The New Stranger Danger
Philip Ellison 14 March, 2017 at 06:03
From an early age, we’re taught not to take candy from strangers. Our parents drill a suspicion of the unknown into us, arming us with the tools to keep ourselves safe. But when it comes to the online world, grown adults who should know better throw caution to the wind, handing over all kinds of intimate data in exchange for use of a free app or wifi network. Connectivity is the new candy, and it comes with its own dangers.
“We are reliant and used to this technology, which means there is more data that can be stolen, compromised, breached or lost,” says Toni Sless, Director of Risk Avengers and host of a security panel at Mobile World Congress 2017. “No matter how much security we have, human beings are still the weakest link.”
Human behaviour can be engineered; just look at the impact of fake news. Online crime is no different, says Sless. And while around 75 per cent of online attacks are targeted against older users, younger generations are barely any wiser when it comes to how to conduct themselves safely online. Our naivety makes us vulnerable.
Cyber crime gets physical
There’s a complacency among both consumers and service providers when it comes to security, says Rebecka Cedering Angstrom, Acting Head of Consumerlab at Ericsson. While our online selves might be compromised, we fall back on the assumption that we are safe in real life. Angstrom cites one very specific example of how online social engineering crimes are being funneled into the real world; people being lured via dating apps to a rendezvous in the real world, where they are then vulnerable to being attacked and robbed.
Whether a fraudster wants to hack you, catfish you, or literally grab your wallet, right now it is far too easy for them to do whatever they want.
“We trust too much, and we don’t validate or verify,” says Chris Roberts, a hacker and Chief Security Architect at Acalvio Technologies. “We’ve made the goods in our hands so easy to use, the consumers have demanded that this device which holds their entire life can be unlocked with a thumbprint or a four digit password. It holds all of our information, along with that of our families, kids, colleagues… Consumers must ask more questions. Or ask at least one more question, please.”
A greater degree of scrutiny from consumers will be essential as we move into the era of smart homes and autonomous vehicles. “Intelligence agencies would have paid good money for this, but instead now we’re paying for the privilege of putting a listening device in our homes,” says Roberts. It’s not inconceivable, he adds, that it will soon be possible for crooks to hack your house or car, locking you out, or even worse, locking you in and essentially holding you to ransom.
Biometrics are sexier, not safer
One of the things that makes the criminals’ jobs easier and our own lives harder is password fatigue. We know by now that using the same password for all of our different user accounts is foolish, but creating and keeping track of original logins for every single platform is exhausting. If password managers are the way forward, says Angstrom, then we first need to know which ones are the most trustworthy and user-friendly.
And single input is no longer sufficient. Two-factor authentication is becoming more and more popular, as is the use of biometrics — but that brings up its own issues. “The new, cool, sexy stuff out there right now isn’t more secure, it’s just easier to use,” says Michael Covington, VP of Product Strategy at Wonder.
Think that Touch ID keeps you safe? All you have to do is make a peace sign in a photo taken with a hi-res camera, and that’s enough for a thief to zoom in and steal your fingerprints. “It’s not always a means of protection,” says Avi Turgeman, Founder and CTO of BioCatch. “We’re exposing more data about ourselves by using biometrics; our fingerprints and faces are out there now. It’s good for a password-less experience, but not necessarily a good way to protect our identity.”
So whose job is it to keep us safe?
“Fraudsters are sophisticated, they’re always evolving,” says Turgeman, “and for that reason the responsibility should be on service providers to protect their users.” Angstrom agrees, stating that “it’s impossible for every human being to keep up with this race… it should be the providers.”
The issue here, of course, is that legislation and regulation around technology suffer from a perpetual delay. “There’s always a lag,” says Domingo Guerra, Founder of Appthority. “Tech is good until it’s not. The bad guys will always figure out a new thing.” In the meantime, he believes we need to be educating and empowering users. “You see a two year old using an iPad,” he says, “but there’s no education in the risks associated with that.”
Of course, it’s difficult to speak about educating users as if everybody uses the internet in the same way and there are absolutes in how to live the “right” and “wrong” way in the digital world. How do you define best practice when everybody is at a different starting point?
“We need to turn away from scaring and into enablement,” says Dror Liwer, Co-Founder and CSO of Coronet. “Give the users tools to make decisions to they can take ownership, and let them know that some decisions will have consequences.” There’s no point in telling people not to connect to open wifi, they always will. Instead, he posits, why not train them so they’re able to identify networks which are safe for themselves?
“We’re seeing growing emphasis on usability,” says Covington. “So if security tools become more usable, maybe through voice recognition and virtual assistants, through seamless authentication, we’ll be able to make a stronger world around us… It’s about security adding value, not just buying security to stop the bad guys on the news. Right now it’s a reactive thing; it’s not on our risk register until it’s too late.”
Just like with other forms of crime, there is a growing social stigma when it comes to talking about being a victim of online fraud or harassment. Breaking this down is the first step. “If you have a sticker on your webcam, people think you’re paranoid. If you fell for a scam, they think you’re stupid,” says Angstrom. “It’s like having an STD; nobody wants to talk about it.
She agrees with the other panellists that learning and self-empowerment are crucial to building a safer online experience. “YouTube is a great place for young people to share knowledge about their interests,” she says. “Why can’t it also be a place for sharing smart hacks, like how to lose an online stalker?”
This kind of approach has merit; while we’re waiting for telcos and security companies to craft regulation and solutions, there is nothing stopping consumers from helping to keep each other safe through user-generated content. Think video tutorials in how to spot a scam, or a simple five point list of things to look out for before replying to an email that you can show your grandparents.
These lessons will vary in their complexity, but are all based on the same rationale; that if a stranger is offering you sweets, they most likely don’t have your best interests at heart.