Smart watch technology revolutionized wearables and the watch industry in 2015. Still, HP doesn’t think you should use your smart watch for all of its coolest features. Their new study, after all, identifies vulnerabilities in 10 of the world’s top smart watch brands.
Flaws in the cloud-based systems used by smart watches to store data have raised concerns about smart watch use in general. HP’s findings certainly clarify that many of the most popular smart watches are vulnerable due to user authentication and data storage insufficiencies.
Approximately 6.8 million smart watches were sold in 2014. Apple serves 75 percent of smart watch consumers, having shipped four million devices during the second quarter of 2015. The most recent installment in their series investigating Internet of Things (IoT) security, HP’s new study found that 100 percent of smart watches they tested “contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.”
Already for many, smart watches store sensitive information about them. Alongside ongoing connectivity to the web and mobile apps that can unlock cars and homes, it is clear that a great temptation for exploitation exists. HP’s study shows this is possible.
“Smart watches have only just started to become a part of our lives, but they deliver a new level of functionality that could potentially open the door to new threats to sensitive information and activities,” said Jason Schmitt, general manager, HP Security, Fortify.
As the adoption of smart watches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smart watches into corporate networks.
HP outlines five main areas for concern. Many of the technologies HP recommends smart watch manufacturers adopt, to be sure, are not used en masse by technology users. So, even if some of the security protocols were offered on smart watches, it is not clear if users would use them. The five main smart watch concerns outlined in the HP studies are as follows:
- Two-factor authentication: All of the smart watches tested by HP featured a mobile interface without two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts. A good example of two-factor authorization is when you use a cash machine. In order to retrieve money, you will need both the correct PIN and the correct card. Three of the smart watches were susceptible to account harvesting, when an attacker gains access through a combination of weak passwords, no account lockouts and user enumeration and, ultimately, the process of elimination. Clues from all over the internet are used for account harvesting: in chat rooms, domain name records, instant messaging, message boards, news groups and all sorts of web-based applications.
- Encryption: Each of the smart watches tested by HP utilized transport encryption using SSL/TLS. Despite this, forty percent of the smart watches’ cloud connections were vulnerable to POODLE attack. This man-in-the-middle attack (short for “Padding Oracle On Downgraded Legacy Encryption”) exploits Internet and security software clients’ fallback to SSL 3.0.
- Insecure interface: Thirty percent of the smart watches were on a cloud-based web interface. All exhibited a lack of account enumeration. 30 percent suffered from the same vulnerabilities on their mobile applications. Thus, attackers could spot up-to-date user accounts by testing reset password apps.
- Poor firmware updates: 70 percent of the smart watches fail to adequately secure firmware updates. Ultimately, without encryption files, the smart watches remain vulnerable to data analysis.
- Sensitive data may be insecure: Smart watches are cool because they incorporate various aspects of your daily life. But, in order to do this, smart watches must also collect personal information, like your name, address, birthdate, and payment information. With health applications, things like weight, gender and heart rate are even included. Because some of the applications, at least, are vulnerable on smart watches, all of them are vulnerable, and HP thinks this should be on the minds of smart watch users.
Of course, smart watch manufacturers will improve the security of their products over time. HP recommends leaving alone for now ultra sensitive features like control to cars or homes, at least on most of the current models.
“These security measures are not only important to protecting personal data, but are critical as smart watches are introduced to the workplace and connected to corporate networks.”
Read the full report here.
Featured image from Ken Wolter / Shutterstock.
Trade.io Aims to Solve the Problems Plaguing Online Forex Brokers
If you’re looking to trade online forex, the first question is determining which brokers are reliable and which are total scams. The annals of Web 2.0 are filled with an ungodly number of forex scams, shady businesses and multi-level marketers. This has spawned an entire community of vigilantes looking to keep pace with the latest forex scam hitting the market.
Although reputable brokers have secured a mile-wide lead on the competition, the retail forex world still has a long way to go to clean up its image. Exuberant fees and a lack of transparency are just some of the issues that currently plague the industry.
It is against this backdrop that Trade.io launched its blockchain-based trading platform.
The company recently launched its pre-ICO with great fanfare, attracting nearly $9 million in funding with time to spare. According to the company’s whitepaper, the platform offers cryptocurrency trading as well as broad access to forex and contracts for difference (CFDs) spanning precious metals, oil, commodities, indices and equities.
Trade.io will use blockchain technology to launch a peer-to-peer trading platform that also functions as a launchpad to other token raises. Hacked has also learned from the team at that it will sponsor an academic incubator to further advance the blockchain space. Clearly, this is about more than just trading.
But on the subject of trading, the Trade.io team identified three major problems their platform was trying to solve.
