The internet of things can be hacked – and the risks are growing every day

We’re rapidly entering a new phase of technological evolution, in which pretty much everything around us is connected to the internet. The term used to describe this increasingly connected ecosystem is the internet of things (IoT), and it’s attracting the biggest names in tech, from Apple to Samsung and everyone in between.

If the tech pundits are right, everything from toasters to light bulbs will soon have internet functionalities.

While connected technology provides a plethora of new and exciting possibilities, it also brings challenges – and the biggest challenges of all involve security. Any internet-enabled device is potentially vulnerable to attack from hackers – so imagine the risks when virtually every object and appliance we use is connected.

Much of the tech-using public remains unaware of such threats, despite repeated warnings from governments and industry bodies; according to Canonical, the company behind operating system Ubuntu, around half the British population is unaware that connected devices can be hacked.

Yet the dangers are all-too real. From taking control of connected cars to using everyday appliances such as fridges as to launch catastrophic cyber attacks, hackers are taking advantage of the IoT big time.

Compromised cars

One industry that’s been quick to seize on the potential offered by the internet of things is motor manufacturing. Car makers are increasingly launching models that sport internet-enabled infotainment systems and hubs, and driverless cars aren’t far behind. But while the connected car industry is booming, the road ahead is far from smooth.

Last year the FBI teamed up with the US Department of Transportation and the National Highway Traffic and Safety Administration to warn people about cyber security threats to cars. This followed a controlled experiment by two hackers, who were able compromise a Jeep Cherokee while it was travelling at 70mph by turning the steering wheel and applying the brakes remotely. 

If this were to happen in the real world, lives could be put at risk. Adam Boulton, senior vice president of security technology at BlackBerry, says that both manufacturers of autonomous and connected vehicles, and consumers, need to be aware of the security implications. Boulton envisages an era in which cars are held to ransom by hackers, and sabotaged or used in cyber attacks.

“We are already seeing connected cars on the market that incorporate automated features such as adaptive cruise control, automatic parking, and traffic jam assist,” Boulton says. “This needs to herald an era of reduced accidents, lower pollution, eased congestion and greater productivity.”

“However, without adequate security technology underpinning these vehicles, they could herald an era of engines being shut down remotely, cars being held to ransom by hackers or even being used to support DDoS attacks on major websites. 

“Preventing malicious actors from taking control of vehicles requires a delicate balance in engineering, not only ensuring the vehicle is secure but also remains safe. Connected vehicles require advanced technologies like secure boot to ensure the integrity of the vehicle is intact.”

Meddling hackers

As well as hacking into computer systems to cause chaos, cyber criminals are increasingly attempting to exploit connected gadgets such as Wi-Fi routers, webcams, smart thermostats and wearables to launch wide-scale attacks on companies and organizations.

Mirai is a popular form of malware among hackers, offering the ability to turn systems into botnets to initiate network compromises. In September 2016, hackers used 152,000 consumer IoT devices to initiate a distributed denial of service (DDoS) attack on French hosting provider OVH. They were able to inundate the company with 1Tbps of traffic, causing mayhem for customers around the world.

Consumers and their devices have essentially become unwitting accomplices in cyber attacks, and there’s nothing stopping this from happening again. Paul McEvatt, senior cyber threat intelligence manager for the UK & Ireland at tech giant Fujitsu, predicts that we’ll see more such incidents happen in the next few years.

“As we continue to see the exponential growth of internet of things devices, we will continue to see security issues we hadn’t even considered before,” he says.

“When an architect pulled together the design of smart motorway noticeboards, they wouldn’t have considered that hacktivists would target them to display politically motivated messages. The same is true of IoT manufacturers who built the hundreds of thousands of CCTV cameras, DVRs and SOHO routers that now make up the IoT ‘Mirai’ botnet.

“Lessons will clearly be learned from Mirai, such as avoiding hard coding default passwords but many of the protocols designed for smart connected devices will have their own potential flaws and vulnerabilities.

“Attackers have exploited these vulnerabilities to their advantage already, so while ransomware having the ability to take out a city of ‘smart’ connected lights would have seemed unlikely and unfeasible 12 months ago, recent events have changed that perception.”

McEvatt blames manufacturers for these issues. “The issue is that manufacturers are failing to implement robust security controls from the outset, whether that’s for routers, smart devices or connected cars,” he adds.

No device is safe

The internet of things industry is expanding exponentially, with consumers flocking to the shops to get their hands on the latest connected tech. Cyber criminals see this as a lucrative opportunity, as in most cases consumer-ready hardware can be relatively easy to hack.

According to recent research, hundreds of millions of internet-connected devices are vulnerable to attacks from cybercriminals. Nick Shaw, vice president and general manager for antivirus software maker Norton, says common devices such as smart TVs, home security systems and baby cameras are all hackable, and can be exploited as botnets, or for ransomware and fraud.

