I could visit the reconstructed settlement of Port Royal, Nova Scotia, this summer. Founded in 1605 by Samuel de Champlain, it is among the first European settlements in North America. I was struck because there’s only one gateway into the structure, and it’s surrounded by fortifications to protect against unwanted intruders.
If only computer security was that simple.
As Chris Morgan points out in a recent article, the “attack surface” available to hackers and malware is expanding at an exponential rate. Each gateway into a computer system or network is a potential vulnerability for unauthorized access. With the rapid growth of mobile phones and tablets, and the number of endpoints connected to the Internet of Things, there can be tens of thousands of doorways into an enterprise’s IT system. It only takes one weak entry point to allow in an intruder.
Computer systems are built in layers, ranging from the actual circuits and transistors of the hardware, through the machine language of binary code to the high-level metaphors and visual representations that make computers relatively easy to use. Most security software looks for “signatures” of viruses to isolate and eliminate the threat. It must update instructions and patterns daily in order to just keep up with the production of new malicious pieces of software and methods of attack.
How bad is the situation? In 2015, VMWare published these figures in a blog post entitled “23 Disturbing Statistics about Mobile Security”:
- It breached 1,023,108,267 records in 2014.
- 5.2 million smartphones were lost or stolen in the U.S. in 2014.
- 25% of all mobile devices encounter a threat each month.
- 75% or more mobile apps would fail basic security tests.
These figures have likely grown in the past two years.
Now comes news that computers can be attacked at the most fundamental level by messing with the physics of their electrical functions. In a new article from Wired, Andy Greenberg reports that,
“Over the last year and a half, security researchers have been… honing hacking techniques that break through…to the actual machine, exploiting the unexpected behavior not of operating systems or applications, but of computing hardware itself—sometimes targeting the actual electricity that comprises bits of data in computer memory.”
One technique is called “Rowhammer,” where a program “repeatedly overwrites a certain row of transistors in its DRAM flash memory” until an electric charge leaks into an adjacent row, changing its contents.
The other technique, called “Flip Feng Shui,” combines identical parts of a computer that has been divided into many virtual machines, and places them somewhere else.
And, there are other techniques that exploit computers at the hardware level, including monitoring radio emissions leaked by a processor’s use of electricity. These new techniques are virtually impossible to detect with digital security measures. The attack surface continues to grow.
How can a company cope with this new reality? Have internal or external experts on cybersecurity available at all times to conduct security audits. Have a plan for data recovery if a breach occurs, and reduce the number of gateways into the most sensitive data on a company’s servers.
Float has considerable expertise in this area, and would make a great partner for strengthening security in your organization. Start with our new e-book on the 15 most dangerous threats to mobile security, and then request a demo of our new Security Assistant app. Then contact us to discuss how we can work with you to improve your mobile security.
Latest posts by Gary Woodill (see all)
- Rapid Doubling of Knowledge Drives Change in How We Learn - January 23, 2018
- What Does AR for Learning Enable That Previously Wasn’t Possible? - January 19, 2018
- Punctuated Equilibrium: Shifting from the Familiar to a New Normal - January 16, 2018