The FCC should hold off on a proposal to expand communications infrastructure in commercial aviation until after careful review of the proposal with the intelligence community and others, said the Association of Flight Attendants and Global Business Travel Association in a joint FCC filing. “Especially in light of the recent horrific events in France, Beirut, and Egypt, we think the intelligence community needs to lead such a high-level committee with the appropriate Federal agencies, including the military, and industry stakeholders, in order to conduct a thorough assessment of existing and potential threats and vulnerabilities, and develop and evaluate appropriate risk reduction measures as necessary,” said the comment filed in docket 13-114.
On average, cellphone users received 5.5 unwanted calls monthly in 2015, Whitepages found in its annual “State of the Unwanted Call” report, said a news release from the company. Fraudulent scam calls increased by 55 percent in 2015 over 2014, and spam calls rose 22 percent. Of 1.2 billion calls scanned, Whitepages found 6.7 million were unwanted, with 74 percent of those unwanted calls categorized as spam and 26 percent as scams. The No. 1 scam of the year -- which grew by 248 percent in 2015 -- was the IRS scam, where someone calls claiming a consumer has a tax issue. The other biggest scams included "lucky winner," extortion, tech support and phishing. The top reported spam calls came from telemarketers, debt collectors, robocalls, and surveys, it said. Whitepages tracked 1.2 billion calls scanned since April through an app called Whitepages Caller ID to create the report. Another firm counted 980.8 million U.S. robocalls in November (see 1512100023).
AACS LA, the license administrator for Blu-ray’s Advanced Access Content System security platform, appointed advisory services firm Farncombe as its first “authorized robustness consultant” (ARC) for Ultra HD Blu-ray’s AACS2 content protection system, Farncombe parent Cartesian said in an announcement. AACS2, which recently became available for licensing, “includes enhancements to support the premium quality of Ultra HD Blu-ray content,” AACS LA said in a platform summary. Licensing AACS2 requires product certification testing by an “authorized certification entity,” plus a two-step “robustness consultation” with an ARC, AACS LA said. The ARC “is a new role in the Blu-ray ecosystem with responsibility for assessing security robustness of Ultra HD Blu-ray devices,” Cartesian said Tuesday. That role “is very similar” to Cartesian’s “existing security auditing process and builds on our recent work adapting our existing audits to include Ultra HD security requirements,” it said.
Apple users “can no longer be complacent about security,” as the number of infections and new threats against Mac OS X and iOS devices rises sharply, said Dick O'Brien, senior information developer at cybersecurity firm Symantec, in a Tuesday blog post. Symantec estimates the number of new Mac OS X threats rose by 15 percent in 2014, and the number of iOS threats discovered this year has more than doubled since 2014, O’Brien said. The range of threats affecting Apple devices also has “multiplied,” he said. “These threats span from ordinary cybercrime gangs branching out and porting their threats to Apple platforms, right up to high level attacker groups developing custom Mac OS X and iOS malware.” Attackers targeting iOS devices “need to find a way to install malware” on an iPhone or iPad, “which can represent a significant hurdle,” he said. Many threats are installed when victims connect their devices to a “compromised” desktop computer, he said. “Jailbroken” devices, meaning iPhones that have had their iOS software restrictions removed, “present more opportunities for compromise and many threats are designed to take advantage of jailbroken phones,” he said.
VTech hired FireEye’s Mandiant cyber forensic team to help investigate the recent cyberattack that resulted in the theft of more than 11 million parent and children's records (see 1512010041). VTech said in a Thursday news release that Mandiant will review how the toy company "handles customer information and clearly define ways in which the group can further strengthen the security of its user data."
Sen. Ed Markey, D-Mass., sent letters to a dozen domestic airlines and two airplane manufacturers asking them about protections against cyberattacks on airplanes and computer systems. In the Wednesday letters, he sought answers to questions such as whether Wi-Fi capabilities on their planes could be exploited by hackers to enter their systems, whether companies do cybersecurity tests to identify vulnerabilities, how airlines protect customer flight data, if the data are shared with third parties, and whether aircraft manufacturers monitor their planes for cybersecurity issues after they've been sold. Markey said technological advancements have improved aircraft navigation, communication and operational efficiency, but their increasing interconnectedness and connection to the Internet could pose problems. "As we have witnessed recently in the automobile industry, I am concerned that these technologies may also pose great threats to our security, privacy, and economy," he said in a statement. Letters were sent to Alaska Airlines, Allegiant Air, American Airlines, Delta Air Lines, Frontier Airlines, Hawaiian Airlines, JetBlue Airways, Southwest Airlines, Spirit Airlines, Sun Country Airlines, United Airlines and Virgin America, and as well as the airplane manufacturers Airbus and Boeing. Representatives from American and Delta said they received the letters, but had no comment.