Problem 1: Dealing desks
When it comes to forex trading, a dealing desk allows brokers to offset trades issued by their clients. In other words, they can give their client real market conditions on MT4, but don’t actually fulfill the trade. In the event that the trader earns profit, the broker pays out of pocket. From the broker’s perspective, this is where solid risk management skills are needed.
By leveraging blockchain and peer-to-peer technology, all brokerage transactions will appear on the public ledger. This effectively makes it impossible for brokers to trade against the client.
To be fair, dealing desks aren’t inherently bad, provided that the broker is liquid and in good standing. It’s also never a good idea to claim you do not operate a dealing desk when you do in fact work one. (Let’s just say this is more common than you think.)
Problem 2: Lack of transparency
One of the most powerful aspects of the blockchain is transparency, and this cuts across many lines. Online brokerages have been known to nickel and dime their customers via inefficiencies and exorbitant fees. Trade.io says its platform will reduce, and in some cases, eliminate high fees associated with the financial markets. We are not sure if this also applies to spreads, but we may soon find out.
Problem 3: Lack of innovation
Although forex brokers have been known to move swiftly on technology, they all tend to follow the same standard template. This extends beyond the assets covered to include the trading infrastructure (i.e. MT4/MT5) governing their platform. According to Trade.io, these brokers have been especially slow at integrating new blockchain solutions. This, in fact, is currently impacting much of the financial industry.
The people at Trade.io are attempting to incentivize participation through the public ledger. This appears to be more of a holistic strategy than any one particular selling point. According to the whitepaper:
“Blockchain technology changes all that for the first time due to its decentralized, incorruptible nature. Control isn’t handed over to a single entity, organisation or government, but rather is shared among all of its network users, thus transparency may be achieved at last.”
It remains to be seen whether Trade.io or platforms like it will be able to solve the myriad of challenges facing online brokers. The blockchain certainly isn’t the only new paradigm shift impacting the forex world. However, there’s little to suggest that brokers cannot integrate it to their benefit.
Social trading is another paradigm shift that the brokerage community has embraced with open arms. The results have been quite positive as more platforms enable collaboration among traders, analysts and other market participants. Blockchain might prove a little more complex, but resilience isn’t something that the best brokers have necessarily lacked.
Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.
Featured image courtesy of Shutterstock.
Bitcoin Giant Bitmain Enters the High Stakes AI Race
The Sophon, named for a fictional proton-sized supercomputer, could be the tool to train neural networks in data centers worldwide. It is the latest project being developed by Bitmain Technologies Ltd., the bitcoin mining giant that has carved out a dominant position in bitcoin mining.
Such chips, called application-specific integrated circuits (ASICs), could unleash a new wave of distributed computing, according to Michael Bedford Taylor, a University of Washington professor who studies bitcoin mining and chips.
Sophon is due to debut before the end of the year.
Bitmain Has The Know-How
Bitmain has the background to play a role in the expanding artificial intelligence industry. The company designs the silicon that goes in bitcoin mining equipment, assembles the machines and sells them worldwide, in addition to its own bitcoin mining operation and the ones that it manages for other mining pools.
Bitmain’s founders are not averse to playing a spoiler role.
Jihan Wu, the co-founder of Bitmain, supports the New York Agreement that seeks to double the bitcoin block size under the SegWit2X proposal, a move that some in the bitcoin community view as an attempt to give the miners control over bitcoin.
Some also believe Wu was behind the recent bitcoin split known as bitcoin cash, which at least one of Bitmain’s miners supported, a contention that Wu has denied. Wu points out that he was among the supporters of Bitcoin Unlimited, an earlier bitcoin scaling proposal that did not get activated.
Why Wu Supports Forks
Wu nonetheless said splits should be allowed. He said a fork is inevitable since people in the bitcoin community do not agree on how to best scale bitcoin.
Wu met Micree Zhan, Bitcoin’s co-founder, when Zhan was running DivaIP in 2010, a company that made a device that allowed a user to stream a TV show on a computer screen.
In 2011, Wu needed a chip designer to build a mining operation and approached Zhan. Zhan first designed an ASIC to run SHA-256, the cryptographic calculation used in bitcoin, at maximum efficiency. It took him six months to finish the job. His first rig, Antminer S1, was ready in November 2013.
Bitmain felt the sting of the 2014 Mt. Gox meltdown. But by 2015, bitcoin’s price bottomed out and later recovered. In the meantime, Bitmain introduced its Antminer S5.
Bitmain now employs 600 people in Beijing.
Ready To Take On Google
Bitmain has since developed a deep learning chip with improved efficiency. Users will be able to build their own models on the ASICs, enabling neural networks to deliver results at a faster pace. Google’s DeepMind unit used this technique to train its AlphaGo artificial intelligence.
