Security

GeoEdge detects malvertising attack on smart home IoT devices, says antivirus apps and firewall not enough

A global-scale malvertising attack, the first ad-based cybercrime that targets home-network based IoT devices, has been uncovered by global cybersecurity company GeoEdge.

GeoEdge’s security researchers identified both the attack vector as well its origins in Slovenia and Ukraine in cooperation with the company’s AdTech partners InMobi and Verve Group.

GeoEdge says its security research team has been investigating the malvertising attack on smart home IoT devices since mid-June 2021.

The widely distributed attack vector is the first to use online advertising to silently install itself on apps on home-WiFi-connected IoT devices, and only requires that hackers possess a basic understanding of device API documentation, some JavaScript knowledge, and online advertising skills.

Market research firm IoT Analytics forecasts more than 30 billion IoT device connections worldwide by 2025. The sheer number of devices makes them attractive to malvertisers, and hackers can exploit them.

“GeoEdge’s patented behavioural code analysis technology and advanced malware detection capabilities detected these online ads covertly injecting malware into smart-home IoT devices,” explains GeoEdge CEO Amnon Siev. “We were able to expose the origin, infrastructure, and global scale of these attacks. This joint mission is built on trust and a deep understanding of the threat landscape which has enabled us to create a new standard for user protection.”

“Malvertising,” or malicious advertising, spreads malware through the injection of malicious code into online display ads via online advertising networks, which can potentially risk infection.

Advertising networks are generally unaware they are serving malicious content.

According to GeoEdge, users targeted with the attack aren't even required to click on the infected ad or navigate to a malicious page to initiate the attack on home network devices.

“It is critical that we have the checks and balances to identify and contain potential malicious threats before they can infect users’ devices,” explains InMobi senior vice president and general manager, publisher platform and exchange Kunal Nagpal.

Nagpal says InMobi’s collaboration with GeoEdge enhances user protection across advertising networks through real-time protection, and ensures delivery of safe ads to partners.

According to GeoEdge’s research, the IoT attack has the ability to manipulate IoT devices, download apps without users’ content, and risks theft of personal information and monetary instruments, as well as tampering with home systems such as smart locks and surveillance cameras.

GeoEdge notes antivirus apps and even firewalls are not sufficient, making it necessary to continuously block infected ads in real-time to prevent them from being rendered and presented to users.

Verve Group vice president of engineering Pieter de Zwart says that as the ad security landscape evolves, new cybersecurity risks require solutions.

He concludes that GeoEdge is committed to ensuring a safe advertising experience. “Partnering with key industry players enables us to fulfil that mission.”

Spotlight

Other News
Industrial IoT

Syniverse Joins Forces with Microsoft to Offer Global SIM Solution for Azure Private MEC

Business Wire | October 06, 2023

According to Juniper Research, the number of global private cellular Internet of Things (IoT) roaming connections will grow by more than 800% in the next four years, climbing from 15 million in 2023 to 142 million by 2027. Given this mass surge, organizations must make sure they have uninterrupted connectivity across devices, along with complete visibility into their whole program. To meet the need for more reliable connectivity, Syniverse, "the world's most connected company,"® is partnering with Microsoft to make its Global SIM solution available for use with Microsoft Azure private multi-access edge compute (MEC). This strategic collaboration allows enterprises deploying a private network at their operational facilities, using Azure Private 5G Core on Azure edge platform, to leverage Syniverse solutions to support OT applications that require private-to-public 5G and LTE network interoperability. With this add-on service, IoT devices for asset tracking, frontline workforce collaboration, and autonomous guided vehicles (AGVs) primarily connected on private networks can roam over a public network on demand or leverage public networks for improved resiliency. Enterprises using workforce tablets on public networks can also switchover to dedicated private networks at enterprise facilities. Whether it’s a utility company that desires a localized wireless network solution that’s fast, dependable, and secure, or a large-scale manufacturer that wants to extend connectivity well beyond its facility, private wireless networks are the driving force that will enable these capabilities. But these aren’t the only industries that will benefit from the power of this solution — mining, shipping, transportation, logistics, healthcare, and even smart cities can improve the lives of users by enabling reliable, global, and secure roaming between private and public networks. Given the rapid expansion of private wireless networks and the Internet of Things, seamless roaming between private and public networks is more essential than ever, said Harry Patz, Jr., Chief Revenue Officer at Syniverse. Through this integration, Azure users will benefit from technology that lets devices move to public networks and automatically revert to the private network when it's available. This prevents businesses from racking up costly roaming revenues if their devices remain connected to public networks, eliminates communication issues regardless of where in the world these devices are located, and ensures their continued security. All of which go a long way toward improving the customer experience. Syniverse recently received an IoT Evolution Private Wireless Network Innovation Award from IoT Evolution World, the leading publication covering IoT technologies. The awarded solution is built on patented Automated Network Reselection (ANR) technology, a unique feature that provides secure and seamless connectivity as mobile devices move from private to public networks and back. It includes subscriber identity module (SIM) management and hosted or on-premises core functionality, policy, and cloud integration, and it is ideal for organizations that demand reliable connections, high speeds, and minimal latency, as well as the option to increase security based on specific devices. Microsoft private network customers can now integrate Syniverse Global SIM, a platform as a service (PaaS), that provides global coverage in over 200 countries and gives control over cellular data and precision policy management over every device in an organization. "Syniverse’s Global SIM solution offers our enterprise customers with global, multi-site operations, the capability to support applications that traverse private and public connectivity and offer mission critical resiliency," said Tad Brockway, Corporate Vice President, Azure for Operators, Microsoft. "We are working together to integrate and validate the solutions to make it really simple for enterprises to manage solutions built with Azure private MEC." The Syniverse Global SIM solution is available in the Microsoft Azure Marketplace. About Syniverse Syniverse is the world's most connected company. We seamlessly connect the world's networks, devices, and people so the world can unlock the full power of communications. Our secure, global technology powers the world's leading carriers, top Forbes Global 2000 companies, and billions of people, devices, and transactions every day. Our engagement platform delivers better, smarter experiences that strengthen relationships between businesses, customers, and employees. For over 30 years, we have accelerated important advances in communications technology. Today we are an essential driver of the world's adoption of intelligent connectivity, from 5G and CPaaS to IoT and beyond. Find out more at https://www.syniverse.com.