Smart TVs will be “big-ticket items for hackers” this holiday season, said Symantec threat researcher Candid Wueest in a blog post. The firm researched the various ways a smart TV can be the target of cyberattacks and found that within a short time, a brand new set can be so infected with ransomware as to make it “ultimately unusable,” Wueest said. It found that hackers can easily install malware on the TV because not all its Internet connections make proper use of secure sockets layer encryption, and some that do don’t verify SSL certificates “thoroughly enough,” he said. For example, some TVs accept “self-signed” SSL certificates, “which are easy for attackers to create,” he said. When a user downloads an app to a smart TV, “the attacker could intercept the request and redirect it to another server,” he said. “So instead of the TV downloading the real app from the legitimate server, the request is redirected to a different server, which instead sends down a malicious app to the TV. Once downloaded, the user still has to accept the permissions requested by the malicious app and open it, but since the user doesn’t know the app is not the real one, they will likely accept and install the app anyway.” Though firms like Symantec have “yet to see any widespread malware attacks targeting smart TVs,” that doesn’t mean attackers “won’t target these devices in the future,” he said. To mitigate the threats, smart TV owners need to review privacy policies carefully and “understand the data you are agreeing to share,” he said. Users also should be careful “when installing unverified applications from unknown sources,” and to enable “app verification” in the TV’s settings whenever possible, he said.
FirstNet’s big challenges “include adequacy of funding, effective consulting, internal control and staffing, and other organizational issues,” the Commerce Department Office of the Inspector General told Congress in its latest semiannual report, listing those among the top management challenges facing Commerce. Another top challenge involves spectrum if the administration wants to reach its goal of freeing up 500 MHz, the report said: “To meet the [administration’s] 2020 deadline, NTIA needs to incorporate lessons learned into actual strategies -- as well as identify the availability of, and more efficient use of, radio frequency spectrum. Also, the termination of the Federal Spectrum Management System presents a challenge to NTIA’s capability to manage spectrum, as it will still need a technological system that can modernize, automate, and integrate key spectrum management functions.” David Smith is still the Commerce acting IG, and senior Senate Republicans urged the administration in August to secure a permanent IG for such oversight responsibilities as FirstNet (see 1508060047). The 64-page report is dated September but was released Wednesday. The Commerce OIG lists two works in progress for NTIA, an audit of FirstNet’s “effectiveness in addressing federal agency challenges with respect to the development and planned operation” and an audit regarding the excess equipment from the Broadband Technology Opportunities Program. The BTOP audit is to “determine whether grantees purchased equipment beyond program needs for commercialization (i.e., whether grantees warehoused equipment)” and assess NTIA’s ways of identifying such excess equipment and evaluating how to deal with it. The Commerce IG also completed an audit of FirstNet and had made several recommendations, it noted. Another work in progress is an audit of the National Oceanic and Atmospheric Administration’s IT security practices “to determine the significant factors that contributed to the successful cyberattack on NOAA information systems and evaluate NOAA’s handling of the detection, analysis, eradication, and reporting of the attack, as well as recovery from it,” the report said. OIG has “significant concerns with Department-wide cybersecurity,” it said. “The Department must address persistent security deficiencies that make the Department vulnerable to cyber-attacks, improve the quality of security control assessments, and strengthen its incident detection and response capabilities.”
A Dec. 7 joint FCC-University of Colorado-Boulder summit in Boulder will focus on cybersecurity issues the telecom and public safety sectors face, the agency said Tuesday in a public notice included in the next day's Daily Digest. The summit will include panels on cybersecurity vulnerabilities in telecom infrastructure, public safety network security, cyber risk analysis and enhancing cybersecurity awareness among corporate executives, the PN said. Public Safety Bureau Chief David Simpson and Public Safety Bureau Associate Chief-Cybersecurity and Communications Reliability Jeff Goldthorp are to speak, along with AT&T Assistant Vice President-Global Public Policy Christopher Boyer and CenturyLink Director-National Security Kathryn Condello, chairwoman of the Communications Sector Coordinating Council. The summit is to run 9 a.m.-5 p.m. at CU Boulder College of Engineering and Applied Science’s Discovery Learning Center Bechtel Collaboratory.
The FTC plans a one-day conference Feb. 9 in Seattle as part of its ongoing initiative to help companies, especially startups and early stage businesses, build security into their products, services and culture. Commissioner Julie Brill will keynote the third "Start with Security" event, which is to be at the University of Washington School of Law. The agency, which had previous events in Austin and San Francisco, has materials to help businesses understand data protection and cybersecurity (see 1506300049).