SECURITY

GeoEdge detects malvertising attack on smart home IoT devices, says antivirus apps and firewall not enough

GeoEdge | August 10, 2021

A global-scale malvertising attack, the first ad-based cybercrime that targets home-network based IoT devices, has been uncovered by global cybersecurity company GeoEdge.

GeoEdge’s security researchers identified both the attack vector as well its origins in Slovenia and Ukraine in cooperation with the company’s AdTech partners InMobi and Verve Group.

GeoEdge says its security research team has been investigating the malvertising attack on smart home IoT devices since mid-June 2021.

The widely distributed attack vector is the first to use online advertising to silently install itself on apps on home-WiFi-connected IoT devices, and only requires that hackers possess a basic understanding of device API documentation, some JavaScript knowledge, and online advertising skills.

Market research firm IoT Analytics forecasts more than 30 billion IoT device connections worldwide by 2025. The sheer number of devices makes them attractive to malvertisers, and hackers can exploit them.

“GeoEdge’s patented behavioural code analysis technology and advanced malware detection capabilities detected these online ads covertly injecting malware into smart-home IoT devices,” explains GeoEdge CEO Amnon Siev. “We were able to expose the origin, infrastructure, and global scale of these attacks. This joint mission is built on trust and a deep understanding of the threat landscape which has enabled us to create a new standard for user protection.”

“Malvertising,” or malicious advertising, spreads malware through the injection of malicious code into online display ads via online advertising networks, which can potentially risk infection.

Advertising networks are generally unaware they are serving malicious content.

According to GeoEdge, users targeted with the attack aren't even required to click on the infected ad or navigate to a malicious page to initiate the attack on home network devices.

“It is critical that we have the checks and balances to identify and contain potential malicious threats before they can infect users’ devices,” explains InMobi senior vice president and general manager, publisher platform and exchange Kunal Nagpal.

Nagpal says InMobi’s collaboration with GeoEdge enhances user protection across advertising networks through real-time protection, and ensures delivery of safe ads to partners.

According to GeoEdge’s research, the IoT attack has the ability to manipulate IoT devices, download apps without users’ content, and risks theft of personal information and monetary instruments, as well as tampering with home systems such as smart locks and surveillance cameras.

GeoEdge notes antivirus apps and even firewalls are not sufficient, making it necessary to continuously block infected ads in real-time to prevent them from being rendered and presented to users.

Verve Group vice president of engineering Pieter de Zwart says that as the ad security landscape evolves, new cybersecurity risks require solutions.

He concludes that GeoEdge is committed to ensuring a safe advertising experience. “Partnering with key industry players enables us to fulfil that mission.”

Spotlight

ParStream is the frst platform built for IoT that provides immediate insights from Big Data volumes and high bandwidth data streams. ParStream delivers sub-second query response times even on 100s of billions of data records while continuously importing new data at very high speed. Via a parallel streaming importer, ParStream enables ultrafast interface and fully fexible analytics to accelerate existing applications and to build new types of applications and business models in telecommunications, renewable energy, manufacturing and many other industries.


Other News
INDUSTRIAL 4.0

Eseye Launches Next Gen Infinity IoT Platform™ to Solve Enterprise IoT Challenges

