something by a factor of thirty, you make it thirty fold.
a trillion dollars: the number ONE followed by twelve zeros. A spanish billion. Compare:
1,000,000 = a million
1,000,000,000 = a billion (USA); a thousand million (Spain)
1,000,000,000,000 = a trillion (USA); a billion (Spain)
Yet, before we become too excited about the prospects offered by new connectivity, it is worth pausing to think about security.
Excited: anticipating or feeling something intensely. (sexual excitement is called arousal and the verb is to arouse/to be aroused).
On many occasions we have seen functionality fielded first, with security following as an afterthought. For example, we are now seeing industrial control system security rise to the top of the list of concerns, even though the first SCADA systems were fielded in the mid 1960s, albeit with very much more restricted network connectivity.
to field: to deal with something, usually a problem or some work. (= to address a problem)
afterthought: something added, casually, after something has been said and finished.
e.g. He signed the contract and as an afterthought he said: Maybe I should have read the contract more carefully, but what's done is done.
albeit: however
In my experience, attackers, whether they are Nation-State driven or organised crime, can be surprisingly innovative in their choice of attack technique. An unprotected device can provide the first toe-hold for an attacker, allowing them to establish a presence in your company or home network, before moving on to their final, more lucrative, target.
nation-state: a state where all citizens are supposed to have a feeling of belonging to the same nationality. e.g. France
to drive: to lead, to make something or someone move in a specific direction. In this case crime motivated by the government of a country.
toe-hold: a very minimal contact or support point. This expression takes its meaning from the sport of climbing, where you use your feet - and your toes, if you are barefoot - and you hold to the mountain wall with your hands and your feet. Usually foothold is the word used. In contrast toe-hold means that the position is very weak and unstable.
Note: toes are the fingers in your feet. In your hands in contrast, we have eight fingers and two thumbs (the big, thick opposable fingers).
While we will never conceive of the whole range of attacks when we first design a device, it does make sense to spend a little time thinking about the dependencies it introduces, how it might fail, and what might be done to counter the more obvious attacks including some basic design changes.
to counter: to compensate for something, for example by defending yourself from an attack.
At the risk of complicating how our devices work, some basic use of encryption to protect communications against tampering would help, along with authentication to ensure that only authorised users can interact with or manipulate devices.
to ensure: to make sure. (contrast: to insure: to sign a contract with an insurance company to protect people or goods; to assure: to make someone feel sure about something with words or evidence.
We may also need more flexible approaches to how we protect our networks. For instance, our home computer may be well protected behind a firewall and running malware detection, but possibly segregated from guest networks which host less well protected devices such as our fridge and games consoles. Corporate networks often now make use of Network Access Control, which ensures that only devices which are patched and running anti-virus are allowed to connect to the network. We could see these approaches extended to home networks.
To run: to operate, to make something work. Often used with computer sofware.
Malware: a kind of computer software whih is designed to attack or damage computers an/or networks.
To host: a term used when talking about computer servers, to speak about the information or software that is stored in it. The collocation "host server" is common.
to host also means: to let someone stay in your house or to organize an event, such as a party, in your own house. People attending a party are the guests. A TV host is a TV presenter.
To patch: to fix a hole by using a piece of material that is applied on the hole to cover it. Traditionally in clothes.
Perhaps we should also be a bit more picky about which traffic leaves our networks. Many security professionals have been surprised at just how many different internet sites our devices choose to talk back to, even when we think they are idle or even switched off.
idle: not working, but ready to do so, like the engine of a car at a traffic lights
switched off: completely disconnected.
grammar point: it is quite common to find prepositions at the end of a sentence in English. Usually there is some kind of complement that is before in the sentence. For example here the object of "talk back to" is "how many different internet sites".
So, in short, the innovative new business model you are adopting around the latest smart device may not just benefit you or your organisation. Expect organised crime to exploit the opportunities they offer as well. It means you have to think like an attacker. You'll be surprised what comes out of the process and it'll certainly give you a different perspective on your fridge.
Stephen Bonner is partner for Information Protection & Business Resilience at KPMG
in short: an expression to introduce a summary of ideas previously expressed.
Grammar point: in contrast with Spanish, in English complements to a noun go before it in most ocasions. Moreover, those complements introduced in Spanish by "de" are also moved to the front, and they do not need any preposition: a noun in English can be modified by another noun. Here we have a noun "model" modified by a combination of a noun and two adjectives which modify it.
No hay comentarios:
Publicar un comentario