Supply Chain Attacks

 

When we think about security risks, we tend to expect the threat to come from shady online sources, perpetrated by “threat actors” and “hackers”. But the truth is that some security threats are waiting for us on our hardware before we even unbox it.

Supply chains today are often quite long and involve many companies and entities. Design, manufacture, logistics and shipping are generally handled by several groups along the chain, and some are more trustworthy than others. In many cases of supply chains being compromised, a worm or rootkit is introduced during the manufacturing process. The attacks can occur in any sector, financial, medical, government, and of course the physical security industry.

This will generally be carried out while the product is with the “weakest link” in the chain. As information is necessarily shared in a supply chain, risk is created. Information compromised in the supply chain can give threat actors time to determine what the best course of action is to deliver their malware.

In 2013, the US watched as retailer Target was hit with one of the largest data breaches in history. It is believed this was accomplished through a third party supplier gaining access to Target’s primary data network using passcode credentials from a company who provides HVAC systems.

Also common is modification of ATM firmware during manufacture, a scheme which has skimmed credit card information of millions on more than one occasion.

Of course, supply chain attacks can be and have been carried out against IP camera products. Having a security system compromised before installation would render it worse than useless, and even dangerous perhaps. In order to protect against these attacks it is recommended to:

. Maintain the smallest possible supplier base

. Impose strict control over what vendors are used. Conducting occasional site audits can help alleviate fears as well.

.Use products with security built into the design. Features such as “check digits” built into the software can help detect any previous unauthorized access to the code.

———————————————————————————————————

Contact us at admin@gostst.com

or call 24/7 (210)-446-4863

Sources https://securitytoday.com

Security Plans for Atlanta’s Super Bowl LIII

As Super Bowl LIII approaches, police and partner agencies are meeting for a tabletop exercise to develop a security plan to host the event on February 4. These law enforcement partners include the FBI, Homeland Security, and the World Congress Center police. The agencies met to discuss possible crisis scenarios for the Super Bowl and for the 10 days of events preceding it.

Those involved in the preparations for the Super Bowl will “work on contingency plans for everything from suspicious packages to protests and even mass casualty incidents.” (Amy Patterson, VP of operations and logistics for Atlanta Super Bowl Host Committee). “Today’s an opportunity for us to exercise those plans through about eight scenarios that we’ll talk about, things that could happen during [the]10-day operational period of the Super Bowl,” Patterson said.

Events on the scale of a modern Super Bowl demand a serious security effort that spans multiple dimensions. A human security presence, vast camera network, analytics, authentication through biometrics or RFID, and facial recognition through FBI databases will all play a part. There are similarities between this and the upcoming Olympics in Tokyo, which is not surprising considering the FBI’s involvement in both.

 

Planning for mass casualty events is usually considered to be within the exclusive scope of law enforcement, but it is increasingly through surveillance and analytics that we are able to discern an imminent crisis from the behaviors of crowds. As we have looked at in previous articles, analytics systems using a wide network of IP cameras can look at everything from the movements of crowds, the walking gait of individual persons of interest, and more to determine if the outbreak of violence is imminent. So while it is still up to law enforcement to gather intelligence leading up to an event, it is increasingly technology that alerts us to events about to unfold. 

Source: Securitytoday.com

 

Security Technology of South Texas is proud to offer custom solutions for any and all security needs.

Please contact us through email at admin@gostst.com on our website

or via phone at 210-446-4863  24/7

How Facial Recognition Will Affect Our Daily Lives

 

Although Apple faced a major PR incident when it revealed its Face ID unlocking feature for the iPhone X, industry experts remain confident that the technology behind the feature will change the game and be here to stay. The system, infrared powered facial recognition, unlocks the phone and performs several other functions as well.

Facial recognition is increasingly popular, especially in China. Megvii Inc. is a Chinese facial recognition startup that through the Chinese and Russian governments and investors raised over $460 million to develop enhanced facial recognition for government use. In an inversion of usual trends, the technology is really still just emerging in the West even as it explodes in Asia. In the East these systems are already quite well established and are used by everything from state security forces in India and China to commercial banks, restaurants, and stores. In some stores in China, you simply take what items you want out of the store and a facial recognition system automatically debits your account for your items. The technology sees extensive use by the police, who have AR glasses which perform facial recognition and project information onto what the user sees in the physical world.