Bitmain plans to sell the chips to any company looking to train its own neural nets, including firms like Alibaba, Tencent and Baidu. Bitmain could build its own data centers with thousands of deep learning rigs, renting out the computation power to clients the way it does with bitcoin mines.
Professor Taylor said companies like Bitmain that have excelled in bitcoin mining could take on the Googles and Nvidias since they have developed the skills to survive in an ultra-competitive and highly commoditized industry, and have the system level design expertise and the ability to reduce data center costs.
Cloud Storage: Mature Saturation or Early Adopter Phase?
Cloud storage options have been available at a consumer level for decades, in fact, if you consider them properly. One of the earliest such options was called iDrive, which began operations in 1995. A private company, they are still in operation, offering services that directly parallel that of their newer rival, Dropbox. Additionally there have been efforts like Carbonite and Google Drive.
It seems that the curve of technological adoption begins with centralized services and is later revolutionized by decentralized ones. In the same way that Bitcoin and cryptocurrencies in general are in the early stages of disrupting how people transmit money, Storj, Filecoin, Siacoin, and others are in the process of disrupting cloud storage. However, what is unclear to this author at this point is how much this market really can be worth long-term.
While there has been a period of time where extremely fast local storage was more expensive, these prices are coming down now. You can buy a 1TB SSD drive for a few hundred bucks, and with two of them you can have a RAID setup for redundancy. The price of extremely reliable, extremely fast, and extremely large drives is only going to continue coming down. How long before it’s so inexpensive that the concept of charging for access to it is less enticing? Even large firms with scaling needs might eventually be able to do it cheaper in house as the cost of hardware comes down.
Okay, so it’s unlikely that this will be a huge problem for the industry. In digital services, virtually everything has a market. Fair enough. But we must also consider what advantages these decentralized offerings have over their centralized counterparts. For one thing, encryption and security are sort of at the heart of the networks. As such, only the file owners are able to view their contents. This has great value to international firms, legal firms, and more. There may be cases where someone determines a file is safer in an encrypted cloud than in a local semi-encrypted disk.
Then there are businesses where no amount of redundancy is too much, such as web hosting companies. Apart from Siacoin, Storj, and Filecoin, there is also SONM, for which storage is just one more computer resource they would like to allow people to distribute in a decentralized manner. SONM appears to this author as one of the most technologically interesting solutions to the problem of computer resource costs.
Forbes says that that we will see close to $300 billion spent on cloud services this year alone. It would seem that as more and more people come online from remote parts of the world, there will be a higher demand for inexpensive storage and back-up services. The long-term trajectory of all decentralized efforts in this category is probably, if executed correctly, nearly vertical.
- Technical Analysis: Volatility on the Rise Again...
- Trade Recommendation: Syscoin
- Crypto Market Reaches Historic Milestone as Ether...
- Trade Recommendation: ETC/BTC Pair Bottoming Out
- Trade Recommendation: Ride the Next Rally of Bitco...
- Ripple Spikes 50% as Bitcoin Lifts Smaller Altcoin...
- A Career in Crypto: How to Work in the World’s Fas...
- Can a New Generation of Regulated Token Sales Save ICOs? December 14, 2017
- Trade Recommendation: NZDJPY December 14, 2017
- Trade Recommendation: Bitcoin December 14, 2017
- Asian Market Update – Thursday: Ethereum Extends Rally; Asian Stocks down After US Rates Hike December 14, 2017
- Daily Analysis: Dollar Falls, Gold Jumps after Yellen’s Final Move December 14, 2017
- Crypto Market Reaches Historic Milestone as Ether, Ripple Surge December 14, 2017
- Technical Analysis: Volatility on the Rise Again, as Ripple and Ethereum Hit Targets December 13, 2017
- Federal Reserve Hikes Interest Rates for Third Time This Year, Keep 2018 Policy Outlook Unchanged December 13, 2017
- Trump’s Proposed Tax Changes Could Impact Cryptocurrency Investors December 13, 2017
- Trade Recommendation: Syscoin December 13, 2017
A part of CCN
Analysis5 days ago
Long-Term Cryptocurrency Analysis: Look Out Below?
Recommendations6 days ago
Trade Recommendation: Litecoin
Analysis1 week ago
$100 Litecoin Looks Poised for Greater Upside
Cryptocurrencies4 days ago
Trade Recommendation: Zcash
Cryptocurrencies2 days ago
Trade Recommendation: Bitcoin Cash
Cryptocurrencies6 days ago
Trade Recommendation: Stellar
Cryptocurrencies6 days ago
Trade Recommendation: Ethereum Classic
Analysis3 days ago
Technical Analysis: Litecoin Continues Surge as Bitcoin Tests Highs