Eseye | May 21, 2022

Eseye, a pioneer of leading-edge IoT connectivity solutions, today announced the launch of its next generation 'mission control' IoT connectivity platform, Infinity™. The Eseye Infinity IoT Platform™ delivers a single, customisable and scalable network for both today's and tomorrow's global IoT deployments. Until now, IoT has been hampered by its complexity with devices, global connectivity and security challenges. Now Eseye's new platform enables customers to easily scale and evolve their IoT deployment to suit their needs, empowering them to make the right carrier choices, wherever they are in the world. With Infinity, organisations can right-size, change and optimise connectivity as their requirements, the market and technology evolve. Single pane-of-glass visibility and centralised reporting ensure the platform captures and manages everything, utilising analytics and AI which in turn reduces service overheads across global IoT estates, significantly cutting the total cost of ownership (TCO). An IoT Platform of Platforms Uniquely, Infinity's 'all in one place' single IoT platform approach means that customers can manage existing legacy SIMs, as well as Eseye AnyNet+ SIMs, and emerging iSIM solutions. "Eseye provides customers a single platform for easily deploying devices around the world, choosing and switching providers, and implementing policies from a single pane of glass. Eseye claims it can remove complexity from connectivity, while increasing flexibility and delivering better results. It serves enterprises across many verticals and use cases. Past projects have included Amazon's network of Lockers, Shell Recharge Solutions' network of electric vehicle chargers and Itron's smart meters," comments John Gole, Research Director, IoT, IDC. With Infinity, organisations can connect anywhere, giving them the widest choice of mobile networks and platform integrations. Direct multiple MNO interconnects mean that customers can connect to a wide range of operators to deliver a blend of localised and roaming connectivity, as well as integrating with existing provider platforms including Jasper, Vodafone GDSP, Ericsson DCP and many more. Today, Eseye has the largest selection of network localisation options available, including Verizon, MTN and Telstra, to help customers deploy IoT around the world and eliminate the risks associated with permanent roaming. BYOC – Delivering Commercial Flexibility Additionally, Infinity's 'Bring Your Own Contract (BYOC)' capabilities enable customers to import existing MNO contracts into the platform. This puts organisations in complete control of commercial decision making and enables them to customise network connectivity options to meet their requirements, while at the same time allowing them to bring negotiated rates from their existing carriers. Additionally, organisations can fill any connectivity gaps via Eseye's AnyNet Federation, which provides access to over 700 networks around the world. Next gen platform built to last Infinity is built on decades of deep IoT hardware and connectivity expertise, giving customers fine-grain control over their IoT business policy. Organisations can define IoT policy centrally, then automatically deploy to the edge, while optimising connectivity, quality of service and price, device-by-device. The Infinity Platform's Software Defined Network (SDN) enables fast onboarding of new MNOs, while connectivity and network optimisation deliver dynamic network switching-as-a-service. The platform also provides new connectivity options, which protects the business's IoT investment by enabling the addition of private 5G/LTE networks and other wireless technologies as the market evolves. Making IoT secure and compliant IoT security is an issue that many enterprises grapple with and Infinity delivers reliable, low-latency device-to-cloud connectivity, security, and routing. Customers also benefit from support for GDPR, data sovereignty and other regulatory requirements. Built-in enterprise policy control and management to the edge provides API integrations with security and other enterprise applications, such as Armis for asset visibility and agentless security. "We've witnessed strong demand from enterprises who need to be better equipped to reduce the complexity of their global IoT deployments. This has been one of the biggest barriers to large-scale project rollouts. Our next gen Infinity Platform simplifies global connectivity on a game-changing scale, elegantly solving the problems of carrier lock-in, connectivity and security in a single solution," comments Nick Earle, CEO, Eseye. "The platform is designed to deliver any flavour of IoT connectivity, so customers have total flexibility as the shape and scale of their deployment evolves. We've also made sure that we future proof our customer's investment with a rapid method to integrate other wireless IoT technologies, such as private 5G/LTE and satellite." A platform that enables true scalability The Infinity IoT Platform and service comes in two versions. Infinity Flex is designed for companies with mid-size deployments and is perfect for those customers who need to get started quickly and have pre-defined pricing and support. Infinity Enterprise is suited to global or multi-regional enterprise IoT projects, or those with more complex deployment, hardware or deployment needs. In the last 12 months, Eseye has experienced tremendous momentum, in response to the rapidly growing demand for enterprise-grade IoT solutions delivering ubiquitous global connectivity. Thanks to Eseye's AnyNet connectivity managed service, customers around the world are now benefitting. For example, Instavolt, the provider of the UK's largest owner-operated rapid EV charging network, has seen utilisation grow exponentially post-COVID. InstaVolt chose Eseye's reliable connectivity to power its growing estate of EV fast-charge points which are embedded with Eseye AnyNet+ SIMs designed to operate in the field for up to 30 years. "The AnyNet+ SIM embedded in our charge points offers the ability to network, manage and effectively switch connectivity to another provider, if needed. This ensures our chargers have high uptime wherever they are located, and our customers can simply tap, charge, and drive," Gary Kirkland, CTO, InstaVolt. To meet this rapidly growing demand, Eseye has trebled its roster of proven, senior industry leaders, to focus on providing best-in-class, reliable managed IoT services to support complex worldwide IoT deployments. Now with the launch of its next gen Infinity IoT Platform, Eseye will accelerate its growth plans, helping customers build solutions that are future-proofed enabling IoT deployments that deliver both today and in 20 years' time. About Eseye We unlock the full potential of IoT, free from the complexities of global cellular connectivity. We have everything you need to move from initial concept to global deployment. We do this through seamless IoT connectivity, technical device services and versatile hardware, backed by round-the-clock support. All with an intense focus on enabling our customers to drive business value, deploy differentiated experiences, and disrupt their markets – without limits. Together, our AnyNet+ eSIM technology, Infinity IoT Connectivity Platform™ and partner ecosystem connect millions of devices across 190 countries. We bring together over 700 networks for 100% global coverage – and our flexible technology platform means our customers are ready for whatever else the future holds. Global brands that trust us to deliver including Costa Express, Bosch, Amazon, Siemens and Philips.

