Archive for mobile

What is Virtual Desktop Infrastructure (VDI)

Posted in security, big-ip, cloud computing, mobile, vdi, devcentral, infrastructure, access by psilva on March 8th, 2017

devcentral_basics_article_banner.png

What is VDI?

vdicon.jpgImagine not having to carry around a laptop or be sitting in a cubicle to access your work desktop applications. Virtual desktop infrastructure (VDI) is appealing to many different constituencies because it combines the benefits of anywhere access with desktop support improvements.

Employees typically use a wide range of mobile devices from laptops to tablets and from desktops to smartphones are being used. The diversity of these mobile devices and the sheer number of them in the workplace can overwhelm IT and strain your resources.

Desktop Virtualization centralizes sets of desktops, usually in a data center or cloud environment, and then provide access to your employees whether they are in the office, at home or mobile.  VDI deployments virtualize user desktops by delivering them to distinctive endpoint devices over the network from a central location. There are many reasons why organizations deploy VDI solutions – it’s easier for IT to manage, it can reduce capital expenditures, improve security and helps companies run a ‘greener’ business.

Since users’ primary work tools are now located in a data center rather than on their own local machines, VDI can strain network resources, and the user experience can be negatively affected. Desktop virtualization is a bit more complex than server virtualization since it requires more network infrastructure, servers, server administrators, authentication systems, and storage. VDI’s effect on the network is significant; it may necessitate infrastructure changes to accommodate the large volume of client information that will be traversing the network. When a user’s desktop moves from a physical machine under the desk to the data center, the user experience becomes paramount; a poor VDI deployment will result in IT being flooded with “My desktop is too slow” calls.

DIAG-ARCH-AVAIL-16553-vdi_1_.png

Why VDI?

Mobile devices and bring your own computing are popular drivers for VDI deployments.  It enables employees to work from anywhere and simplifies/unifies desktop management, especially updating operating systems and applications.  It can lower costs, provide flexible remote access; improve security and compliance along with potentially offering organizations disaster recovery options.  It also enables employee flexibility and reduced IT risk of employee owned devices. VDI allows employees work with a wide range of devices from laptops to tablets to smartphones.  Employees can sign on from wherever they are, whenever they like and with whichever device they choose.

Deploying virtual desktops can also increase IT efficiency and reduce IT workload since the desktops are centralized.  It also benefits IT with greater access and compliance control, while at the same time, allowing employees the freedom to use their mobile device of choice. IT departments can remove obsolete versions of application software or perhaps enhance the security policy. Either way, the employee always has the most up to date desktop image.

Things to Consider

Desktop virtualization is no longer about the desktop, it’s about allowing employees desktop access from wherever they are. So things like availability, access, security, DR, authentication, storage, network latency and SSO are all areas to keep in mind when deploying a VDI solution.

VDI Providers

Some VDI solutions include VMware View, Citrix XenDesktop, and Microsoft RDS.

Next Steps

If you'd like to learn more or dig deeper into VDI, here are some additional resources:

Also, here are some other articles from the #Basics Series.

 

 

 

 




What to Expect in 2017: Mobile Device Security

Posted in security, big-ip, mobile, byod, access, 2017 by psilva on February 21st, 2017

mobile_locks.jpgIf the last 10 years wasn’t warning enough, 2017 will be a huge year for mobile…again. Every year, it seems, new security opportunities, challenges and questions surround the mobile landscape. And now it encompasses more than just the device that causes phantom vibration syndrome, it now involves the dizzying array of sensors, devices and automatons in our households, offices and municipalities. Mobile has infiltrated our society and our bodies along with it.

So the security stakes are high.

The more we become one with our mobile devices, the more they become targets. It holds our most precious secrets which can be very valuable. We need to use care when operating such a device since, in many ways, our lives depend on it. And with the increased automation, digitization and data gathering, there are always security concerns.

So how do we stay safe?

The consumerization of IT technologies has made us all administrators of our personal infrastructure of connected devices. Our digital self has become a life of its own. As individuals we need to stay vigilant about clicking suspicious links, updating software, changing passwords, backing up data, watching financial accounts, having AV/FW and generally locking down devices like we do the doors to our home. Even then, the smartphone enabled deadbolt can be a risk. And we haven’t even touched on mobile payment systems, IoT botnets or the untested, insecure apps on the mobile phone itself.

iot.jpgCybersecurity is a social issue that impacts us all and we all need to be accountable.