Read More

Industrial IoT

emnify and Skylo Unveils Converged Connectivity at MWC

Skylo Technologies | September 25, 2023

emnify, a leader in cloud-native IoT connectivity solutions, and Skylo, a global software-defined non-terrestrial network (NTN) operator, have unveiled an industry-first convergence of satellite and cellular IoT connectivity from a single emnify SIM. This collaboration, in partnership with module manufacturer Murata, expands the IoT connectivity landscape to include space, reducing operational costs and complexities. This innovative IoT connectivity solution is aimed at global IoT deployments, including remote and previously inaccessible areas. This collaboration addresses the growing demand for global, reliable, and cost-effective IoT connectivity solutions that can operate in remote regions and improve the monitoring and tracking of assets. Vice President Corporate Technology and Innovation at Murata, Mehul Udani, said, It’s critical that IoT customers have reliable, cost-effective, integrated hardware solutions to take advantage of innovations in IoT connectivity. Murata’s cellular and NTN radio modules, together provide a breakthrough in offering converged connectivity around the globe. [Source: Business Wire] emnify and Skylo have introduced converged satellite and cellular IoT connectivity from a single SIM. The solution reduces operational costs and complexities, expanding IoT's reach to various use cases. Partnerships with Murata and the integration of NTN satellite services offer reliable and global IoT connectivity. Emnify and Skylo are leveraging the SuperNetwork with Skylo’s NTN satellite connectivity to enable transformative IoT use cases. These include remote monitoring systems, which allow reliable monitoring of resources in remote areas, and asset tracking, which provides continuous data for equipment location and telemetry. This innovative solution merges satellite and cellular connectivity, extending tracking capabilities to previously unreachable locations. Emnify and Skylo are offering an evaluation program for customers to test the SuperNetwork's capabilities, and they will host a roundtable at Mobile World Congress to discuss the potential of this converged IoT connectivity. Frank Stoecker, CEO and founder of emnify, stated that their collaboration with Skylo underscores their commitment to expanding the SuperNetwork and creating new opportunities and open new markets for IoT businesses everywhere. The addition of satellite connectivity exemplifies the power of the SuperNetwork to go beyond the traditional networks and provide dedicated connectivity with worldwide reach. About Skylo Technologies Skylo Technologies is an NTN service provider facilitating direct connectivity for smartphones and IoT cellular devices through satellite infrastructure. The management and service for these satellite-connected devices are administered through Skylo's commercial NTN vRAN, featuring a cloud-native base station and core adhering to 3GPP standards. Skylo's primary focus revolves around enabling connected services for individuals in outdoor settings and connected workflows for machinery in various industries, including agriculture, maritime, logistics, mining, and more.