Read More

SOFTWARE AND TOOLS

UiPath and NCS Forge Multi-Pronged Strategic Partnership to Accelerate Automated Service Delivery Across Asia Pacific

UiPath | April 18, 2022

UiPath (NYSE: PATH), a leading enterprise automation software company, today announced a strategic partnership with NCS for the deployment of enterprise-grade automation capabilities. The partnership will support NCS in its journey toward becoming the leading technology services firm in Asia Pacific with an automation-first approach to services delivery. The joint go-to-market effort will bring the power of automation to both public and private enterprises from across industries, such as telecommunications, government, and financial services, particularly in high growth markets like Singapore, Australia, and Asia Pacific. NCS, a UiPath Diamond Business Partner, will create an NCS UiPath Automation Practice to build automation solutions on the UiPath platform to enhance its NEXT services capabilities. The solutions will allow organizations to harness automation to transform digitally, improve operational efficiencies, and optimize for emerging technologies. For consumers, increased automation will improve speed and accuracy of processes including enabling effective onboarding for new customers, ensuring seamless operations and issue resolution, as well as added convenience with broader self-service options. Howie Lau, Managing Partner of Corporate Development and Partnerships, NCS, said, “The convergence of 5G, IoT, and artificial intelligence (AI) has created new business opportunities for enterprises and consumers. To fully capitalize on this, enterprises need to improve the performance, flexibility, and reliability of their technology. NCS is investing in developing intelligent and automated operating models to deliver rich customer experiences and drive high-impact employee engagement. Through our partnership with UiPath, we are reimagining and simplifying internal processes by integrating automation into our business units and products to offer our clients more intelligent and elevated services for the digital age.” NCS is a proven leader in digital services and as an early adopter of automation, it has a sophisticated knowledge base to redefine how its customers and partners are shaping the future. Asia Pacific is a rapidly evolving market with potential for tremendous growth for automation-first organizations. UiPath shares NCS’ vision for human-centric, sustainable automation adoption, democratizing access to technology that improves the world around us. We are excited to partner with NCS on the next phase of its automation journey.” Rick Harshman, Senior Vice President & Managing Director, Asia Pacific and Japan, UiPath The NCS UiPath Automation Practice will have more than 250 employees focused on the process discovery, automation testing, and delivery of the fully automated enterprise. NCS aims to upskill and certify its UiPath practitioners within the next three years and deploy hundreds of automations within the organization. Embedding these offerings into its existing solutions will enable clients across Asia Pacific to transition to a fully automated enterprise. NCS provides a wide range of differentiated and end-to-end technology and digital services across 61 specializations delivered through the expertise of its 10,000-strong team throughout Asia Pacific. To learn more about business solutions from NCS, please visit here. For more information about how UiPath is helping telecommunications firms manage large volumes of operational processes, please visit here. About UiPath UiPath has a vision to deliver the Fully Automated Enterprise™, one where companies use automation to unlock their greatest potential. UiPath offers an end-to-end platform for automation, combining the leading Robotic Process Automation (RPA) solution with a full suite of capabilities that enable every organization to rapidly scale digital business operations. About NCS NCS, a subsidiary of Singtel Group, is a leading technology services firm with presence in Asia Pacific and partners with governments and enterprises to advance communities through technology. Combining the experience and expertise of its 10,000-strong team across 61 specializations, NCS provides differentiated and end-to-end technology services to clients with its NEXT capabilities in digital, cloud and platforms, as well as core offerings in application, infrastructure, engineering and cybersecurity. NCS also believes in building a strong partner ecosystem with leading technology players, research institutions and start-ups to support open innovation and co-creation

