The Black Hat USA 2013 conference, which kicks off tomorrow in Las Vegas, brings together the brightest minds in IT security each year — those who are responsible for perpetrating and protecting against the latest hacks and vulnerabilities. And not a second too soon, since every week seems to usher in another security catastrophe.
This week’s shocker was the outing of a hole in mobile device SIM cards, by Karsten Nohl, the founder of Security Research Labs in Berlin. Nohl was able to send a virus to the SIM card through a text message, then eavesdrop on calls, make purchases through the phone and even impersonate the phone’s owner. He did all this in under two minutes using an everyday PC and estimates that 750 million phones are vulnerable to attacks.
It’s so new that any in-depth analysis may be relegated to hallway discussions at the conference, because it’s not even on the official program. In fact, maybe the Black Hat organizers should simply use a real-time data feed of all security breaches in lieu of a planned agenda, as anything else will likely be dated by the opening keynote.
Case in point, no sooner did the news break about the vulnerability of SIM cards than Apple announced its own developer site was hacked.
Summer of Hackers (Again)
Why is everything related to computing getting hacked? Well, if you asked Willie Sutton, the prolific American bank robber, he would say “because that’s where the money is.”
Of course, nearly all of us have our net worth accessible by the click of a browser, user name and password. In fact, nearly every aspect of our lives is online — personal details, pictures, communications and job information. You name it; it’s all online.
So it should be no surprise that modern day thievery has moved online too. The number of breaches will continue to grow, and hacks will become increasingly imaginative as hackers strive to stay two (or sometimes ten) steps ahead of the security experts.
5 Ways To Stay Safe Online
But you don’t have to take the risks lying down. With a few simple steps, you can stay miles ahead of the bad guys — or at least make them jump through some hoops trying to break in.
Password Management: Good password management practices remain the greatest deterrent to electronic break-ins and theft, yet people and companies continue to not take it seriously — or at least act like they do. Be honest — when did you last change your own passwords? Do you use the same one for multiple sign-ins? Is it strong enough? The fact that people don’t employ strong passwords to protect their electronic assets is perplexing since it can be automated through password management software.
Two-Factor Authentication: Using applications that utilize two-factor authentication (TFA) is another level of protection. TFA requires a second level of authentication beyond a password, such as a random passcode that must be entered along with a password when logging into an app. Popular applications like Gmail and Twitter now offer optional TFA with their services — so opt for it!
Mobile Device Management: Most companies allow employees to access the corporate network and applications via BYOD (bring your own devices) devices, which means that both personal and corporate data reside together. Companies are waking up to the fact that mobile devices store a lot of information and offer would-be intruders access to personal and corporate data alike. Mobile device management (MDM) software is the best way to control access to mobile devices. Most MDM solutions allow you to set device configurations and profiles of all devices accessing the corporate network.
Encryption: If a hacker gets into your computer or mobile device, the last line of defense may be whether the data on the devices themselves is encrypted. And, actually, your data should be encrypted when connecting to an application, while in transit and at rest. Again, there are many software applications that can offer this type of protection for computers and mobile devices.
Common Sense Strategies: Lastly, there are important non-technical tactics that fall into the category of common sense. Don’t keep your life history in your Inbox; purge or archive data after it is no longer needed or being used. Only put sensitive data or personal data online if it’s absolutely necessary. And never send or store it in plain text.
Best Laid Plans
These are some easy, but effective security precautions against the known vulnerabilities that hackers target. And if you’re rolling into Las Vegas today for the Black Hat conference, you’ll definitely want to implement these extra precautions before you even step foot on the show floor (or the hotel or even the airport!).
Either way, whether it’s SIM cards or webcam attacks, assume that anything containing valuable information will be targeted — stay vigilant of the Black Hat.
Raj Sabhlok is the president of Zoho Corp., which is the parent company of Zoho.com and ManageEngine. Follow him @rajsabhlok.