The Internet of Things Is the Hackers’ New Playground

July 29, 2014, 5:49 AM PDT By Arik Hesseldahl

Excited about the promise of the shiny new Internet of Things? Good. Because hackers are too. Or at least they should be, according to a study by computing giant Hewlett-Packard.

The company’s Fortinet network security unit conducted an analysis of the 10 most popular consumer Internet things on the market and found 250 different security vulnerabilities per product for an average of 25 each. Unfortunately HP doesn’t identify each product but does describe them in broad brush-strokes: They were from the manufacturers of “TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.”

As a basic rule, these devices often run stripped down versions of the Linux operating system, and so will have many of the same basic security concerns that you might expect to be in place on a server or other computer running Linux. The problem is, the people building them aren’t going to the effort to secure them the way they would a more traditional computer.

What’s happening says Mike Armistead, VP and general manager of HP’s Fortify unit, is that manufacturers are rushing to get their products on the market without doing the harder work of locking their devices down against the most basic kinds of attacks.

Magnifying the potential for the problem is the fact that once one device is compromised, overlapping vulnerabilities can lead an attack from one to the other. If that seems like alarmist paranoia, remember that one of the most damaging hacking attacks in history, the Target breach, in which information on more than 70 million people was compromised, was carried out by way of an attack on a system used to manage and maintain the heating and ventilation system in the company’s stores.

Read the full article on RE/CODE

Vysk QS1 Case Encrypts Phone Calls Against Hackers, Spies

April 24, 2014, 4:04 AM PDT By Bonnie Cha

Smartphones, just like computers, are vulnerable to hackers, who target mobile devices with malicious software to access your personal information. There are security apps that can help prevent this, but one San Antonio-based startup thinks it has a better solution.

Today, Vysk Communications introduced the QS1, a protective smartphone case that the company claims makes it virtually impossible for others to eavesdrop on and capture phone conversations and also encrypts text messages and photos. It does so by incorporating a proprietary encryption processor and its own microphone into the case. The Vysk QS1 also has two mechanical camera shutters for blocking your phone’s front and back camera.

With the case on, you can activate one of two privacy modes: Private Call Mode and Lockdown Mode.

Private Call Mode requires a $9.95 monthly subscription but gets you the full gamut of security features. With the accompanying Vysk QS app (available for Android and iOS), you can make private VoIP calls to other subscribers over Vysk’s encrypted network. The company says no one will be able to listen in on your call, and no data, such as caller ID, phone numbers and call times, is recorded.

The Vysk QS1 will also generate an untraceable number when making calls to non-Vysk users, and if someone does try to hack into your phone call, they’ll be met with a piercing buzzing sound. Other features of the subscription service include encrypted private messaging, voicemail and pictures, remote wipe and password protection, among other things.

Meanwhile, Lockdown Mode jams your phone’s microphones and blocks the cameras. A subscription is not required to use these features.

But why choose a clunky and expensive ($229) case over one of the free or cheap security and privacy apps?

Vysk believes its hardware approach is stronger because software-based solutions are still vulnerable to malware and hackers. The company also considers the QS1 to be a better alternative to the upcoming Blackphone, since it allows people to keep the phone that they like and use every day.

The Vysk QS1 is compatible with the iPhone 5 and 5S and the Samsung Galaxy S4 and S5. Preorders begin on May 15, and the case is expected to ship in early Q4.

Read the full blog post on re/code