For enterprises, mobile devices carry an increased risk, especially personal devices connecting to an internal network. From regulatory compliance to the disgruntled employee, keeping sensitive information secret is top concern. BYOD policies and MDM solutions help as does segmenting those devices away from critical info. And the issue isn’t so much seeing restricted information, especially if your job requires it, it is more about unauthorized access if the device is compromised or lost. Many organizations have policies in place to combat this, including a total device wipe…which may also blast your personal keepsakes. The endpoint security market is maturing but won’t fill the ever-present security gaps.

From your workforce to your customers, your mobile web applications are also a target. The Anti-Phishing Working Group (APWG) reports a 250 percent jump in the number of detected phishing websites between October 2015 and March 2016. Around 230,000 unique phishing campaigns a month, many aimed at mobile devices arriving as worrisome text messages. Late 2016 saw mobile browsing overtake desktop for the first time and Google now favors mobile-friendly websites for its mobile search results. A double compatibility and SEO whammy.

And those two might not be the biggest risk to an organization since weakest link in the security ecosystem might be third-party vendors and suppliers.

On the industrial side, tractors, weather sensors, street lights, HVAC systems, your car and other critical infrastructure are now mobile devices with their own unique security implications. The Industrial Internet of Things (IIoT) focuses on industrial control systems, device to network access and all the other connective sensor capabilities. These attacks are less frequent, at least today, but the consequences can be huge – taking out industrial plants, buildings, farms, and even entire cities.

The Digital Dress Code has emerged and with 5G on the way, mobile device security takes on a whole new meaning.

ps

 




OK 2017, Now What?

Posted in Uncategorized, big-ip, application delivery, mobile, devcentral, 2017 by psilva on January 4th, 2017

year_of_the_rooster.pngThe Year of the (Fire) Rooster will soon be upon us and the talkative, outspoken, frank, open, honest, and loyal Rooster could influence events in 2017. Whether you were born under the symbol or not, Roosters strive on trust and responsibility, essential for any organization especially in these times.

2016 (Year of the Monkey) brought us a crazy year of high profile breaches, a 500% increase in ransomware, a 0-day per day and slick malware each looking to cause havoc on all parts of society including your mobile device. The monkey’s shenanigans exhausted many of us in 2016 and 2017 will require some quick thinking and practical solutions to battle the ongoing, ever-growing threats.

A year ago I noted, Mobility, both the state of being and the devices we use, will continue to grow and be an immense enabler and/or inhibitor for organizations. Today, we are the devices, controllers and data generators and we’re interacting, even socially, with a growing list of robots and objects. Security continues to flummox folks both from a development standpoint – talking to you IoT manufacturers – and from a purely personal realm. The more connected devices we have in and around our lives, homes and offices the more opportunities for the bad guys to take advantage.

This is sure to continue as our digital, software-defined lives connect and intersect with the things around us. We’ll likely see a number of significant IoT security discussions coming out of CES this week too with cars and robots the starring attraction this year.

And as our lives – personal and professional – continue to be chronicled on the internet, the various thieves, nation states, and activists will continue to be one step ahead, probing data and looking for that golden slab of info. Making money, causing disruptions, or orchestrating outright take-downs through online attacks are big motivations for those seeking notoriety or simply a big score. But it’s not always from the crook or spy half a globe away. Insider threats, malicious or not, have made traditional concepts of the perimeter almost useless.

dc-logo.jpgHere at DevCentral, our community is ready to help you through many of your most challenging application delivery endeavors this year. Like the rooster, we aim to be open and honest about how to accomplish a task with BIG-IP...including when it cannot do something.  In recent weeks we’ve posted mitigations for Mirai bots, the recent PHP 0-days, along with a bunch of iControlREST solutions and an excellent article from Kevin Stewart about TLS Fingerprinting. And we look forward to answering your most perplexing BIG-IP questions. Also our very own Jason Rahm passed his Exam 201 - TMOS Administration so make sure you hit him up for some of your harder questions. The rest of the team will be looking to take the F5 Certified 201 sometime this quarter.

