Tag Archive for: TechCrunch

US to launch ‘labeling’ rating program for internet-connected devices in 2023 • TechCrunch

/in


The Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices starting in 2023 in an effort to protect Americans from “significant national security risks.”

It’s no secret that IoT devices generally have weak security postures. Weak default passwords have allowed botnet operators to hijack insecure routers to pummel victims with floods of internet traffic, knocking entire websites and networks offline. Other malicious hackers target IoT devices as a way to get a foot into a victim’s network, allowing them to launch attacks or plant malware from the inside.

As American consumers continue to fill their homes with more of these potentially insecure devices, from routers and smart speakers to internet-connected door locks and security cameras, the U.S. government wants to help educate them about the security risks.

Inspired by Energy Star, a labeling program operated by Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House is planning to roll out a similar IoT labeling program to the “highest-risk” devices starting next year, a senior Biden administration official said on Wednesday following a National Security Council meeting with consumer product associations and device manufacturers.

Attendees at the meeting included White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis and Sen. Angus King, alongside leaders from Google, Amazon, Samsung, Sony and others.

The initiative, described by White House officials as “Energy Star for cyber,” will help Americans to recognize whether devices meet a set of basic cybersecurity standards devised by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC).

Though specifics of the program have not yet been confirmed, the administration said it will “keep things simple.” The labels, which will be “globally recognized” and debut on devices such as routers and home cameras, will take the form of a “barcode” that users can scan using their smartphone rather than a static paper label, the…

Source…

ACLU’s Jennifer Stisa Granick and Google’s Maddie Stone talk security and surveillance at Disrupt • TechCrunch

/in


In a world filled with bad actors and snooping governments, surveillance is the one factor that affects almost every business across the globe. While companies like Apple, Signal and LastPass fight against surveillance using end-to-end encryption and by shunning mass data collection — you can’t hand over data you don’t have — too many companies, big and small, remain unaware and deeply vulnerable to prying eyes.

The fast-changing surveillance landscape is why we’re thrilled that Jennifer Stisa Granick, ACLU’s surveillance and cybersecurity counsel, and Maddie Stone, a security researcher on Google’s Project Zero team, will join us onstage at TechCrunch Disrupt on October 18–20 in San Francisco.

In a panel discussion called “Surveillance in Startup Land,” Granick and Stone will join TechCrunch security editor Zack Whittaker to present a crash course on the surveillance state to inform, educate and inspire early-stage founders to think about how to protect their users and customers from threats they haven’t even thought of yet.

We’ll discuss the emerging threats today, like how spyware makers, like NSO Group, Cytrox and Candiru, which let governments secretly wiretap phones in real time, and data brokers — the companies that trade in people’s personal information and granular location — represent an ever increasing threat to privacy and civil liberties.

Surveillance isn’t just in the United States — it’s everywhere — and change can happen quickly and unexpectedly. Case in point: Fear over healthcare data tracking and privacy became a reality after the U.S. Supreme Court overturned Roe v. Wade, the landmark legal case that guaranteed a person’s constitutional right to abortion.

The decisions that founders and investors make today can and will affect millions tomorrow. We can’t wait to hear our panelists weigh in on how companies should think about what they’re building now — and in the future — so they don’t inadvertently become extensions of the surveillance state.

Jennifer Stisa Granick fights for civil liberties in an age of massive surveillance and powerful digital technology. As the surveillance and cybersecurity counsel…

Source…

Detectify secures $10M more to expand its ethical hacking platform • TechCrunch

/in


Detectify, a security platform that employs ethical hackers to conduct attacks designed to highlight vulnerabilities in corporate systems, today announced that it raised $10 million in follow-on funding led by Insight Partners. CEO Richard Carlsson says that the new cash, which brings Detectify’s total raised to $42 million, will be put toward product development and improving the overall user experience.

Detectify was founded by four ethical hackers from Stockholm, including Carlsson, who realized the business potential in combining security research with automation. In an interview with TechCrunch, Carlsson pointed out that product development workflows have changed dramatically over the past few years, with new teams within organizations spinning up internet-facing apps and adding potentially vulnerable assets to their employer’s environment. The trend toward low- and no-code tools has lowered the app development barrier to entry, but it’s also made the jobs of security specialists that much harder.

Illustrating the challenges, a recent Dark Reading survey found that 26% of IT and security experts don’t trust the platforms used to create low- and no-code apps. Roughly as many — 25% — said that they don’t even know which apps within their companies are being created by these tools.

“While companies should integrate security best practices earlier in their development cycle and try to catch vulnerabilities in development, production is what truly matters,” Carlsson added via email. “Unless you have a completely linear development process, which no company actually has, you will never catch everything. And this legacy mindset and over-reliance on ‘shifting left’ instills a sense of false confidence in organizations that actually increases their risk level.”

Detectify

Image Credits: Detectify

Detectify’s approach crowdsources real payloads — pieces of code that execute when a hacker exploits a vulnerability — from a private community of ethical hackers and uses these contributions for payload-based tests. Carlsson claims that Detectify tests customers’ entire attack surfaces, exposing how malicious attackers might exploit…

Source…

Whistleblowing drama, Instagram’s teen safety features, Twitter adds podcasts – TechCrunch

/in


Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

Global app spending reached $65 billion in the first half of 2022, up only slightly from the $64.4 billion during the same period in 2021, as hypergrowth fueled by the pandemic has decreased. But overall, the app economy is continuing to grow, having produced a record number of downloads and consumer spending across both the iOS and Google Play stores combined in 2021, according to the latest year-end reports. Global spending across iOS and Google Play last year was $133 billion, and consumers downloaded 143.6 billion apps.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and much more.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Twitter whistleblower’s impact (or lack thereof!) on the Elon Musk lawsuit

The headlines this week were dominated by Twitter’s former head of security, Peiter “Mudge” Zatko’s, explosive whistleblower complaint.

The former Twitter employee accused the company of cybersecurity negligence that ranged from a lack of basic security controls to national security threats and foreign intelligence risks. But one more immediate question on everyone’s minds is whether or not Zatko’s statements about bots on the platform will help or hurt Elon Musk’s case.

To some, it may appear that Zatko has backed up Musk’s claims when he notes that there are millions of active accounts on the platform which Twitter is not including in its mDAU metric — a metric Twitter itself invented to count only those users it could monetize by way of advertisements. (That is, mDAUs are mostly people, not spambots.)

“These millions of non-mDAU accounts are part of the median user’s experience on the platform,” states the complaint. “And for this vast set of non-mDAU active accounts, Musk is correct: Twitter executives have little or no personal incentive to accurately ‘detect’ or measure the prevalence…

Source…