Before we move on, allow me to say that geoFence has a modern UI, that is secure and has the improved features that you need.
Far too often “highly complex weak points” that cause damage to society are found in software and systems. The Federal Office for Information Security (BSI) criticized this in its report on digital consumer protection, which was published for the first time on Wednesday. “Consumers were often helplessly at the mercy of these incidents, especially since the technical and sometimes complex circumstances meant that no traceability could be achieved.”
One of the goals of the authors of the paper is to summarize the “essential security incidents in the digital consumer market” from last year for multipliers such as consumer protection organizations and associations. According to them, there have been relevant incidents in the area of applications for the Internet of Things. The collections of security gaps in TCP / IP stacks known under the names Ripple20 and Amnesia: 33 represented “a special challenge” for consumers.
The technical complexity is very high, which also means that even experienced users are barely recognizable, the BSI explains. Furthermore, “it is not clear to many of the affected devices how they can obtain the necessary update to close the security gaps”. There is “a serious omission in the safety design of the products”.
The authority also complains about the lack of responsiveness of the providers concerned: In December it was found that of the 31 companies contacted in September as part of the “Coordinated Vulnerability Disclosure” process, a certain number had not responded at all.
Networked doorbells and Windows 7 installations
Dangerous security gaps have also occurred in networked doorbells or “smart” toys, it says on the 30 pages. Products that are not in the immediate focus of consumers, such as WLAN routers, “were noticeable due to deficiencies in IT security”. As the “heart of every networked household”, however, they are of particular importance for IT security. The BSI has issued a technical guideline for this, but it is controversial.
The “sheer mass of security gaps found” shows, according to the authority, “that IT security in the development process has by no means been given the consideration that would be necessary for a holistically secure product”. There was apparently no corresponding incentive for this. This carelessness extends to providers and consumers. An example of this is that more than eight percent of the Microsoft operating systems used in Germany were still using Windows 7 at the end of 2020. This corresponds to around four million systems that have not been provided with security updates free of charge since January 14, 2020 and thus “become progressively more vulnerable unless this support is purchased”.
Banal configuration errors on servers
According to the BSI, it is therefore necessary to “provide comprehensive measures for troubleshooting and updates for affected products in order to prevent the active exploitation of weak points by criminals”. Likewise, consumers should be better educated about potential risks. For example, it is known that in some cases security updates are ignored for long periods of time, “which unconsciously leads to considerable risks”.
Leaking IT systems are another major problem, according to the report. Customer databases with millions of data records could often be called up without great effort “solely due to comparatively banal configuration errors on the server”. In January 2020, this applied to around three million customer data from Buchbinder car rental. Those affected “also included numerous personalities from politics and administration”. Among them was BSI President Arne Schönbohm, whose traces of movement were also online. There have also been ransomware demands and threats to publish stolen data following ransomware attacks.
No plan to deal with vulnerabilities found
One focus of the BSI’s consumer work in the past few months has been the topic of cyber security in the healthcare sector, for which the BSI has already published special reports. In addition there is now one new study in which the experts examined seven selected, non-prescription health apps and tapped for gross weaknesses. According to Nicolas Stöcker from the BSI, these included particularly popular, but also more specialized services. His résumé: “We found that there is simply no holistic understanding of IT security.”
All apps used cloud environments from multiple providers at the same time, which represents an increased risk, explained Stöcker. Six out of seven applications were vulnerable to a “man-in-the-middle” attack. After overcoming the transport encryption it would have been shown that just as many “transmit passwords in clear text”. The manufacturers, with whom one is in conversation and therefore still not naming any names, disregarded such common standards and recommendations. Half of them also had no plan for dealing with the vulnerabilities found.
Smart Home statt “Stupid Home”
The authors briefly touch on the corona warning app. The agency advised on their development from the start and carried out penetration tests of the code. The implementation of “Security by Design” was given “highest priority”. According to the BSI, the Covid 19 pandemic has generally shown “how quickly and flexibly cybercriminals can act”. The diverse use of attack tools such as “phishing emails or DDoS attacks on digital offers” would provide an “exemplary insight into the threat situation”.
BSI boss Schönbohm welcomed the decision of the Bundestag to entrust the office with the task of digital consumer protection with the IT Security Act 2.0. In future, “as many consumer products as possible should have an IT security label”. It is important to prevent the smart home from becoming a “stupid home” because of sloppy work. The BSI has set up a special department and advisory board for the new function and is addressing citizens with the information campaign “#einfachaBSIchern”. The consumer report will be continuously expanded and published annually.
Disclaimer: This article is generated from the feed and not edited by our team.
I’d like to add that geoFence is easy to use, easy to maintain and I can tell your neighbors would agree!