802 Secure to present IoT data loss risks at RSA Conference

https://www.prnewswire.com/news-releases/802-secure-to-present-iot-data-loss-risks-at-rsa-conference-300629429.html

SAN FRANCISCO, April 16, 2018 /PRNewswire/ — 802 Secure, Inc. CSO Mike Raggo will present on IoT data loss risks at the RSA Conference in San Francisco, April 16-20. Mike will also be signing copies of his books, “Data Hiding, Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols” and “Mobile Data Loss: Threats and Countermeasures” at the RSA show.

About the RSA Talk: IoT offers a plethora of new protocols and frequencies over which communication travels. Protocols and services such as SSDP, P25, Zigbee, Z-Wave, WiFi and more provide countless ways to exfiltrate data or infiltrate the network. Through real-world examples, sample code and demos, we will bring to light these IoT threats and new methods for detecting aberrant behavior emanating to/from these devices.

Who:

Mike Raggo, CSO, 802 Secure, Inc.

What & When:

Book Signing
Thursday, April 19 12:30-1PM PDT
RSA Conference Bookstore

RSA Session – Exfiltrating Data Through IoT
Friday, April 20 10:15-11AM PDT
RSA Conference

Where:

RSA Conference 2018
Moscone Center
747 Howard Street
San Francisco, CA 94103

About 802 Secure, Inc.

802 Secure is developing signal intelligent technology for securing the Internet of Things; detecting and assessing new wireless risks across the broader RF spectrum using software defined radios and big data analytics. 802 Secure has developed a leading world class product, AirShield, to monitor IoT assets, identify risks and threats, and ensure performance and reliability 24×7 of the IoT environment. (www.802secure.com)

802 Secure, Inc. assists City of San Francisco with reviewing Outdoor Public Warning System vendor supplied upgrades

http://tech.sfgov.org/department-technology-announces-vulnerability-discovered-radio-frequency-system

April 6, 2018, San Francisco, CA – Today, the Department of Technology reported an incident to the Homeland Security Information Network concerning a security flaw found in radio-frequency networks used around the nation to control warning systems, including one in use in the City and County of San Francisco. If exploited, the vulnerability could affect the City’s Outdoor Public Warning System, popularly known as the Tuesday noon siren, a public safety asset operated by the Department of Emergency Management.

“We worked proactively with our vendor to patch the vulnerability. Initial testing shows the firmware upgrade minimized the threat. Nevertheless, we will continue testing,” said Linda Gerull, Executive Director of the Department of Technology.

“This upgrade increases the security of a piece of the public safety system in use Citywide,” Gerull said.

The Department of Technology was first made aware of the flaw in February. The firmware upgrade installed by Department of Technology staff adds an increased level of encryption to data sent and received across the system.

“We can confirm that the Department of Technology successfully upgraded the Public Outdoor Warning System to mitigate current known vulnerabilities, in its RF transmission,” said Garry Drummond, Founder and CEO of 802 Secure, an internet of things security company.

802 Secure, assisted the department by acting as a third-party auditor in testing the patch. 802 Secure reviewed and validated the firmware upgrade sent the City by the vendor of the Public Outdoor Warning System.

“Leveraging technology to support public safety is a top priority, we take it very seriously,” said Gerull.

In hopes of fortifying public warning systems elsewhere, City officials are sharing the news of this system upgrade with civic technologists and local, state and federal officials. The system San Francisco uses is also used across the country. It is considered the more secure solution, of the market options currently available.

The public should remain aware of the Tuesday noon siren weekly test and be advised that in a real emergency the alarms will sound continuously for 5 minutes. More information on the sirens can be found on the Department of Emergency Management’s website. The public is encouraged to report any malfunctioning sirens and the location of those sirens to San Francisco 311, by dialing 311 from a telephone
or sending a tweet to @sf311.

###

The Department of Technology is an internal-service organization that provides technology and telecommunications solutions to various departments in the City and County of San Francisco. It aims to increasing public access to city services and improve the public’s experience with government. The department also maintains San Francisco’s public wi-fi network #SFWiFi available in 33 parks and public spaces. tech.sfgov.org
802 Secure is developing signal intelligent technology for securing the Internet of Things; detecting and assessing new wireless risks across the broader RF spectrum using software defined radios and big data analytics. 802 Secure has developed a leading world class product, AirShield, to monitor IoT assets, identify risks and threats, and ensure performance and reliability 24×7 of the IoT environment (www.802secure.com)

Drone Detection

The Story Plot

It’s a Sunday morning at 7AM. A 2018 Ford F150 parks along the side of the perimeter fence protecting the hydropower plant. The parked truck seems innocuous as it’s along the road passing the power plant, the same road 15,000 people travel on each day. In fact, no one seems to notice, as most people are still catching up on their sleep from the long work week.

