Episode 195: Cyber Monday Super Deals Carry Cyber Risk
The Security Ledger Podcasts - A podcast by The Security Ledger
Between Black Friday and Cyber Monday, consumers across the U.S. spent the weekend snapping up deals on home electronics like smart TVs, game consoles and appliances. Total season-to date holiday spending, including Cyber Monday, is over the $100 billion threshold according to data from Adobe. Lots of factors drive consumer decisions to buy one product over another: price and features chief among them. But what about cyber security? Unlike, say, the automobile marketplace, concerns about safety and security are not top of mind when consumers step into a Best Buy or Wal Mart looking for a new flat screen TV. And ratings systems for cyber security, from organizations like UL and Consumer Reports, are in their infancy and not widely used. Episode 170: Cyber Monday is for Hackers Yossi Appleboum is the CEO of Sepio Systems. So “cyber” isn’t influencing buying, but it probably should. As Security Ledger has reported, a brand of Android television made by the Chinese giant TCL was found to have numerous, serious security flaws that could have left it open to remote access and data theft – all without need of a login or password. And TCL acknowledged to Security Ledger that access to on-board cameras and microphones is available to company support personnel, though only with the permission of the owner, according to a company statement. This isn’t a new occurrence. Consumer Reports warned in 2018 about vulnerabilities in smart TVs by Samsung, TCL and Roku that used Roku’s smart TV platform. Expert: Patch Bluekeep Now or Face WannaCry Scenario But concerns about the cyber security of smart home electronics go way beyond TVs. As our guest this week, Yossi Appleboum of the firm Sepio Systems tells us, software and hardware supply chains are rife with vulnerable – if not compromised components. And companies, like consumers, often have no idea whether a product they’ve deployed might be secretly spying on them, or channeling sensitive data to an unknown party or country. While many organizations think the notion of keyboards, monitors and other hardware “spying” on them as the stuff of “James Bond” movies, Appleboum says that the threat is real – and much more common that either companies or consumers are aware. Podcast Episode 128: Do Security and Privacy have a Booth at CES? Appleboum’s firm, Sepio Systems, provides visibility, policy enforcement and “rogue” device mitigation capabilities,