Read More

SOFTWARE AND TOOLS

JFrog Unveils DevSecOps for IoT - Bringing Trusted Software to the Edge

JFrog | May 26, 2022

JFrog Ltd, the Liquid Software company and creators of the JFrog DevOps Platform, today introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & IoT devices at scale. Available immediately, JFrog Connect ushers in a new era of software automation, traceability, and security to the world of connected devices via a modern DevOps platform. A fully integrated part of the JFrog Platform, JFrog Connect empowers companies to manage one to hundreds of thousands of devices using a consistent operational model and intuitive user interface across cloud, on-premises, and multi-cloud deployments. "The massively distributed nature of edge/IoT expands the enterprise attack surface, and also exacerbates operational, cross-functional software update workflow challenges. One of the main reasons for that, is that updating edge devices is often siloed from a modern software supply chain. JFrog Connect, integrated with the JFrog Platform, effectively helps companies manage automatic, continuous delivery of secure software updates from developers’ keystrokes to any distributed edge or fleet of connected things, while fortifying their software supply chain against emerging attack vectors.” Yoav Landman, Co-founder and CTO, JFrog. As increasing numbers of enterprises deploy IoT-based solutions, we believe it’s important to understand that doing so also introduces new entry points for malicious packages and cybersecurity attacks – particularly since IoT devices often run on unreliable and vulnerable networks that can't be trusted. A recent analyst survey found developers rank security 46% (39% in 2020) and deployment 31% (23% in 2020) among their top three concerns, along with the need for additional integrations with complementary technologies and systems.1 Additionally, a lack of reliable, secure, IoT management solutions can result in expensive product recalls, service outages, unnecessary site visits, and more. About JFrog JFrog Ltd., is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back.

Read More

DEVICES

Borqs Technologies Shipped Mobile Point-of-Sale Devices to the Largest Mobile Operator

Borqs Technologies, Inc. | January 20, 2022

Borqs Technologies, Inc., a global provider of 5G wireless solutions, Internet of Things (IoT) solutions, and innovative clean energy, with operations in the U.S., India and China, today announced that it has shipped more than US$3 million value of mobile point-of-sales (POS) devices to the largest mobile operator, one of the Fortune 500 companies, in India in December 2021. Borqs designs the POS IoT device with key technologies to work particularly for the India market, including the latest radio bands, payment methods, etc. Borqs’s POS device has passed India’s mobile payment certifications and mobile operator certifications. Borqs currently employs approximately 300 staff worldwide, with more than 73% in India, 7% in the US, and 20% in China and other markets. The Company believes that the India market is strategic and critical to the Company’s business. Historically the India market and the U.S. market have been contributing the majority of revenue to the Company. India is one of the fastest growing economies in the world and offers great potential for business opportunities. Along India’s economic growth, an increasing number of people are moving up to the middle class and with rising disposable income. India's middle class is expected grow to 580 million people by 2025. Under the growing consumer spending trend in India, Borqs’s relationship with the largest India mobile operator will continue to help the Company to expand its IoT products in India. About Borqs Technologies, Inc. Borqs Technologies is a global leader in software and products for the IoT, providing customizable, differentiated and scalable Android-based smart connected devices and cloud service solutions. Borqs has achieved leadership and customer recognition as an innovative end-to-end IoT solutions provider leveraging its strategic chipset partner relationships as well as its broad software and IP portfolio. Borqs’ unique strengths include its Android and Android Wear Licenses which enabled the Company to develop a software IP library covering chipset software, Android enhancements, domain specific usage and system performance optimization, suitable for large and low volume customized products. The Company is also currently in development of 5G products for phones and hotspots.

Read More

Spotlight

ParStream is the frst platform built for IoT that provides immediate insights from Big Data volumes and high bandwidth data streams. ParStream delivers sub-second query response times even on 100s of billions of data records while continuously importing new data at very high speed. Via a parallel streaming importer, ParStream enables ultrafast interface and fully fexible analytics to accelerate existing applications and to build new types of applications and business models in telecommunications, renewable energy, manufacturing and many other industries.

Resources