The driver walks around the back of the truck and opens the tailgate. In the bed is a small consumer size drone purchased online for under $200. He then proceeds to take out an iPad, powers on the drone, and pairs it with the iPad. Sitting in the trunk bed, the driver (now drone pilot) flies the drone over the fence and around the back of the facility. A line of sight is not necessary as the pilot can view through the video camera as if he was sitting in the cockpit of the drone.

The drone approaches a sensitive portion of the facility where delivery containers are stored, as well as the emergency backup generators used in the event of a major plant failure. The power generated by this facility powers over 50,000 homes in the area, as well as a CDC remote facility, nearby Water Treatment Plant, a state prison, and local law enforcement.

As the pilot flies the drone closer, he obtains a close-up view of what he was looking for, the precise location of the power distribution bus and transformers, contained within a secondary fence. He additionally notes the manufacturer, model numbers, and other characteristics of this portion of the facility, including the perimeter cameras. Physical security doesn’t notice the activity, as the security cameras are pointed horizontally and downward towards the ground looking for unauthorized personnel or anything else nefarious. No one sees the drone flying overhead.

The driver flies the drone back to his truck, packs it up, and heads off in the morning sunrise, completely unnoticed and undetected by the physical security, video security, or network security. With this intel, he and his team can plan to drop a small bomb at a later time to take the facility offline. This follow-up attack will also go unnoticed or undetected, and allow the attackers to move onto their next target, while the staff at the current target are still trying to determine what happened, and by whom…

Detection of Radio Anomalies (Drones)

The capabilities exist today for your average person to conduct this exact type of spy mission. But what capabilities exist to detect such activity?

Drones such as this emit RF (Radio Frequency), commonly WiFi, but certainly other types of RF can be used to control the drone as well. In this scenario the drone is being controlled by an iPad. When the drone is powered on, it advertises an SSID, just like a regular access point. The iPad can then be paired with the drone to allow not only control, but viewing and recording of audio and video. As a result, characteristics about this drone can be detected using RF surveillance.

802 Secure’s AirShield can detect such activity by fundamentally detecting the RF transmissions to and from the drone. This is typical of some other solutions in the industry. But when performing detection or post-mortem forensics customers want as much information as possible to identify the perpetrator. The AirShield sees more than just the drone transmissions, it also identifies the specific make and model of the drone, the iPad used to control the drone as well as the relevant MAC address(es). This provides important forensic information. While the drone might be detected in the vicinity of the building, the iPad can be detected along the perimeter fence line. Correlating this to video feeds or physical security observations, the power facility can get a view of the perpetrator as well.

In this fictitious story we also described a 2018 Ford F150. This truck as well as many other new vehicles include built-in WiFi and/or Bluetooth. AirShield also identifies these transmissions as well, even if they’re just broadcasting but not paired to anything. Furthermore, AirShield sees more than just a MAC address, it identifies the type of vehicle. Another very important piece of forensic information. In the broader picture, perhaps a video feed caught a glimpse of the truck on the side of the fence or as it passed by the rest of the facility, maybe even the license plate.

Detection, monitoring, and forensics encompass the analysis of the broader picture, by correlating and understanding the who, what, when, where, and how. The more information the better, especially when protecting critical infrastructure such as a power facility on which so many people rely upon.

Garry Drummond Celebrates 15 Years of Professional Excellence

“PLEASANTON, CA, January 16, 2018 — Garry Drummond has been included in Marquis Who’s Who. As in all Marquis Who’s Who biographical volumes, individuals profiled are selected on the basis of current reference value. Factors such as position, noteworthy accomplishments, visibility, and prominence in a field are all taken into account during the selection process.

With 15 years of industry experience, Mr. Drummond has served as the founder and chief executive officer of 802 Secure, Inc. since 2014. In this position, he assists business in deploying and benefitting from wireless-enabled business processes and technologies. Prior to his current roles, he was a regional sales director for AirDefense (now Extreme Networks) from 2006 to 2014, and a regional sales director for nCircle Network Security (now Tripwire) from 1999 to 2005.

An expert in his field, Mr. Drummond is a certified wireless network professional, wireless security professional, and information system security professional. Throughout his career, he has been recognized many times for his contributions, earning Entrepreneur of the Year through CEO World Awards, and Chief Executive Officer of the Year Award through the Global Excellence Awards. His company, 802 Secure, has also earned recognition as Company of the Year, Start-Up of the Year, and one of the Fastest Growing Security Companies. In the near future, Mr. Drummond hopes that his company is still continues to thrive, and he intends to lead his team into new areas of technology that will prevent cyber crime. 802 Secure is an enterprise IoT wireless network security company. Over the last 36 months, Garry has bootstrapped his Silicon Valley garage start-up to become one of the market leaders in detecting and assessing wireless risk across the broader RF spectrum using software defined radios and big data analytics.