 

Security

Here in the West we still hold on to the idea that to some extent privacy is a natural right, and therefore are more sensitive to infringements of that privacy. In China, face scanning has become the norm for things like accessing buildings, buying tickets, travel and more. Situations where we are still using RFID or other forms of identification are now primarily handled in this way. In fact, “a recent article in the South China Morning Post [said], the Chinese government has been working on a system since 2015 which it claims can use CCTV surveillance cameras to identify any one of China’s 1.3 billion people within three seconds — and with at least 88 percent accuracy.” (securitytoday.com)

 

Before this, during the 2013 Youth Games at Nanjing, police monitored 13 stadiums and their surroundings using an IoT network powered by Chinese company Huawei. This was linked to CCTV systems, drones, and cameras mounted on vehicles. Now with the added factor of AI face recognition software, experts believe that with improvement this could create a collective or collaborative security.

 

At home

“As IoT connected ‘smart homes’ become more and more common, we are likely to see a number of facial recognition applications emerge. One of the most obvious will be in the field of home security. People are more concerned about security than ever before, and home security systems account for an estimated $47 billion in global sales annually.” (securitytoday.com)

As in the previous case we looked at in China, collaborative security networks can be developed throughout interconnected neighborhoods. Facial recognition can ID strangers to an area or home, alert neighbors, and signal security or law enforcement. This technology can also notify during emergencies of other types and even provide some monitoring for children and the elderly.

In a commercial setting

Like we already looked at, facial recognition is becoming the standard in the East in places such as China and India for things as commonplace as setting up bank accounts or even entering public restrooms. We are already seeing this spread West. As many as 25 percent of stores in the UK were using this kind of software as far back as 2015.

These systems were originally to catch shoplifters, but is now used increasingly to verify identity in high end stores and banks. “In Hangzhou [China], Alibaba has launched a ‘smile to pay’ function in KFC restaurants, designed to attract younger, tech-savvy customers and reduce waiting time and staff demands through automation.” (securitytoday.com) These are the kinds of things we should expect to see in the coming years in the U.S. as far as this technology goes. What’s more, this data will be amassed and used as “big data”, processed and used in algorithms to predict customer behavior based on things like body language, facial expressions, and time spent in different parts of a store. Soon we will have no real way of knowing what information is being gathered about us and what is being done with it.

Please contact us through email at admin@gostst.com  on our website or via phone at 210-446-4863  24/7 to schedule a consultation.

Source: securitytoday.com

Security in the Age of the IoT

 

It is certainly no secret that cybersecurity is ever increasingly a focal point for security professionals. It is now no longer on the periphery and is of serious concern in the video surveillance market. Because of this blurring of the lines between hardware and the digital realm (cloud), a competent security integrator needs to have a team that understands the interplay between the two and can make the best design decisions possible.

Hackers have known for quite some time that video surveillance cameras are some of the easiest to breach pieces of internet connected tech out there. Indeed, there are entire websites devoted to indexing the IPs of unsecured cameras and access control systems around the world. People are going online, without any technical skill, and doing things like turning the lights on and off in stadiums and spying on people though the camera they have placed in their living room.

But many security integrators and dealers lag behind in this area. Although manufactures can be relied on to a point, having at least one member of the team with the know-how to encrypt drives and understand authentication applications is a must. For example, two-factor authentication, now coming standard on some servers, uses “two PIN codes added to [a] Windows Server login — one as a primary password, the other a randomized PIN generated by [a] paired smartphone app, giving integrators an added layer of security”. ( www.sdmmag.com )

Being able to link a system to a two-step authentication through a specific cell number is a pretty strong defense against hackers, who traditionally access these systems through manufacturer back doors, “zero-day” exploits, or simply by using “packet sniffing” programs to watch your traffic and pull the IP and MAC address on your devices.

The prevailing opinion online seems to be that those dealers/integrators who do not keep up with this virtual counterpart to the physical systems they install will risk putting in systems that could be compromised and even lost to hackers. As the IoT expands and proliferates there will be many more individual possible weak points to conduct a security breach against in a network. STST makes use of a wide array of IoT-like devices already, as do many other companies and industries. Mobile connections can be used as backups for hard-wired connections in security solutions but are more critical when a system needs to include 24/7 personal video and control access to a user or users wherever they are. The security industry in general is likely to become increasingly centered around the usefulness and convenience of mobile communication tech, as many of us certainly seem to be already with our personal and social lives.

Security Technology of South Texas is happy to offer custom access control and surveillance solutions with video analytics to the greater South Texas area, designed either turn-key and from the ground up, or integrated into an already existing series of cameras.

Please contact us through email at admin@gostst.com on our website or via phone at 210-446-4863  24/7 to schedule a consultation.