While trends like cloud, mobility, IoT, DevOps and big data will consume your attention, securing those trends and how they map to business objectives will come to roost in 2017 and DevCentral is here to help. Let’s try to be smart, practical, open and honest about our challenges and guard against the vain, boastful and attention grabbing bad guys trying to get the best of us.

The 2017 Rooster arrives January 28, 2017 and we’ll need to be prepared and stay calm when the proverbial fan starts spinning.

ps

Related:

 




F5 Access for Your Chromebook

Posted in security, f5, big-ip, ssl vpn, cloud, silva, application delivery, mobile, devcentral by psilva on October 12th, 2016

My 5th grader has a Chromebook for school. She loves it and it allows her access to school applications and educational tools where she can complete her assignments and check her grades. But if 5th grade is a tiny dot in your rear-view and you’re looking to deploy Chromebooks in the enterprise, BIG-IP v12 can secure and encrypt ChromeOS device access to enterprise networks and applications. With network access, Chromebook users can run applications such as RDP, SSH, Citrix, VMware View, and other enterprise applications on their Chrome OS devices.

From an employee’s perspective, it is very easy to get the SSLVPN configured. Log on to a Chromebook, open Chrome Web Store, search for ‘F5 Access’ and press the +ADD TO CHROME button. Add app when the dialogue box pops and F5 Access will appear in your ‘All Apps’ window.

f5_access.jpg

Next, when launched, you’ll need to accept the license agreement and then add a server from the Configuration tab:

add_server.jpg 

Next, give it a unique name, enter the BIG-IP APM server URL and optionally add your username and password. Your password will not be cached unless that’s allowed by the APM Access Policy. You can also select a client certificate if required. Once configured, it’ll appear in the list. You can also have multiple server configurations if needed:

added_server.jpg 

To connect, click the bottom tray bar and select the tile that says, ‘VPN Disconnected.’

f5access_tile.jpg

And select the server configured when setting up the app. Depending on the configuration, you’ll either get the native login window or the WebTop version:

f5access_login.jpg 

Once connected, there won’t be any indication in the tray but if you click it, you’ll see the connection status in the same VPN area as above and it’ll show ‘connected’ within the F5 Access app:

f5access_connected.jpg 

As you can see in the above image, you can also check Statistics and Diagnostics if those are of interest. To end the connection, click the tray again, select the VPN tile and click Disconnect.

For administrators, it’s as simple as adding a ‘ChromeOS’ branch off the ClientOS VPE action:

f5access_clientos.jpg

Then add a Connectivity Profile to BIG-IP:

f5access_connectivity_profile.jpg 

In addition to generic session variables, client session variables are also available. Check out the release notes and BIG-IP Access Policy Manager and F5 Access for Chrome OS v1.0.0 manual for more info.

ps

Related:




Is 2016 Half Empty or Half Full?

Updating passwords is a huge trend in 2016

july16.jpg

With 2016 crossing the half way point, let's take a look at some technology trends thus far.

Breaches: Well, many databases are half empty due to the continued rash of intrusions while the crooks are half full with our personal information. According to the Identity Theft Resource Center (ITRC), there have been 522 breaches thus far in 2016 exposing almost 13,000,000 records. Many are health care providers as our medical information is becoming the gold mine of stolen info. Not really surprising since the health care wearable market is set to explode in the coming years. Many of those wearables will be transmitting our health data back to providers. There were also a bunch of very recognizable names getting blasted in the media: IRS, Snapchat, Wendy’s and LinkedIn. And the best advice we got? Don’t use the same password across multiple sites. Updating passwords is a huge trend in 2016.

Cloud ComputingAccording to IDC, public cloud IaaS revenues are on pace to more than triple by 2020.From $12.6 billion in 2015 to $43.6 billion in 2020. The public cloud IaaS market grew 51% in 2015 but will slightly slow after 2017 as enterprises get past the wonder and move more towards cloud optimization rather than simply testing the waters. IDC also noted that four out of five IT organizations will be committed to hybrid architectures by 2018. While hybrid is the new normal remember, The Cloud is Still just a Datacenter Somewhere. Cloud seems to be more than half full and this comes at a time when ISO compliance in the cloud is becoming even more important.