“As we continue to adopt more internet-connected devices in our daily lives cyber criminals are starting to pay attention,” he says. “We’re seeing consumer devices being hijacked because they are connected to the internet and their default device passwords have not been changed.

“From laptops and mobile phones, to fitness trackers and routers to home security systems, smart TVs and baby monitors, any internet-connected device is a potential target but the ones with default passwords, infrequent updates and poor security protocols are the most vulnerable.”

“Often consumers don’t register that their connected wearables or home devices are exposed to the same risks as their laptop or mobile phone. As such they don’t take the steps to secure them properly.”

Shaw adds that consumers can reduce the risk of their devices being hacked by change the default device credentials, disabling unused services, modifying the privacy settings of the device and ensuring firmware is up to date.

The internet of things is still in a state of relative infancy, and as it continues to expand and evolve it’s likely that the security threats it brings with it will become more complex and widespread.

There’s now an urgent need for manufacturers and other organizations to develop safeguards to stop hackers in their tracks – and we can all play our part by exercising a little common sense to reduce the chances that we, and our IoT devices, will be the next victims.

Latest update for OneDrive iOS app adds support for animated GIF files

OneDrive is getting more attention from Microsoft, as the mobile application recently received a couple of new features and improvements in the latest update. Among the most important changes included in the newest version of OneDrive for iOS is support for animated GIF files, something that users have been requesting for a long time.

But that’s not all there is about OneDrive app version 8.8.9. According to Microsoft, the application now allows users to instantly switch accounts by simply tapping and holding on the Me tab. Furthermore, OneDrive users who own either work or school accounts will now be able to receive notifications when someone shares a file with them.

And lastly, the developers confirmed they had added Instant Preview support in the Sites Tab. Not unexpected, a fair share of bugs have been squashed as well, or at least that’s what Microsoft claims.

None of the new features added require a premium account, but if you want one, then you should know subscriptions in the U.S. begin at $6.99 per month and can vary by region. With an Office 365 subscription, you will get access to all features in Word, Excel, and PowerPoint, as well as OneDrive Premium features and 1TB of storage.

Top 5 best network monitoring tools of 2017

Networks underpin the IT infrastructure of the modern business, linking up devices from PCs through to tablets and phones, servers and other crucial hardware. This allows for effective communication and other vital aspects such as resource sharing between staff members. The company network enables everyone to get online, and for the shared use of devices such as group printers, fax machines and email servers.

But like any type of technology, networks can easily be exposed to outages and other challenges. When gremlins hit, they can be extremely inconvenient for business owners and employees, which is why it’s important to keep tabs on issues. Network monitoring tools can obviously help you do this, sending alerts by various different means when problems do occur.

In this article, we’re highlighting five of the best solutions for keeping a close eye on your company network.

1. EventSentry

A lightweight and customisable solution

Platforms: Desktop | Features: Data, log files, disk space and performance monitoring | Dashboards: Yes | Free trial: No (web demo available)

Monitors physical and virtual IT infrastructure

No free trial 

EventSentry is a popular software suite that provides you with the tools to ensure all aspects of your IT infrastructure are secure and running as they should be. 

It’s been designed as a lightweight and highly customisable network monitoring option for businesses, and provides real-time event, log file and syslog monitoring. The product also considers aspects such as disk space, performance, service, network span and overall IT environment.

The software lets you keep track of all the metadata related to your network devices and components, providing reports to enable you to visualise all this. Another impressive boon here is that EventSentry utilises your data for troubleshooting purposes, helping to fix performance issues easily.

2. Pulseway

An easy-to-use network monitoring solution

Platforms: Desktop, mobile | Features: Real-time notifications | Dashboards: Yes | Free trial: Yes

Real-time alerts

All-in-one dashboard

Possibly too broad for some

Pulseway is an easy-to-use package which lets you monitor, manage and control all your IT systems in real-time via a smartphone, tablet or computer. 

With the platform, you can receive notifications if a network issue has been identified, and solve it within a matter of minutes. It works regardless of your location, so you can be anywhere and ensure your systems are running effectively.

Highly expandable and customisable, the product allows you to manage and deploy your own device configurations. There’s also an all-in-one desktop that displays information about your IT assets and customers, and you can develop your own plugins through a customisable API. This is a broad monitoring product with huge potential.

3. PRTG Network Monitor

A monitoring tool for small and large firms

Platforms: Desktop, mobile | Features: Traffic monitoring, component scanning | Dashboards: Yes | Free trial: Yes

Designed for companies of all sizes

Performance reports

Some plans can be expensive

If you’re looking for a comprehensive, user-friendly monitoring solution, it’s well worth checking out PRTG Network Monitor. The platform can scale to networks of any size, meaning that it’s suitable for both small and larger firms.

Not only does it measure traffic to ensure your networks aren’t suffering undue strain, but the software also scans system components for any sign of failures – helping to avoid catastrophic outages.

