Tag: Safety | SpinSafe

Tag Archive for: Safety

The ELD Hacking Threat: Q&A with Serjon’s Urban Johnson – Safety & Compliance

March 23, 2024/in Internet Security

ELDs are an easy gateway for hackers to get into a fleet’s IT network and do major damage, warns Serjon’s Urban Johnson.

HDT Graphic/Serjon headshot

Did you know your fleet’s electronic logging devices may be vulnerable to hackers?

It’s true. Serjon, a cybersecurity firm specializing in fleet transportation security, held a press conference during the Technology & Maintenance Council annual meeting in New Orleans in early March. Urban Johnson, senior vice president, information technology and cybersecurity services for Serjon, briefed media on the threats facing fleets with compromised ELDs.

ELDs are essentially communication devices used to record and report truck driver hours of service. Due to certain technical requirements of the regulations, ELDs require the ability to “write” messages to the truck’s network to obtain information, such as engine hours. The ELD also requires internet access to report the HOS information.

This creates a truck network-to internet communication bridge that introduces significant cybersecurity concerns.

We sat down with Johnson to learn more about this new cybersecurity threat to North American fleets and what they can do to protect themselves. (This interview has been lightly edited for clarity)

HDT: Many fleets aren’t aware that ELDs can be hacked. Talk a little about how hackers can gain access to an ELD.

Johnson: Different ELD vendors use different designs to deliver the functionality required by the ELD mandate. A common design is a hardware device that connects to the vehicle’s on-board diagnostics (OBD) port and then uses a Bluetooth or Wi-Fi connection to a cellular device, such as a tablet or cellphone, to collect the ELD information and report it.

That ELD information can be attacked by hackers locally (close to the truck) or remotely across the internet.

In a recent paper presented at VehicleSec’241, the researchers were able to compromise an ELD device locally by simply connecting to the ELD Wi-Fi connection point, which had a predictable SSID [network name] and a weak default password….

Source…

https://spinsafe.com/wp-content/uploads/2024/03/hdt-qa-eld-hacking-__-1200x630-s.png 600 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2024-03-23 14:00:092024-03-23 14:00:09The ELD Hacking Threat: Q&A with Serjon’s Urban Johnson – Safety & Compliance

New industry-backed IoT security standards aim to improve device safety

March 19, 2024/in Internet Security

New IoT security standards could make it easier to choose devices that are hardened against some of the most common vulnerabilities.

IoT covers pretty much any physical device which can be connected to a digital network. IoT devices like digital locks, smart speakers, home surveillance systems, and routers are increasingly common, but have frequently been flagged as at-risk to threat actors.

That poor security can create risks for the users of these devices, such as the wrong people being able to access their security webcam, and can risk opening a backdoor into their network.

IoT security flaws also can create problems for the wider world, such as when vulnerable routers were enrolled into a botnet, which was then used in a Russian espionage campaign. In a recent survey, 50% of IT leaders said they thought IoT was the weakest point of their security.

Now, the Connectivity Standards Alliance (CSA) has published the first version of its IoT Device Security Specification, which it hopes will create a single IoT cyber security standard and certification program.

That should give manufacturers an easy way to show that their devices comply with multiple international regulations and standards – and hopefully help consumers and businesses alike make better choices.

The CSA’s Product Security Working Group has consolidated the requirements from three sets of IoT cyber security regulations in the US, Singapore, and Europe into a single program so device makers can comply with international requirements. The alliance has already signed a mutual recognition arrangement with the Cyber Security Agency of Singapore.

Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security – newly updated for 2023.

The 32-page specification includes dozens of specific device security provisions.

Manufacturers must demonstrate compliance with those provisions by supplying evidence to an authorized test lab. If they pass, manufacturers will be able to use the ‘Product Security Verified’ badge on their packaging. a printed URL, hyperlink, or QR code on the badge gives consumers access to more information about the device’s…

Source…

https://spinsafe.com/wp-content/uploads/2024/03/2LvDwLLQ8jfBDzQBX5WER9-1200-80.jpg 675 1200 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2024-03-19 18:00:112024-03-19 18:00:11New industry-backed IoT security standards aim to improve device safety

Commonwealth training on internet safety praised by Papua New Guinea judges

February 23, 2024/in Internet Security

Judges in Papua New Guinea have commended a new Commonwealth training course aimed at upskilling them to handle cybercrime cases and make the internet safer for their citizens.