DNS: I’ve said it before and I’ll say it again, DNS is one of the most important components of a functioning internet. With that, it presents unique challenges to organizations. Recently, Infoblox released its Q1 2016 Security Assessment Report and off the bat said, ‘In the first quarter of 2016, 519 files capturing DNS traffic were uploaded by 235 customers and prospects for security assessments by Infoblox. The results: 83% of all files uploaded showed evidence of suspicious activity (429 files).’ They list the specific threats from botnets to protocol anomalies to Zeus and DDoS. A 2014 vulnerability, Heartbleed, still appears around 11% of the time. DevOps is even in the DNS game. In half full news, VeriSign filed two patent applications describing the use of various DNS components to manage IoT devices. One is for systems and methods for establishing ownership and delegation of IoT devices using DNS services and the other is for systems and methods for registering, managing, and communicating with IoT devices using DNS processes. Find that half full smart mug...by name!

IoT: What can I say? The cup runneth over. Wearables are expected to close in on 215 million units shipped by 2020 with 102 million this year alone. I think that number is conservative with smart eyewear, watches and clothing grabbing consumer’s attention. Then there’s the whole realm of industrial solutions like smart tractors, HVAC systems and other sensors tied to smart offices, factories and cities. In fact, utilities are among the largest IoT spenders and will be the third-largest industry by expenditure in IoT products and services. Over $69 billion has already been spent worldwide, according to the IDC Energy Insights/Ericsson report. And we haven’t even touched on all the smart appliances, robots and media devices finding spots our homes. Get ready for Big Data regulations as more of our personal (and bodily) data gets pushed to the cloud. And we’re talking a lot of data.

Mobile: We are mobile, our devices are mobile and the applications we access are mobile. Mobility, in all its iterations, is a huge enabler and concern for enterprises and it'll only get worse as we start wearing our connected clothing to the office. The Digital Dress Code has emerged. With 5G on the way, mobile is certainly half full and there is no empting it now.

dc-logo.jpg

Of course, F5 has solutions to address many of these challenges whether you’re boiling over or bone dry. Our security solutions, including Silverline, can protect against malicious attacks; no matter the cloud -  private, public or hybrid - our Cloud solutions can get you there and back; BIG-IPDNS, particularly DNSExpress, can handle the incredible name request boom as more ‘things’ get connected;and speaking of things, your datacenter will need to be agile enough to handle all the nouns requesting access; and check out how TCP Fast Open can optimize your mobile communications.

That's what I got so far and I'm sure 2016's second half will bring more amazement,questions and wonders. We'll do our year-end reviews and predictions for 2017 as we all lament, where did the Year of the Monkey go?

There's that old notion that if you see a glass half full, you're an optimist and if you see it half empty you are a pessimist. I think you need to understand what state the glass itself was before the question. Was it empty and filled half way or was it full and poured out? There's your answer!

ps 




The Visible Data of the Invisible User

Posted in security, f5, silva, data center, mobile, devcentral, big-iq, iot, sensors, wearable by psilva on May 3rd, 2016

walkerlable.jpg

As the march to connect each and every noun on this planet continues with a blistering pace, the various ways, contraptions and sensors used to collect data is greatly expanding. What once was a (relatively) small collection of fitness trackers, smartwatches, thermostats, automobiles and surveillance cameras has grown into a an industry where shirts, shoes, sleeping bags and even liquor bottles want to gather your info. And most of these devices monitor silently without you even knowing. According to Ryan Matthew Pierson over at Readwrite.com, ‘The strength of IoT is in its ability to be invisible to the user.

In addition, the mad dash to simply insert a chip, beacon and software into everyday objects is slowly graduating to era where user experience, privacy and security are becoming critically important for mass adoption. In 2014 Gartner released a report saying the typical family home could have as many as 500 smart devices by 2022. The Consumer Technology Association (CTA) notes that 20% of US households now own an activity tracking wearable device, two-times the households that owned one last year. And Nielsen reported that smartphone penetration has reached 82% in the U.S.

