Morning Security Brief: Household Items Hacked, India Introduces Cybersecurity Policy, and More
A researcher discovered a flaw in a lighting product allowing it to be controlled by hackers, India has announced a widespread effort to fight cybercrime, IBM is teaming up with the DHS, and more.
►An LED lighting system made by Philips—which can be controlled through a smartphone—has a technological weakness that allows it to be controlled by hackers , according to Ars Technica. The lights are just one in a series of household products —thermostats, door locks, toilets—that can be controlled over the Internet and can be hacked, according to recent reports. The vulnerability of the lighting system can pose risks to homes or offices. “Lighting is critical to physical security, said Nitesh Dhanjani, who discovered the weakness in the lights. “An abuse case such as the ability of an intruder to remotely shut off lighting in locations such as hospitals and other public venues can result in serious consequences.” In another example of this type of risk, Huffington Post has an article about a family who found that a stranger had hacked into their baby monitor and was spewing vulgarities to their two-year old, who was slept through the episode.
India has introduced a National Cyber Security Policy after a government investigation revealed the growing threat of cyberattacks
in the country. Cybersecurity threats and hacking attempts rose to 22,060 in 2012, up from 23 in 2004, according to The Economic Times. The policy includes introducing a framework for protecting critical sectors and a multi-layered approach outlining how various agencies and departments should handle a potential cyberattack. The government also intends to reduce national vulnerability to cyberattacks by investigating cybercrimes and taking legal action. One challenge India faces is that the country gets most of its technology, especially telecommunications equipment, from China, which could produce a supply chain risk. In response, the government has issued guidelines mandating that service providers secure their networks and only use equipment that meets international standards.
And in other news, IBM has acquired
Israeli security firm Trusteer, which specializes in protecting business networks, mobile devices, and web applications from cybercriminals. The acquisition is part of the formation of a security lab focused on mobile security, according to ZDNet. IBM also entered into an agreement
with the U.S. Department of Homeland Security, which will use the software in its Continuous Diagnostics and Mitigation program to combat cyberthreats. And the Security Industry Association calls for nominees to its George R. Lippert award