Security Media Publishing Ltd

Security News Desk Issue 20

Issue link:

Contents of this Issue


Page 1 of 27

2 News Issue sponsor Dallmeier_S-Panomera_210x150_UK.indd 1 10.02.2016 14:37:46 Global MSC sponsor SND20 is issue of the newspaper, SND 20, is sponsored by Global MSC, an independent security consultancy who provide expert advice and act as trusted advisors in all aspects of physical and manned security - including perimeter, CCTV and access control systems. Based in Bristol, Global MSC run an annual seminar, which this year is titled "Advances in Security in the Digital Age", and will be held in the Bristol Hotel on 14th and 15th November 2016. e main sponsors of this year's event are WCCTV who were formed in 2001 and are now the UK's leading manufacturer of redeployable CCTV, site security solutions and body worn cameras. ey clearly recognise the value the seminar provides to all. For more information on Global MSC's 2016 annual seminar, turn to page 23. CSL sets conditions to grow CSL sets conditions to grow as the CSL management team re-invests with Norland, ICONIQ and RIT Capital partners. CSL, the provider of Critical Connectivity solutions for machine- to-machine communications, has been acquired by Norland Capital, ICONIQ Capital and RIT Capital Partners. CSL is a connectivity solutions provider in the M2M/IoT sector. With over 400,000 managed connections the company is the market leader, providing managed connectivity within the Fire & Security and Telehealth sectors. Since Bowmark's investment in 2011, CSL has invested significantly in its core Fire & Security customer base, providing high levels of service and product innovation. As a result, CSL's DualCom signalling range has become the market leading solution for over 2,000 professional security installers and the security choice for thousands of homes, commercial business and high street brands. CSL's founder, Simon Banks, commented on the investment: "we are keen to continue investing in product innovation and support for our Fire & Security customer base in the UK, Ireland, Nordics and Netherlands. e new partnership enables CSL to expand into other close verticals and take managed connectivity to a world stage." Ed Heale, Managing Director of CSL, added: "with the support of our new financial partners, we can continue to improve the service we provide in our existing markets, as well as accelerate our plans in other sectors both organically and through acquisition." CSL was founded in the UK in 1996 and are the market leaders in providing M2M and IoT solutions in the Security and Health Sectors with operations in the UK, Ireland, Sweden and the Netherlands. is current takeover comes aer a successful management buy-out in 2006, led by Group CEO Phil Hollett and Simon Banks, who is the founder and Group Managing Director. CSL pioneered the move from wired to wireless communication in the electronic security and Telehealthcare sectors with the introduction of the multi-network WorldSIM which provides maximum uptime. e company is now the trusted choice to provide the Critical Connectivity for nearly half a million M2M devices throughout Europe. eir Security range provides simple and reliable alarm signalling for domestic, commercial and retail premises whilst the Health range enables wireless Telecare Services for vulnerable residents. Iran has become the first country to ban Pokémon GO outright. Despite restrictions on internet usage in Iran the BBC reports that, "there have been a number of discussions on social media about the game." ey added, "e Iranian High Council of Virtual Spaces, which is the official body overseeing online activity took the decision to ban the game aer having tried to see to what extent the game's creators would co-operate with them." It is not known what cooperation was requested. Pokémon GO, from developer Niantic, has only been released officially in the US, UK and Australia. For those not in the know, it is a craze to catch virtual monsters in real world settings. As well as safety concerns of people playing it in dangerous areas, there seems to be a very real number of security concerns. In the terms and conditions for the game it clearly states that the data used by the game, and this is personal data, locational data and with the option for the user to photograph themselves with their captured Pokémon character, photo data, could be moved to USA based servers; essentially bypassing any home country security or privacy laws given the option to capture local images. is will "almost certainly have concerned the Iranians", James Abernethy a former British Intelligence officer told Security News Desk. omas Rid, Professor of Security Studies with King's College London has said guidelines for US military and government workers when using Pokémon Go were shared with him by a US government officer. ey discuss Operational Security (OPSEC) best practices and include "avoiding playing the game anywhere that shouldn't be geo-tagged, not using a personal Gmail account with the game or a username associated with your social media accounts, exercising caution when taking pictures of Pokémon with the in-game augmented reality camera, and staying aware of your surroundings." Rid then notes this is, "generally good advice even if you aren't an intelligence officer." e Indonesian police have banned its use whilst on duty. e issue with Gmail was identified by the blogger Adam Reeve who wrote, "To play the game you need an account. Weirdly, Niantic won't let you just create one - you need to sign in with an existing account from one of two services - the www.pokemon. com website or Google. Now the Pokémon site is for some reason not accepting new signups right now so if you're not already registered there you'll need to use a Google account - and that's where the fun really begins." He went on to highlight how logging into the application via your Google account gave Pokémon Go full access to all of your Google account services, ie they could see and modify anything to do with your account. Niantic quickly released a statement on their website saying: "We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO's permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves." It seems the developers of the game got it out to market before all of the security implications around the app had been considered. If that wasn't enough, a leading cyber security company has commented on potential issues with BYOD in the workplace. Devin Jones, SVP of Product Management at Cyber adAPT said, "e release and popularity of Pokémon Go came out of the blue for everyone except the 40 million teenagers in the United States. is application provides an interesting case study that illustrates the risks of BYOD in the enterprise. Businesses can't prevent users from downloading apps on their personal devices and those apps will drive traffic to and from the corporate network. How does a business maintain control and visibility of their corporate traffic when users are hunting down virtual creatures and sharing GPS coordinates directly with other users? More importantly, how do you know that GPS tracking packets aren't exfiltrating your financials?" Vladimir Kuskov, Security Expert at Kaspersky Lab outlined yet another flaw in the app security, that could cause a BYOD problem when working on android devices: "e Android version of the Pokémon Go app has been affected with malware called the "HEUR:Trojan- Spy.AndroidOS.Sandr.a" and there has been a lot of advice online about how to get the app early if it has not been made available in a certain country." Kuskov concluded, "e use of popular online games as a vehicle for installing malware is well known, and the best way to protect yourself and your device is to only install apps from official app stores and to complement this with an appropriate security solution. Don't take short cuts, disable device security or download soware from an unverified source; it's just not worth it." Latest gaming craze identifies real security concerns what are the issues and potential threats associated with the phenomenon that is pokémon Go? philip ingram reports. "Don't take short cuts, disable device security or download soware from an unverified source; it's just not worth it." - Vladimir Kuskov, Security Expert, Kaspersky Lab

Articles in this issue

Links on this page

view archives of Security Media Publishing Ltd - Security News Desk Issue 20