Interacting and engaging with the customer in real time is a desire of many organizations.

From media and entertainment, to appliances, to transport technologies, to security and environmental controls, along with healthcare and fitness equipment almost every ‘thing’ around us will track something. Or as Dr. Nick Riviera sings, ‘The knee bone's connected to the something. The something's connected to the red thing. The red thing's connected to my wrist watch... Uh oh.’

And it is not only consumer items.

farmapp.jpg

The Industrial IoT is helping farmers with connected tractors, soil sensors, crop health apps and the like. There are HVAC systems that are managed by sensors; Streetlights, utilities, parking and traffic in a connected city; and even sports teams are using wearable tech to gain a competitive advantage. And according to Research and Markets, wearable tech in schools is set to surge over the next 5 years.

With the IoT growth comes threats, along with resources to reduce the risks. In Gartner’s latest forecast, IoT security spending is set to nearly double between 2014 and 2018, growing from about $232 million to almost $550 million. Nearly $350 million will go into securing IoT this year alone. They also predict that there will be 6.4 billion connected devices in use worldwide this year, up 30% from 2015.

The security investment is good news since according to Spiceworks and Cox Business, the flood of IT devices entering the market does create security and privacy issues in the workplace. 84% of their survey-takers named the growing number of entry points into the network as a major concern. Number two on the list, at 70% of respondents, was insufficient security measures on the part of IoT manufacturers.

But soon we might be able to solve some of the challenges with our Brain.

There are some very smart research brains out there that have come up with a way to identify you by your brain waves with 100% accuracy. This is your Brainprint. A team of researchers at Binghamton University, recorded the brain activity of 50 people wearing an electroencephalogram headset while they looked at a series of 500 images. The pictures were designed specifically to elicit unique responses from person to person. Images included things like pizza, a boat, certain words, celebrities and so forth. They found that participants' brains reacted differently to each image, enough that a computer system was able to identify each volunteer's ‘brainprint’ with 100% accuracy.

According to researchers, brain biometrics are appealing because they are cancellable and cannot be stolen by malicious means like a fingerprint or retina scan. The results indicate that brainwaves could be used by security systems to verify a person's identity. This could be key since our personal data and pattern of life seems to be more valuable now than a silly, worthless credit card number.

Brain & Invisibility: Activate!

   << signed 'ps' in Invisible Ink

Related:




You Never Know When…

Posted in silva, mobile, blogging, blog traffic, smartphone, scams by psilva on April 28th, 2016

An old article gets new life. #TBT

Back in 2012 I wrote an article titled Bait Phone. It was about cops dropping mobile phones with a tracking device and following the stealing culprit for an arrest. Like Bait Car but with a smartphone.

Over the weekend, I noticed that the article was blowing up but couldn’t figure out why:

428bait.jpg

I even tweeted out on Monday:

baittweet.jpg

At the time, I didn't realize something else was at play.

Then I decided to do a twitter search:

bait_tw.jpg

And found that a video with the same name as my blog post was trending: Bait Phone 2 - basically a stun gun with a remote. Over 2.2 million YouTube views in less than a week. It’s a prank video where they have a remote zapper to sting the culprits when they grab & walk away with the phone. One guy - who had it in his pocket - denied taking it until he was personally shocked.

When I did a Google search over the weekend, my article was still at the top but now the article is like #13 listed (maybe even lower) and the video has taken the top spot.

But you never know when an old article might pop due to some other circumstances. At least folks are reading it and not totally bailing!

Fun stuff.

ps 




Hello Infiltrators - Our Doors are Wide Open

Posted in security, f5, silva, privacy, mobile, cybercrime, iot, things, risk, sensors, society by psilva on March 11th, 2016

Gossamer_restored.jpg

In the 1946 classic ‘Hair Raising Hare,’ Bugs Bunny asks, ‘Have you ever have the feeling you were being watched? Like the eyes of strange things are upon you?’ Like Bugs often did, he breaks the fourth wall and involves the audience directly, invoking a feeling that someone is looking over your shoulder.

Today, it is likely the case that you are being watched by the strange (internet of) things that are starting to infiltrate our homes, cars, bodies and the whole of society. While there is a mad rush by people purchasing these things and a similar rush for companies to develop applications and services around those, many are not pausing to either understand the risks or build security into the products.

