Tag Archive for: lack

Why electronic voting is dying from lack of interest

/in


The back-end was stress tested and various penetration, information security and privacy assessments undertaken. There was a refreshing transparency to the whole process and the successful online survey saved taxpayers well more than $100 million.

Collecting information, surveying opinion and engaging citizens are core functions of a citizen-centric modern government. This is what makes the inability to transform the pencil and paper voting system into a repeatable electronic system very frustrating.

Tight time constraints

Electoral commissioners are fond of observing that elections are the largest and most complex logistical operations that a country undertakes in peacetime, typically engaging the entire adult population in a prescribed process implemented under tight time constraints.

And they are expensive too. The coming federal election will cost taxpayers about $430 million to administer – including the supply of 4 million pencils – and the NSW state elections cost $100 million-plus a pop. The same process is repeated every three to four years across the eight federal jurisdictions and hundreds of local council ballots.

For nearly a decade, the NSW Electoral Commission (NSWEC) had been a pioneer in the English-speaking world, offering online voting for disabled, elderly and remote electors using Spanish software developed for elections for Swiss cantons.

The iVote software had attracted the attention of security analysts who had led a campaign to have it ditched, claiming there was a “trap door” that could allow votes to be manipulated. The NSWEC admitted the code defect, but said the local implementation had physically isolated the issue, meaning it could not be used by cyber attackers.

It was not the first time defects had been found in the whole iVote system and Electoral Commissioner John Schmidt had made no secret of the urgent need for $22 million of funding to bring the Commission’s systems, including iVote, into cyber compliance. At parliamentary hearings, Schmidt had described his efforts to get funding as “Kafkaesque” and a “circle of hell”.

System capacity issue

In the end, it was not a security bug, but rather a system capacity issue that brought down…

Source…

Smart home devices are big on convenience but often lack security :: WRAL.com

/in


By Keely Arthur, WRAL consumer reporter

Smart home devices like thermostats, light bulbs, smart safes and security cameras add a whole new level of convenience to your home. However, security experts say these devices can be a treasure trove of information for hackers, because manufactures often don’t put in enough safeguards, prioritizing ease of use over security.

Neal Bridges, the chief cybersecurity and content officer for information technology and securities company INE, an “ethical hacker” who simulates device hacking to expose vulnerabilities in software, was able to hack into a smart security camera within minutes just by accessing the unsecured Wi-Fi it was connected to. Bridges was able to unearth personal data during this simulated hacking because some of the software used in the device had not been updated since 2011.

“This is very common,” he explained. “They’re using software they don’t typically have to pay for so therefore it’s not maintained by any well-established organization.”

Information can also be hacked if a device is physically stolen and its computer chip is accessed. Bridges recommends clearing or reformatting devices before throwing them away.

Bridges tells Five On Your Side that most smart home devices are easy to hack because there’s no industry or government standard for protection.

“The manufacturers don’t build them with safety and security in mind,” Bridges said.

Early this year President Biden issued an executive order calling for companies and the government to increase their cybersecurity efforts. The National Institute of Standards and Technology has explored the idea of a consumer software labeling program, much like nutrition labels. But that agency doesn’t have the authority to make rules for labeling, and any labeling would be voluntary.

Bridges tells Five On Your Side that for now it’s really up to consumers to protect themselves.

Here are three ways to protect your smart home from a hack

  1. Create a unique username and password for each device, and make sure your Wi-Fi itself has a passcode.
  2. Use two-factor verification when available…

Source…

DoD, State Lack Ability to Flag Cell-Site Simulators

/in


U.S. Department of Defense Press Secretary John Kirby participates in a news briefing at the Pentagon August 13, 2021 in Arlington, Virginia.

U.S. Department of Defense Press Secretary John Kirby participates in a news briefing at the Pentagon August 13, 2021 in Arlington, Virginia.
Photo: Alex Wong (Getty Images)

A slew of federal agency heads and the nation’s top intelligence official are being pressed to respond to what one influential senator is calling an “abysmal failure” by the U.S. government to defend its own employees from unauthorized cellphone surveillance.

“It has been a matter of public record for decades that phones can be tracked and calls and text messages intercepted using a device called a cell site simulator, which exploits long-standing security vulnerabilities in phones by impersonating a legitimate phone company’s cell towers,” Sen. Ron Wyden wrote Thursday in a letter to the director of national intelligence; heads of the FBI and CISA—the agency charged with defending critical systems; and the presumptive next chair of the Federal Communications Commission.

“While the threat posed by this technology has been clear for years,” Wyden wrote, “the U.S. Government has yet to meaningfully address it.”

Among other concerns in the letter, both the Departments of State and Defense have confirmed to Wyden’s office, he said, “that they lack the technical capacity to detect cell site simulators in use near their facilities.”

Cell-site simulators are cellphone surveillance devices that can sometimes fit in a suitcase and effectively hack phones remotely by exploiting a number of common design features. One such feature is the tendency hardcoded into a cellphone to always seek out the cell tower that’s emanating the strongest signal. While this is crucial to saving battery power and ensuring calls are properly routed, it can also be a critical weakness. By transmitting an even stronger signal—or in the case of LTE networks, on a higher priority frequency—cell-site simulators can force nearby phones to drop their connections and connect instead directly to the device.

G/O Media may get a commission

This kind of attack is not as easy as it used to be. The “handshake” between a phone and a cell tower is a multi-step protocol, which the simulator must emulate perfectly. Older…

Source…