How Do You Remain Savvy With Your Supply Chain

  • techUK techUK
    Friday21Feb 2020
    Opinions

    Guest Blog: Colin Robbin, Nexor, explores potential dangers within the consumer supply chain and reveals his top tips when researching IoT devices as part of our...

By now, we must all be aware that Cyber Security is a prominent issue – we recently heard mainstream news reports about Ransomware hitting the NHS and often hear about the latest data theft of millions of passwords or credit cards. 

To prevent such issues, businesses are advised to keep systems up to date through informative schemes such as the NCSC’s Cyber Essentials. You can read our helpful blog post which explains how to get started with Cyber Essentials. 

Home users should be starting to get the message about keeping our devices up to date, choosing good passwords, and even using two factor authentication where possible. 

But do we spend sufficient time thinking about the products or services we buy? 

Hackers Targeting IoT Devices 

You may have heard about the Samsung TVs/Google Home devices that listen to your conversations, but fewer will know about the children’s toys that can be hacked to swear at you. This article explains how the doll can be hacked by gaining access to the developer options through the connected device, and modifying the responses. The hacker accessed the child’s device as it wasn’t built with security features like passwords in mind.  

Most children’s devices will have a weak password or no password at all. This highlights the importance of checking that your child’s device is built securely and has ability to add strong password protection. You should always check before you buy an IoT device that it doesn’t have a history of bad security, as well as doing a background check on the supplier’s security credentials. 

Similarly, hackers have recently developed a cheap iPhone cable that hacks your phone. The O.MG cable has been successfully outsourced to a factory, and looks just like an official Apple charger. When plugged into a computer, the cable contains a wireless hotspot that hackers can connect to. This then gives them access to the files on the computer and the ability to run commands. 

Although the O.MG cable hasn’t been released to the public yet, it highlights the importance of checking the legitimacy of your supplier and their security.  

What can consumers do to protect themselves? 

As IoT devices are becoming ever more popular, cyber criminals are becoming even smarter. They are repeatedly finding cracks in the system, through security flaws and outdated software within the supply chain. 

As consumers, we need to start thinking about security when we buy a new product. It is important to look into the supply chain and analyse their security measures. 

Colin Robbins, Managing Security Consultant at Nexor, has revealed his top three tips when researching the supply chain of an IoT device. 

  1. What security claims do the suppliers make? Is this just their marketing folk making stuff up, or is there any verifiable evidence to support the claims? 

  1. Look for a supplier which talks openly about security on their website. For example, check whether they have a vulnerability disclosure policy and a privacy policy. 

  1. Does the supplier have a good track record? You can Google the product name + “security” to see if there are any known issues. 

Only when we, the consumers, start to shun products that don’t take security seriously, will the suppliers start to take it seriously. Be vigilant, be aware, and be safe. 

You can read all our other guest blogs throughout the campaign week here.

Share this

FROM SOCIAL MEDIA

Guest blog: @LexLeyton on how to best manage employer practices during the #COVID19UK pandemic. Read now on our web… https://t.co/JigS8HyRlu
From international wide-scale distributed computing, to @DeepMind’s pioneering AI powered AlphaFold, learn how… https://t.co/8AOMB3CdHX
After a comprehensive #COVID19UK package for full time workers, the Chancellor has extended support to the self-emp… https://t.co/mx3kEGpiyd
Thank you to all those working in the NHS for your amazing work and dedication. Tonight we will #Clapforourcarers a… https://t.co/azoYqnx5Az
Guest blog: James Gray, Chief Executive, @Kortext, on supporting UK Higher Education students with free digital tex… https://t.co/gT7rhwuupz
On 2 April, Tim Rawlins, Director at @NCCGroupplc will offer members advice on how organisations ensure they remain… https://t.co/WBnwyCsLWa
Guest blog: Jonathan Cordwell (@J_Cordwell) – @globaldataplc – analyses the potential #tech fallout from #COVID19ukhttps://t.co/XgtjnDqqj4
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...