From home security systems to surveillance cameras to baby monitors to televisions to thermostats, examples pour in daily about flaws and vulnerabilities that leave you, your family and your home exposed. The way things are going, even if you’ve closed and locked your front door physically, that door is wide open to the digital world.

Here are just a few recent examples.

Might as well start with our dwellings. Security researchers at Rapid7 found flaws in in Comcast’s Xfinity Home Security system that would cause it to falsely report that the home’s windows and doors are closed and secured even if they’ve been opened. It also failed to detect an intruder’s motion inside the house. Attacking the system’s communications protocol, they used radio jamming equipment to block the signals that pass from the door, window, or motion sensor to the home’s baseband hub. The system didn’t notice the communication was breached and essentially, failed open without any alert to the owner. When the jammers were turned off, it took minutes to hours for the sensors to reconnect and still didn’t give any indication that a catastrophe could have occurred.

Next, to some of the things inside the insecure house. Experts are predicting that as more connected, smart-TVs enter the home, this will be an avenue for the bad guys to breach your home network. Almost half of U.S. households already have a smart-TV and close to 70% of the sets sold this year will have connectivity capabilities. A threat researcher with Symantec was able to infect his new Andriod-based smart-tele with some ransomware. Within a few seconds, the TV was locked and unusable with the fear inducing pay-up-pop-up ransom note.

Also giving outsiders a view of the inside, Princeton researchers found that certain IoT thermostats were leaking customer zip codes over the internet in clear text. Fortunately, when the manufacturer was notified they quickly issued a patch. There are many horror stories about strangers watching and talking to children via insecure baby monitors. Add to that, toys that record your kid's conversations puts the whole family at risk.

And out on the road, we’ve seen how researchers were able to control a Jeep and last week, researchers were able to remotely control any of the Nissan Leaf’s functions by using the mobile app’s insecure APIs. The unsecured APIs allowed anyone who knows the VIN of a car to access non-critical features like climate control and battery charge management from anywhere on the Internet. Also, someone exploiting the unauthenticated APIs can see the car's estimated driving range. They too, pulled access to the app until they can properly secure the infrastructure and application that supports the mobile app.

Lastly, if you think this is contained within a consumer based household, think again. A recent Ponemon/Lookout survey revealed that an average of 1,700 malware laced mobile devices per company, connect to an enterprise network. Wait ‘til all the insecure wearables start connecting. Employees are often referred to as the weakest link. Today it is mostly their insecure mobile devices but multiply that by a wardrobe, now the risk is enhanced.

ps

Related:

Image courtesy: https://en.wikipedia.org/wiki/File:Gossamer_restored.jpg



OK 2016 Monkey, Whatcha Got?

Posted in security, f5, silva, application delivery, privacy, mobile, humans, iot, sensors, 2017 by psilva on February 8th, 2016

yrofmonkey.jpgThe Year of the (Fire) Monkey is upon us and the curious, playful, smart, opportunistic and sometimes mischievous character could influence events throughout 2016. Whether you were born under the symbol or not, Monkeys thrive on challenges and 2016 is sure to bring some obstacles during the year.

2015 (Year of the Sheep) brought us a rash of high profile breaches, a bunch of new IoT devices and wearables, continued, bigger clouds and innovative attacks on vulnerable infrastructures along with the continuous deluge of big data. This is sure to continue as our digital, software-defined lives connect and intersect with the things around us. Organizations will need to extend their risk management focus to areas outside their control like the cloud and social channels but also consider the human element in all this. The new threats and heightened risk may put some companies in peril due to the lack of knowledgeable security IT personnel available.

Mobility, both the state of being and the devices we use, will continue to grow and be an immense enabler and/or inhibitor for organizations. Mobile is not only the new shiny phone you got over the holidays but also all the IoT gadgets looking for a place in our home, offices and bodies…along with how we interact with them as humans. Cutting the cord will mean more than subscribing to some streaming media service but the way of the wireless life. You are now the device, controller and data generator. With that, security challenges like authentication, privacy, malware/data protection, compliance and the management of those services will be paramount. 

