Cody Gredler

About Cody Gredler

Cody knows cyber security. As CSID’s Director of Marketing she has a keen understanding of what is going on both in the news and behind the scenes with the latest breaches, security threats and identity theft scams. Cody writes about the latest industry news, breaches, identity theft trends and often shares helpful security tips for both businesses and consumers.

Understanding the IoT Convenience/Security Tradeoff

By |October 8th, 2015|

IoTIf you’ve been to a music festival recently, you may have noticed something convenient about your wristband. Sure, it serves its main purpose of getting you into the event, but with recent technology, it now has the capability to do quite a bit more.

Take for instance Austin City Limits music festival, which took place last weekend and will run again this coming weekend here in Austin. Festival-goers have the opportunity to load their credit card information onto their wristband either online or via the mobile app to alleviate digging around in their bag or wallet in the middle of a busy crowd. Simply hold the chip in your wristband up to the POS reader on the vendor’s iPad and voila! You’ve paid for your drink, snack, or souvenir.

Sounds convenient, right? But consider this: As you exit the festival, there are people lined up, eager to buy your wristband from you. Sell it, and it won’t take much for the person to gain access to the personal information associated with the wristband and your credit card info. It would just be a matter of cracking your four-digit pin that you had set up when registering your wristband.

This is just one case to consider, which opens up a broader discussion around what we may be sacrificing from a security perspective in the era of wearables and the Internet of Things.

Wearables, particularly fitness bands, have taken off in the past few years. PwC recently reported that more than 20 percent of U.S. adults already own at least one wearable, and that there will be as many as 50 billion new connected devices by 2020. What users may not realize is that wearable tech creates a new opportunity for a massive quantity of private data to be collected – with or without the user’s knowledge.

Symantic threat researcher Candid Wueest recently shared with Wired that it’s not so much about the level of danger people put themselves in wearing wearable devices, but more about the fact that at this point, developers are not prioritizing security and privacy. From his research, Wueest found that some devices sent data to a staggering 14 IP addresses. During his demonstration at Black Hat, Wueest identified six Jawbone and Fitbit users in the audience, showing how easy it was to find users’ locations, and specific details down to the time they left or entered the room.

But is it the wearable itself that poses the actual security threat? Gary Davis of Intel has explained (and we agree), that the weakest link is actually a user’s mobile phone, not the wearable itself. Most wearables link to your mobile phone, which, in comparison to the wearable device, hosts an exponentially greater amount of data, making it an irresistible target for hackers.

Before you cancel your order on that new fancy fitness tracker, keep this in mind: There are a number of simple, common sense steps you can take in order to protect your data. Consider buying a wearable that comes equipped with remote-lock capabilities, so that you can lock or erase its data if it is stolen. Also, as always, use a password to protect your device, use biometric authentication whenever possible, and keep an eye on user reviews online.

Stay tuned to the blog for more cybersecurity news throughout National Cyber Security Awareness Month. Share your thoughts with us on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.


Industry News Recap: Connected Automobile Security

By |September 30th, 2015|

Car SecurityTwo weeks ago we published a blog on security in the Internet of Things, part of which addressed recently uncovered vulnerabilities in automobile software. Since that time, concerns about cars and cybersecurity have remained in the news.

Hacked cars have made headlines before, but the issue was recently thrust back into the spotlight when white hat hackers Charlie Miller and Chris Valasek revealed a flaw in Chrysler’s Uconnect system. The flaw allowed them to steer the vehicle, change its speed, disable the brakes and shut off the engine as it sped down a highway – all from the comfort of their couch. The two described the hack as “fairly easy” and “a weekend project.”

An article in Wired covered this demonstration in detail and included the fear-inspiring conclusion that if this flaw is not fixed, “the result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.” Days later, Tesla Motors was featured in a similar story, a sign that the auto industry’s connected cars are just as vulnerable to breach as our other Internet-connected devices.

There has been an evolving conversation around car security. As a result of Miller and Valasek’s research, Chrysler issued a recall on more than a million vehicles. Meanwhile, according to Dark Reading, “the automobile industry at large began to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features.” Dark Reading also published a list of the world’s most hackable cars, while security influencers began weighing in on the best ways to reduce car hacking threats.

As of September, the ongoing conversation has yielded some promising progress. Miller and Valasek announced that they are joining Uber’s Advanced Technologies Center “to continue building out a world-class safety and security program at Uber.” Intel, a company with plenty of clout in the auto industry, also recently published a “Best Practices” white paper, providing recommendations for automakers to outfit their vehicles for privacy and cybersecurity “in the era of the next-generation car.”

The bonus of all the attention on car security? IoT security as a whole has been given more attention. Cars have not only pushed the Internet of Things forward, they have also reminded the world that as soon as anything is connected to the Internet, it becomes vulnerable to external parties.

Let us know what you think about security and the IoT on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Load More Posts