Supported by the United Kingdom, the Commonwealth Secretariat partnered with the Papua New Guinea Centre for Judicial Excellence to organise the training in the capital city, Port Moresby on 12 and 13 February 2023.

More than 40 judges and magistrates attended the training, engaging in simulations to deepen their understanding of cyber threats and computer-based offences.

They were equipped with practical skills to apply internationally recognised good practices within their jurisdictions, gather electronic evidence admissible in courts, and foster cross-border cooperation to prosecute cybercrimes.

Covering topics ranging from protecting user data to authenticating digital evidence, the training course aimed to address the challenges judicial officers often face in tackling cybercrimes, particularly in developing countries.

A growing problem

During the opening session, Justice Les Gavara-Nanu, a Supreme Court judge, commended the timely training and drew attention to the changing landscape of Papua New Guinea’s criminal justice system.

He underscored the challenge posed by the surge in cybercrime, which requires new approaches to evidence-gathering compared to traditional crimes.

Justice Gavara-Nanu continued:

“We need assistance from the Commonwealth Secretariat to deal with these types of cases, from investigation [and] detection to prosecution and adjudication which is what concerns judges and magistrates as adjudicators.”

John Carey, Judge Administrator of the Papua New Guinea Centre for Judicial Excellence, echoed Justice Gavara-Nanu’s sentiments, expressing full support for the training on behalf of the country’s Chief Justice, Sir Gibuna Gibbs Salika KBE.

Financial implications

Reports indicate a disproportionate increase in cybercrimes in the Asia-Pacific region, accounting for 31 per cent of all incidents remediated around the world in 2023.

Cybersecurity threats were estimated to cost organisations in the Asia-Pacific region about US $1.75…

Source…

https://spinsafe.com/wp-content/uploads/2024/02/papua-new-guinea-training-on-internet-safety.png 421 784 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2024-02-23 01:30:102024-02-23 01:30:10Commonwealth training on internet safety praised by Papua New Guinea judges

Sri Lanka’s controversial internet safety law comes into force

February 1, 2024/in Internet Security

1 February 2024

Image caption,

The controversial Online Safety Act has sparked protests among activists in Sri Lanka

Sri Lanka’s draconian law to regulate online content has come into force, in a move rights groups say is aimed at stifling freedom of speech.

The Online Safety Act gives a government commission broad powers to assess and remove “prohibited” content.

Authorities said it would help fight cybercrime, but critics say it suppresses dissent ahead of elections.

Social media had a key role in protests during an economic crisis in 2022, which ousted the then president.

The act was passed on 24 January by 108-62 votes – sparking protests outside parliament – and came into effect on Thursday after the Speaker endorsed it.

The wide-ranging law prohibit “false statements about incidents in Sri Lanka”, statements with “an express intention of hurting religious feelings” and the misuse of bots, among other things.

A five-member commission appointed by the president will be given powers to assess these statements, to direct their removal, and to impose penalties on the people who made those statements.

The legislation will also make social media platforms liable for messages on their platforms.

Publicity Security Minister Tiran Alles, who introduced the draft legislation in parliament, said it was necessary to tackle offences associated with online fraud and statements that threaten national stability.

More than 8,000 complaints related to cybercrimes were filed last year, he noted.

A Sri Lankan pro-democracy group said on Thursday that the government’s “adamant pursuit” of the legislation was a “clear indication of its intention to silent dissent and suppress civic activism” as the country was still reeling from the consequences of its worst economic crisis.

Food prices and inflation have reached record levels since the country declared bankruptcy in April 2022 with more than $83bn in debt. Then president Gotabaya Rajapaksa was forced to step down and leave the country after thousands of anti-government protesters stormed into his residence.

“While the citizens silently suffer amidst escalating cost of living and unmanageable hunger, it is crucial for the rulers to recognise that this…

Source…

https://spinsafe.com/wp-content/uploads/2024/02/132519179_gettyimages-1949136958.jpg 576 1024 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2024-02-01 19:30:112024-02-01 19:30:11Sri Lanka’s controversial internet safety law comes into force