Cutting through the Weekly Mobile Security Noise: Shifting from B2C to B2B
This week we’ve been tracking a number of stories involving high-profile data breaches, Yahoo’s new security protocol and the “USB killer.” While concerns over these recent episodes continue to rise, mobile security has been making the move from the consumer sector to a business market that is desperate for an innovative and effective security solution.
Premera, a large American health insurance company, disclosed that it was the victim of a data breach exposing more than 11 million people’s personal information. The company, licensed by Blue Cross Blue Shield, said the data breach wasn’t discovered until Jan. 29. Premera spokespeople say attackers may have gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other data in an attack that began in May 2014. Dave Kennedy, chief executive of TrustedSEC says it is the largest breach reported to date involving patient medical information.
During South by Southwest’s (SXSW) opening weekend, Yahoo announced its latest security protocol. According to SC Magazine, the company introduced its new “on-demand” passwords, and followed up with news that its end-to-end encryption source code for Yahoo Mail was available on GitHub. Simply put, users won’t need a predetermined password to log in. Instead, they’ll get a text message with a verification code. However, Yahoo isn’t the first company to implement this type of technology, a Yahoo spokesperson said in an email to SCMagazine.com that it’s “still a relatively new trend in the industry, so we’re excited to be leading on this for our users.”
Target Corp. and lawyers for customers whose personal information was stolen in a 2013 data breach have agreed on a $10 million settlement, according to court documents filed Wednesday. According to NBC news, Lawyers for customers who filed the class-action suit in U.S. District Court in Minneapolis, where Target is headquartered, asked the court to approve Target’s offer, which the two sides agreed to last week, according to the documents. Target said more than 40 million credit and debit card accounts may have been affected by the breach, which occurred during the peak of the holiday shopping season. A Target spokeswoman said in a statement: “We are pleased to see the process moving forward and look forward to its resolution.”
According to CSO, the creator of USB Killer, who uses the online alias Dark Purple, claims to work for a company that manufactures electronics and said that he ordered the custom printed circuit board and other components he needed for the project from China. Security experts say the way it works is, “The malicious USB drive uses an inverting DC-to-DC converter to draw power from the computer’s USB port in order to charge a capacitor bank to -110 Volts (negative voltage). The power is then sent back into the USB interface via a transistor and the process is repeated in a loop.” To put it simply, don’t trust other USB flash drives, they could be malicious.