You are using an older browser version. Please use a supported version for the best MSN experience.

Top Stories

From bitcoin to biometrics: new tech brings same old security risks

Independent.ie logo Independent.ie 11/10/2018 Richard Gold
Bitcoin-related hacks and stolen ‘wallets’ have put dozens of firms out of business © Provided by Irish Independent Bitcoin-related hacks and stolen ‘wallets’ have put dozens of firms out of business

Bitcoin

Despite the hype around crypto currencies in general and Bitcoin in particular, Bitcoin suffers from several notable drawbacks, including a trend towards centralisation, excessive electricity usage, price volatility and susceptibility to theft.

Bitcoin, when brought down to its simplest form, is a set of cryptographic keys on a computer. These keys are stored as files known as wallets. It is the ease with which these wallets can be stolen which makes them such an attractive target for Black Hat hackers.

The website ‘Blockchain Graveyard’ details at least 62 Bitcoin-related institutions which have closed down as a result of being hacked. These are just the incidents that have become public knowledge. Many more individuals have had their wallets stolen by a variety of means and been left with nothing and no means of redress.


Download the Microsoft News app for your Android or iPhone device and get news & live updates on the go.

The methods with which this future technology can be attacked are the well-known stalwarts of other attackers: phishing, unpatched software and malicious insiders. These techniques are well-known precisely because they work and have delivered results for hackers for many years. New technology platforms ignore them at their peril.

An ATM selling Bitcoin cryptocurrency in an Adelaide shopping mall . Cryptocurrency ATMs are not as safe as previously thought as  a new form of fraud has emerged in the face of malware that targets Bitcoin ATM vulnerabilities. as hackers are using skimming devices to Bitcoin ATMs and there is no  verification or security standards for Bitcoin ATMs compared to a regular ATM requiring credit, or debit card for transactions, a Bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification (Photo credit should read Amer Ghazzal / Barcroft Media via Getty Images) © Getty An ATM selling Bitcoin cryptocurrency in an Adelaide shopping mall . Cryptocurrency ATMs are not as safe as previously thought as a new form of fraud has emerged in the face of malware that targets Bitcoin ATM vulnerabilities. as hackers are using skimming devices to Bitcoin ATMs and there is no verification or security standards for Bitcoin ATMs compared to a regular ATM requiring credit, or debit card for transactions, a Bitcoin ATM involves the use of mobile numbers and ID cards for user identity verification (Photo credit should read Amer Ghazzal / Barcroft Media via Getty Images)

Whilst these hacking techniques are considered basic, mitigating against them is not. No organisation can claim 100pc security and social engineering attacks such as phishing can often sneak through the net.

Although these hacking techniques have been successfully used for many years, we are seeing changes in the types of groups that use them. The Lazarus Group, attributed by the US government to North Korea, targeted Bitcoin exchanges with backdoored trading software and individuals with malicious Microsoft Office documents.

Biometrics

The usage of biometrics to strengthen authentication systems has become more widespread with the advent of fingerprint and facial recognition for smartphones.

Identity theft, which may be more accurately called “inadequate authentication”, is a growing concern as more online services and accounts can be taken over with only a bare minimum of information about the victim. Biometrics are frequently touted as the solution to this identity theft epidemic; however, we should be concerned about the security of these biometric systems themselves. These concerns are not hypothetical either.

Watch: What is cryptocurrency? (FOX News)

UP NEXT
UP NEXT

The Office of Personnel Management (OPM) in the United States was hacked and at least 5.6 million fingerprints were leaked as a result, according to the ‘Washington Post’, as well as many other types of sensitive data.

Whilst this stolen biometric data may only have limited utility now, the biggest trouble is yet to come.

As our fingerprints do not change significantly throughout our life, we are vulnerable to whatever technology changes are to come in the future.

Internet of Things (IoT)

Estimates range wildly on the numbers of physical sensors with Internet connections, typically referred to IoT, but conservative estimates range around the 20 billion mark in 2020. While the ideas behind IoT may appear to be modern, the technology is anything but. IoT devices fall prey to the kind of hacking techniques which have been known for decades: default credentials, unpatched software and unauthenticated updates.

A bitcoin logo is seen on an iPhone in this photo illustration on December 15, 2017. (Photo by Jaap Arriens/NurPhoto via Getty Images) © Getty A bitcoin logo is seen on an iPhone in this photo illustration on December 15, 2017. (Photo by Jaap Arriens/NurPhoto via Getty Images)

Using the same set of credentials (username and password) for every single shipped device is a practice long frowned-upon by security professionals, but this is still common practice for many IoT devices.

The Mirai botnet successfully infected many IoT devices simply by having a list of default usernames and passwords which it tried against Internet-connected devices. Once infected, the attackers were able to generate a DDoS (Distributed Denial of Service) attack of over 1Tb/s, one of the largest observed attacks to date.

IoT devices are not typically updated as frequently as desktop and laptops or even smartphones. As a result, vulnerabilities take a long time to be patched which gives attackers more chances to successfully exploit them.

At least 500,000 IoT devices, typically home routers, have been compromised by the VPNFilter malware which has features for both espionage and destruction. These kinds of devices are often forgotten about by organisations and individuals as they are unobtrusive and run in the background without interruption. Any device with an Internet connection requires attention and is a potential security concern.

Conclusions

Although new technologies proliferate at an alarming rate, we should keep in mind that the core technologies often do not change as quickly as we might think. Security issues and vulnerabilities have remained the same and attackers know how to take advantage of them.

While the types of attackers have grown, the methods to protect against them are well-known: raising awareness of phishing and other social engineering attacks, patching vulnerable software and firewalling services off from the Internet unless strictly necessary.

Dr Richard Gold is head of security engineering at Digital Shadows. He is a speaker at Dublin Information Sec 2018, Ireland’s cybersecurity conference which takes place on Monday, October 15 at the RDS. Information Sec is an INM event. For tickets and more information see here. For today only, a 25pc discount applies to tickets

AdChoices
AdChoices

More from Independent.ie

Independent.ie
Independent.ie
image beaconimage beaconimage beacon