Read More

IoT Security

SecurityGen expands in Middle East, Aligns with Digital Growth

SecurityGen | October 12, 2023

Cybersecurity provider SecurityGen is expanding its operations in the Middle East to support the region's accelerated growth of 5G and digital transformation initiatives. With the rapid growth of 5G and initiatives like Saudi Vision 2030, there is a significant need for secure high-speed broadband networks in the Middle East. Cities in the region are utilizing 5G for IoT-based applications like 'Smart City' initiatives, and operators need to ensure network security to capitalize on these opportunities. 5G is expanding quicker than any other mobile generation in history. However, this increases the risk of cyberattacks against operators and their consumers. By 2025, there will be approximately 50 million 5G connections in the MENA region, with approximately 20 million in the GCC Arab States. By 2025, the GCC Arab States will be marginally ahead of the global average in terms of 5G adoption, with 16 percent (5G as a percentage of total mobile connections) versus 15 percent globally. Amit Nath, Co-founder and CEO at SecurityGen, stated, The Middle East represents potential for significant growth in 5G over the next few years. As the region expands culturally and economically via digital transformation projects along with ambitious initiatives like Saudi Arabia's Saudi Vision 2030, the spotlight is on the telecom operators and how they deliver secure high-speed broadband to communities in the areas beyond the reach of wireline networks. [Source: Cision PR Newswire] SecurityGen will bolster its presence in the Middle East by enhancing its delivery capabilities and senior leadership. This expansion aims to cater to the growing adoption of 5G and IoT-based projects in the region, helping telecom operators secure their networks from cyber threats. SecurityGen's new Managing Director for the Middle East & Africa, Imad Ayad, with over 20 years of experience in telecom and tech, will drive growth and strengthen partnerships with operators and enterprises in the region. Nath added that their appointment of Imad Ayad as the new Managing Director for Middle East & Africa at SecurityGen aimed to facilitate further growth throughout the region. Ayad possesses more than two decades of experience in leading roles within the telecommunications and technology sectors, including significant positions at Nokia, Alfa Telecommunications, Enghouse Networks, and Tranglo. Nath also emphasized that Ayad's specialized background in Value-Added Services (VAS) and SMS security, combined with SecurityGen's extensive expertise and established security solutions, positioned them as an ideal partner for operators expanding their 5G operations in the region, with a primary focus on cybersecurity. About SecurityGen SecurityGen, established in 2022, is a worldwide entity with a dedicated focus on telecommunications security. Their mission revolves around establishing a strong security framework to facilitate secure telecom digital transformations and guarantee the safety and resilience of network operations. The organization's comprehensive range of products and services is strategically designed to offer an all-encompassing defense against both established and cutting-edge telecom security threats.

Read More

Industrial IoT

EchoStar Partners The Things Industries to Offer LoRa IoT Solutions

EchoStar Corporation | September 22, 2023

EchoStar Mobile Limited, a subsidiary of EchoStar Corporation, has partnered with The Things Industries to offer hybrid satellite and LoRa Internet of Things solutions for businesses in Europe. This collaboration integrates EchoStar's satellite IoT capabilities into The Things Stack, a cloud-based LoRaWAN network server, enabling IoT devices to have seamless, real-time, two-way communication over satellite or terrestrial networks through a single, dual-transport, generic node. The collaboration will benefit businesses and organizations across Europe by extending the reach and reliability of their IoT devices, particularly in challenging and remote areas. EchoStar Mobile's LoRa-enabled IoT network, launched last year, provides bi-directional, real-time LoRa connectivity across Europe. Integration with The Things Stack Cloud elevates this offering to a global scale, offering multi-country service continuity for sectors such as utilities, logistics, transportation and agritech. The partnership allows for plug-and-play integration of satellite and terrestrial transports into the same node or module for IoT applications, offering cost-effective and reliable IoT deployments with continuous coverage, even in remote locations. It breaks the limitations of terrestrial infrastructure by introducing satellite connectivity to The Things Stack LoRaWAN Network Server and its Generic Node Concept Edition. It offers businesses the flexibility to expand their IoT deployments to areas previously considered inaccessible. The partnership will be showcased at The Things Conference, a premier LoRaWAN event, where attendees will witness the capabilities of hybrid satellite-terrestrial IoT connectivity along with The Things Industries' Generic Node Concept Edition. About EchoStar EchoStar Corporation is a global leader in satellite communication solutions, serving consumer, enterprise, operator, and government needs worldwide under its Hughes, HughesNet, and EchoStar brands. Operating in Europe as EchoStar Mobile Limited and in Australia as EchoStar Global Australia, the company provides a comprehensive suite of services. EchoStar Satellite Services L.L.C. owns and operates a fleet of 10 satellites, offering vital communication infrastructure to media, enterprise, and government clients. Hughes Network Systems, LLC leads the global satellite broadband market with HughesNet, catering to diverse budgets. EchoStar fosters innovation and seeks passionate individuals dedicated to shaping the future of communications.

Read More