About Marquis Who’s Who :
Since 1899, when A. N. Marquis printed the First Edition of Who’s Who in America , Marquis Who’s Who has chronicled the lives of the most accomplished individuals and innovators from every significant field of endeavor, including politics, business, medicine, law, education, art, religion and entertainment. Today, Who’s Who in America remains an essential biographical source for thousands of researchers, journalists, librarians and executive search firms around the world. Marquis publications may be visited at the official Marquis Who’s Who website at www.marquiswhoswho.com.”

The Internet of (Invisible) Things

The Internet of (Invisible) Things

Whether you embrace it or not, IoT devices are infiltrating your organization. Many of these devices are not plugged into the network, but rather connected wirelessly directly through your WiFi or connected through other wireless devices via a wireless bridge or gateway. For those who have embraced IoT, the landscape has been littered with vulnerabilities ranging from insulin pumps that could lead to overdose or pacemakers that can disrupt a patient’s heartbeat; to breaches at a government agency and manufacturing plant through IoT-enabled thermostats.

All of these radio frequency (RF) enabled devices present a new threat landscape to every organization. If someone adjusted the heat to 80 degrees or turned it off altogether during the winter at a location in Michigan, the results could be catastrophic to the business. Buildings and their computer systems would overheat or water lines would freeze and burst. In the examples of medical devices, many of these IoT devices have autonomous capabilities, extending the risks from on-network risks to now off-network risks to the organization; and truly impacting lives.

This Internet of (Invisible) Things requires a new approach to network security. But with any new security approach, a thorough understanding of what devices and risks we’re looking for is required. Here’s a list common IoT and IIoT (Industrial Internet of Things) devices to help you get started:

  • Examples of IoT devices that may be on your network:
    • Thermostats, wireless printers, HVAC, surveillance cameras, production flow sensors, PLCs, temperature sensors, inventory monitoring, manufacturing equipment failure monitoring, SmartTVs, Theft tampering sensors, smart bulbs, location sensors, health monitoring and maintenance devices, smart home assistants (Alexa, Google Assistant, etc.)   
  • Examples of risky IoT devices not on your network (but in your air-space):
    • Drones, spy cameras (fake cellphone chargers, clocks, etc.), audio recording devices (bugs), WiFi Pineapples, WiFi Hotspots, third-party vendor monitoring tools  

Most organizations lack wireless security monitoring, thereby creating a blind-spot when attempting to identify these IoT devices. Some may have wireless intrusion detection as an extension of their wireless LAN, but few use it or find the information actionable. IoT further complicates the security monitoring as more of these wireless devices are communicating over non-wifi protocols or frequencies, such as Z-Wave, Zigbee, LoRa, SigFox, and many more. A Wi-Fi monitoring tool simply cannot see these other devices or transmissions, whereas a Software Defined Radio (SDR) can provide broad coverage across many frequencies and protocols.

Whether your organization has embraced IoT or not, identifying and mitigating these risks is essential to protecting your business. Here are some suggestions for fortifying your organization:

  • Perform ongoing 24/7 monitoring of the IoT assets in your environment across IoT protocols and frequencies; and categorize these devices by device-type for clear indications of approved assets vs. rogue or risky devices
  • Segment your IoT networks from the corporate network to limit damage when an attack or malware infestation occurs.
  • Monitor the security posture of the approved IoT assets to identify misconfigured or malware infected devices. IoT malware variants such as Mirai enable insecure services such as telnet or ftp, and change the characteristics and security posture of the device. Monitoring the security posture of your IoT or IIoT devices can provide early warning signs of an infestation and allow quick response to quarantine the threat before it spreads.  
  • Detect attacks on the wireless and IoT infrastructure before a breach occurs. Advances in Artificial Intelligence and Machine Learning can vet out anomalies when they occur; whether they be an attack, or otherwise a newly misconfigured device or simply a new IoT device connected to the wireless network.
  • Automate threat mitigation through wireless IoT deceptive networking and termination to fortify your defense-in-depth strategy. A deceptive network can lure attackers into a low hanging fruit network and allow the solution to fingerprint the attackers and enhance your blacklisting and blocking capabilities through APIs, SIEMs, and reporting.

Employing these IoT security defense-in-depth strategy allows your organization to fortify your network without extensive network integration and bring transparency to the Internet of (Invisible) Things. Additionally, it moves your defense model from reactive to proactive. If an IoT threat or attack is identified on the wired network, it’s too late and post-mortem, the bigger question is how long has it been there and how much data has been breached. Most of us would prefer to identify an intruder outside rather than inside your house. Proper Wireless Monitoring puts you in a more proactive stance and at the heart of wirelessly-enabled IoT.