Hack of Tech Journalist Reveals Flaws in Cloud Security

Story first reported from USA Today

SEATTLE – The security community is on alert for hackers who might try to emulate the simple trickery used to breach a prominent technology journalist's Amazon, Apple, Google and Twitter accounts. That hacking caper has rekindled concerns about whether Apple's iCloud, Google Apps, Amazon's Cloud Drive, Microsoft's Windows Live and other Internet-delivered services do enough to authenticate users, security analysts say.

"People are being urged to trust their data to the Internet cloud, but then you find that the operational security is alarmingly lax," says Stephen Cobb, security analyst at anti-virus firm ESET.

Hackers devastated Wired reporter Mat Honan's digital life. In doing so, they highlighted how Web companies have been slow to embrace more robust systems for ensuring that users who log into online accounts are who they say.

Merchants, banks, media companies and social networks require varying amounts of information to open and access online accounts. Many ask for only a few bits of information to make changes, such as resetting a password. That makes it easy for hackers to abuse the prevailing systems, which rely on asking users to answer questions.

Many banks and Google Gmail offer an optional service that sends to your cellphone a single-use PIN code that you must enter at their websites, along with your username and password, before you can complete certain transactions.

Such multifactor authentication systems are considered more difficult for the bad guys to subvert but less convenient for account holders to use. Yet the need for wider deployment of stronger systems is intensifying, argues Todd Feinman, CEO of database security firm Identity Finder.

Honan detailed how hackers tricked an Amazon rep over the phone into revealing the last four digits of his credit card number. Next, they used that information to persuade an Apple rep to reset his Apple ID password, which enabled them to wipe clean Honan's iPhone, iPad and MacBook, destroying all of his files, including irreplaceable photos of his daughter. Apple has suspended its phone password-reset service and launched a security review, says spokeswoman Natalie Kerris. Amazon did not respond to interview requests.

Web firms are unlikely to switch to one-time PIN systems anytime soon. "Many … are expensive and difficult to manage," says Chris Brennan, CEO of security firm NetAuthority. "And companies are concerned they could frustrate the user."

Meanwhile, consumer awareness remains low, says Gregg Martin, FishNet Security's directory of mobile security. Consumers will have to demand stronger authentication systems and be prepared to accept "a slight level of inconvenience," Martin says.

ESET's Cobb argues that Web companies should take the initiative. "Improving security is 100% the responsibility of the cloud service providers because they are the ones trying to sign people up to the cloud model."

For more national and worldwide Business News, visit the Peak News Room blog.

For more local and state of Michigan Business News, visit the Michigan Business News  blog.

For more Health News, visit the Healthcare and Medical News blog.

For more Electronics News, visit the Electronics America blog.

For more Real Estate News, visit the Commercial and Residential Real Estate blog.

For more Law News, visit the Nation of Law blog.

For more Advertising News, visit the Advertising, Marketing and Media blog.

For more Environmental News, visit the Environmental Responsibility News blog.

Control Your Home From Your Phone

Story first appeared in VentureBeat.

Home automation is a hot category that just got even hotter. And possibly, just a bit easier. Today Electric Imp is announcing the Imp, a cloud-based approach to monitoring and managing everything you own.

The venture-backed startup in Los Altos, California, is taking a manufacturer-centric approach to the automation market — so don’t expect to be able to buy an Imp to retrofit existing devices tomorrow. Electic Imp is releasing a developer preview bundle in June, giving manufacturers the tools to make their devices Imp-compatible.

Think pre-warming your house when returning from a vacation, or watering your lawn via smartphone. Or turning on the TV and a few lights while you’re out for dinner to convince potential crooks you’re still at home. And maybe, a fridge that re-orders food as you’re about to run out.

In a statement provided to VentureBeat, the founder and CEO of Electric Imp said that until now, creating connected devices was a huge challenge for any vendor. The home automation category is a currently mess of competing standards and technologies. Device communication protocols include Wi-Fi, Firewire, USB, and infrared, and home automation product ecosystems include X10, UPB, mControl, HomeSeer, Control4, Vivint, PowerHome, and ActiveHome Pro, among others.

Electric Imp intends to solve that by reducing complexity. Install a tiny Imp card, connect it to your home Wi-Fi, and control it via the Imp cloud service. Each device in your home instantly knows about the other devices and can communicate with them. Then use your browser or smartphone anywhere on the planet to control your home.

The current reality is a little more complex: you have to choose control and automation software, find, purchase, and install  devices specifically rated to interoperate with that system, and install software or an embedded server to manage it all.

Electric Imp changes all this by bringing the power of an easy to use, cloud-based service to almost any device and allowing the internet to interact with everyday objects. Interaction will be possible on three levels: Imp to Imp, Imp to people,, and Imp to services.

The approach makes sense, since it’s embedding most of the intelligence of the system in the cloud. It’s reminiscent of developing nations skipping legacy telephone grids and moving straight to cellular communications. In addition, by  taking a manufacturer-centric approach, Electric Imp has a chance to disrupt currently consumer-focused home automation market. According to a company statement, integrating an Imp slot into a device should cost less than a dollar.

But there’s a great deal of existing competition in this space. In addition, powerful players like Microsoft are bringing solutions to market such as HomeOS, AT&T wants to provide our Digital Life, and Google would love us to all have Android@Home. Can an iOS or Apple iHome system be far behind?

To win, Electric Imp is going to have to innovate fast, go to market hard, and find some luck along the way. The company just closed a series A round of funding from Redpoint Ventures and Lowercase Capital, which should help. And the co-founders do have some impressive credentials: the founder is a former iPhone engineering manager, and another co-founder designed Gmail.

For more Electronics News, visit the Electronics America blog.

For more national and worldwide Business News, visit the Peak News Room blog.

For more local and state of Michigan Business News, visit the Michigan Business News blog.

For more Health News, visit the Healthcare and Medical News blog.

For more Real Estate News, visit the Commercial and Residential Real Estate blog.

For more Law News, visit the Nation of Law blog.

For more Advertising News, visit the Advertising, Marketing and Media blog.

For more Environmental News, visit the Environmental Responsibility News blog.

For information on website optimization or for the latest SEO News, visit the SEO Done Right blog.