How Do You Remain Savvy With Your Supply Chain

  • techUK techUK
    Friday21Feb 2020
    Opinions

    Guest Blog: Colin Robbin, Nexor, explores potential dangers within the consumer supply chain and reveals his top tips when researching IoT devices as part of our...

By now, we must all be aware that Cyber Security is a prominent issue – we recently heard mainstream news reports about Ransomware hitting the NHS and often hear about the latest data theft of millions of passwords or credit cards. 

To prevent such issues, businesses are advised to keep systems up to date through informative schemes such as the NCSC’s Cyber Essentials. You can read our helpful blog post which explains how to get started with Cyber Essentials. 

Home users should be starting to get the message about keeping our devices up to date, choosing good passwords, and even using two factor authentication where possible. 

But do we spend sufficient time thinking about the products or services we buy? 

Hackers Targeting IoT Devices 

You may have heard about the Samsung TVs/Google Home devices that listen to your conversations, but fewer will know about the children’s toys that can be hacked to swear at you. This article explains how the doll can be hacked by gaining access to the developer options through the connected device, and modifying the responses. The hacker accessed the child’s device as it wasn’t built with security features like passwords in mind.  

Most children’s devices will have a weak password or no password at all. This highlights the importance of checking that your child’s device is built securely and has ability to add strong password protection. You should always check before you buy an IoT device that it doesn’t have a history of bad security, as well as doing a background check on the supplier’s security credentials. 

Similarly, hackers have recently developed a cheap iPhone cable that hacks your phone. The O.MG cable has been successfully outsourced to a factory, and looks just like an official Apple charger. When plugged into a computer, the cable contains a wireless hotspot that hackers can connect to. This then gives them access to the files on the computer and the ability to run commands. 

Although the O.MG cable hasn’t been released to the public yet, it highlights the importance of checking the legitimacy of your supplier and their security.  

What can consumers do to protect themselves? 

As IoT devices are becoming ever more popular, cyber criminals are becoming even smarter. They are repeatedly finding cracks in the system, through security flaws and outdated software within the supply chain. 

As consumers, we need to start thinking about security when we buy a new product. It is important to look into the supply chain and analyse their security measures. 

Colin Robbins, Managing Security Consultant at Nexor, has revealed his top three tips when researching the supply chain of an IoT device. 

  1. What security claims do the suppliers make? Is this just their marketing folk making stuff up, or is there any verifiable evidence to support the claims? 

  1. Look for a supplier which talks openly about security on their website. For example, check whether they have a vulnerability disclosure policy and a privacy policy. 

  1. Does the supplier have a good track record? You can Google the product name + “security” to see if there are any known issues. 

Only when we, the consumers, start to shun products that don’t take security seriously, will the suppliers start to take it seriously. Be vigilant, be aware, and be safe. 

You can read all our other guest blogs throughout the campaign week here.

Share this

FROM SOCIAL MEDIA

We have an exciting line-up of speakers who will be sharing their insights on customer innovation and Open Banking… https://t.co/IUpE3DKMCd
Last chance to register for our Monday event on how AI can help us adapt to climate change. Awesome panel with our… https://t.co/gmPF7VyvE9
This Monday, join our webinar on ethnic #diversity in #healthtech & help us identify how we can do more to ensure d… https://t.co/pvfJLruEKB
Featuring techUK, @gov_procurement & @DWPDigital @GovNetTech will explore the value of public services investing in… https://t.co/b9jaaoDBJ5
Read the guest blog from @VipaDigital on why #Criticalnationalinfrastructure (#CNI status) for #datacentres is not… https://t.co/Lx0x8V0IGa
Join other local authorities & industry for 'Digital Insight and Business Intelligence in Local Gov 2020,' webinar… https://t.co/d1cwNpCQAs
Learn what makes #SMEs unique and gives them a competitive edge in the Defence and Security market, in a series of… https://t.co/u4CoBLxDqJ
Research published by @OctopusVentures earlier this year found that investment in #mentalhealthtech surged from £12… https://t.co/gqjp4PwBdA
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...