And as our lives – personal and professional – continue to be chronicled on the internet, thieves, nation states and activists will continue to be one step ahead probing data and looking for that golden slab of info. Making money, causing disruptions or outright take downs through online attacks are big motivations for those seeking notoriety or simply a big score. But it’s not always from the crook or spy half a globe away. Insider threats, malicious or not, have made the traditional perimeter almost useless.

So while trends like cloud, mobility, IoT and big data will consume IT departments, securing those trends and how they map to business objectives will be the monkey on organizations back for 2016. Let’s try to be intelligent, dignified, clever, optimistic, confident, agile and curious about our challenges or the arrogant, deceptive, reckless and manipulative bad guys will get the best of us.

The 2016 Monkey is here, and we’ll need to handle it with grace.

ps

Related:

This article originally appeared 1-7-16 on F5.com

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Backseat Drivers, Your Wish Has Come True

Posted in security, f5, silva, intelligent devices, control, mobile, malware, breach, iot, things, sensors by psilva on January 27th, 2016

Excuse for speeding 10 years from now: ‘Officer, it was the software.’

When I was in college, I would drive the 1040 miles from Marquette Univ. in Milwaukee to my parent’s house in Rhode Island for things like summer vacation and semester break. It seemed to take forever, especially through Pennsylvania where the state speed limit at the time was 55mph. I always tried to complete it straight through yet would inevitably start the head drop and would fall asleep at some rest stop in Connecticut, about 3 hours from my goal. This is back when they still had toll booths on the Connecticut turnpike.

As an adult, my family has driven the 2000 miles from California to Minnesota to visit family. In both instances, I wished I could simply doze off, take a little nap, stay on the road and awake a couple hundred miles closer to the destination. Yes, we alternated drivers but that also meant I wasn’t driving. For some reason, I had a much easier time falling asleep while holding the steering wheel than in shotgun position.

Soon, you just might be able to notch that seat in recline or even stretch out in the back – do I hear third row - while your car continues on its merry way. Deutsche Telekom and Nokia conducted the first demonstration of car-to-car communication over a high speed cellular connection with close to 5G performance. And they did it on the recently inaugurated Digital A9 Motorway Test bed - Germany’s Autobahn. The cars connected over a regular LTE service optimized for rapidly moving vehicles. They used a cellular network since it is already in place and didn’t need to negotiate a digital handshake to connect.

Nokia says that its technology cut the transmission lag time to under 20 milliseconds, versus today’s limit of 100+ milliseconds, give or take. And it is counting the relay time from one car to another, via a central cloud. This was simply a test to see how self-driving cars could communicate while travelling at high speeds. These connected cars will have a lot of data chatter but outside our earshot.

There is also growing attention to automobile vulnerabilities as more of these driverless cars start to appear on our roads. Recorded Future has a great graphic showing some of the attacks and exploits against automakers, vehicles and components since 2010.

timelinelogo1.png

Just like our applications, there is a growing list of the types of connected vehicle focused hackers. From researchers to criminals to insiders to competitors and even nation states are all trying to target these vehicles for their own purposes. And they all have their own motives as you can imagine. TechCrunch has an excellent article Connected Car Security: Separating Fear From Fact which digs into the short history of car vulnerability research along with the various players and what they are digging for.

Meanwhile, Ford Motors announced that they will begin testing self-driving cars at a Michigan facility called Mcity. A fake town with stores, crosswalks, street lights and other scale structures to test the software and sensors controlling the car. They’ve also announced that whatever driver data is generated (which can be up to 25GB and hour) is the customer’s data. Ford says they will only share it with the customer’s informed consent and permission.

And lastly, a Google self-driving car was lit-up by a CHiP in Mountain View for going too slow – 24mph in a 35 zone. Too bad no one was at the wheel to sign for the ticket. The officer quickly realized that he pulled over an autonomous car and asked the human passenger about the speed settings while reminding him of the CA Vehicle Code. This model tops out at 25mph for safety reasons and no ticket was issued.

And in the future, remember this: ‘Officer, it was the software.’

ps

Related:

This article originally appeared 11.19.15 on F5.com

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]




« Older episodes ·