PRTG comes with a variety of technologies running out-of-the-box, including the likes of Windows Performance Counters and packet sniffing. To ensure problems don’t happen again, you can download performance reports in a variety of formats including PDF (the software supports multiple languages: English, German, French, Spanish, Dutch and more).

4. ManageEngine OpManager

Impressive solution which is used by NASA

Platforms: Desktop | Features: Traffic analysis, email and SMS alerts | Dashboards: Yes | Free trial: Yes

Real-time dashboard and alerts

Handy plugins for traffic analysis

Not cheap

OpManager is a network management platform that provides large businesses and SMEs with the ability to manage their IT assets efficiently and affordably.

It’s an expandable platform that covers a variety of areas: You can monitor networks – with automatic L1/L2 network mapping to help spot performance bottlenecks – physical and virtual servers, event logs and Windows services. The product actively looks for outages and other issues, and sends you email and SMS alerts in real-time.

You can monitor all your systems and devices from a dashboard updated in real-time, tracking and managing changes as they happen. There are some handy plugins for traffic analysis, too. The system is used by the likes of DHL, NASA and Siemens, so it’s not short of some big-name clients.

5. WhatsUp Gold Network Monitoring

A highly visual way to understand your network

Platforms: Desktop | Features: Interactive network map, compliance support | Dashboards: Yes | Free trial: Live demo available

Very smart interactive network map

Easy-to-understand reports

No free trial

WhatsUp Gold is a network monitoring tool from Ipswitch that offers what it calls ‘advanced visualisation features’ to help keep things running smoothly, address issues quickly, and improve overall productivity. 

Using this product, you can monitor all aspects of your IT and network infrastructure, including applications, servers, virtual machines and traffic flows. The platform provides a very handy interactive network map which lets you see a visual depiction of your entire network, meaning you can swiftly pinpoint any trouble spots.

You also have the option to switch between physical, virtual, wireless and dependency views to help analyse your network quickly, and all this information can be turned into easy-to-understand reports. WhatsUp is compliant with HIPAA, SOX, FISMA, PCI DSS and other regulatory standards.

Google Assistant could be coming to your old Android phone as well

So far Google has been pretty coy on whether its Assistant app will ever roll out beyond the Pixel and the Pixel XL – though recent rumors suggest it’s about to appear on the LG G6 as well as the Nexus 6P and Nexus 5X.

Based on the code in a new alpha release of the Google app for Android, it looks like Google Assistant could be coming to older phones as well. The app includes code for adding the AI-powered bot to any phone, as Android Police reports.

It seems like the alpha edition of the app was released by mistake, and this being an alpha release, users are reporting a ton of bugs and plenty of unexpected behavior: this is by no means an official roll-out, though it does look promising for those with older devices.

Assistant, activate

Some users have been able to get the Google Assistant welcome screen up with a long press on the home button, but it doesn’t happen consistently across all handsets, and it’s obvious that Google still has some polishing to do before this is ready for primetime.

Still, it makes sense for the Assistant to eventually get on as many devices as possible – now the excitement over the Pixel phones has died down a little, Google will want to get more people using its latest app, which looks set to eventually replace Google Now.

Testers have managed to get the Assistant working on a Nexus 6P as well as a Samsung device but there are plenty of phones where it isn’t working yet. We might hear more from Google on the spread of Assistant during Mobile World Congress at the end of February, or at Google I/O later in the year.

Accidental Google alpha roll out adds Google Assistant to some non-Pixel phones

An alpha version of the Google app (version 6.13) has been accidentally making the rounds. Some of those who have been able to sideload the update on their Android phone have discovered that a surprising new feature has been added to their device, mainly Google Assistant. The more conversational version of Google Now is currently offered on the Google Pixel and Google Pixel XL handsets, and is available through the Google Allo messaging app. If you have the opportunity to install the alpha on your phone, keep in mind that not everyone who loads it will receive Google Assistant. In addition, it is quite buggy.

While it most likely is Google’s intention to widen the distribution of Google Assistant over time, the accidental roll out of version 6.13 of Google has brought the AI feature early to handsets like the Nexus 6P, Samsung Galaxy Note 5 and the Alcatel Idol 4 among others. Some of those who have sideloaded the new version of Google have been greeted with Google Assistant once they pressed on the home button, similar to how Google Now on Tap is activated

Before you get terribly excited, the settings for Assistant only mentions the Pixel phones, which increases the odds that this is just a mistake. The accidental roll out has allowed users to also discover a new feature to Google called “Recent” that will show recently requested search topics. And a new weather card appears to be in the process of getting tested.

There still could be a rather long period of time ahead before Google officially adds Google Assistant to non-Pixel handsets. If you were able to install the accidental update and ended up with Google Assistant, tell us all about it by using the comment box, below.