I’m a big fan of history and it is always interesting to think of the ‘what if?’ scenarios. In fact there are plenty of tabletop war games and a lot of video games dedicated to playing out alternative scenarios and also some great books on the subject. ChatGPT offers another way of exploring alternative scenarios and well.. re-writing history. At the moment, it isn’t too sophisticated. Changing history also has political implications – describing events in a slightly different way can give a different slant. It is rarely objective and is almost always based on an incomplete version of the exac ..read more

It’s a nice spring Saturday in 2023 and what am I doing? I am sat inside listening to classical music and writing this instead of being outside enjoying the sunshine! But it is important… The government announcement today: ‘Starting gun fired on preparations for new product security regime‘ published the draft secondary legislation details (pdf) to accompany the Product Security and Telecommunications Act. More specifically: ‘The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations, subject to parliamentary approval.’ The ..read more

Today, the 15th of April 2022, marks the 110th anniversary of the tragic sinking of the RMS Titanic. In 2013, I gave a Pecha Kucha talk in the Titanic museum after the CSIT security conference on the role of the wireless telegraph during the disaster. It’s both a good and bad story – it highlights the many (many!) failings, but it also demonstrated the benefits of wireless communications during a disaster. Just to give you a flavour of the multitude of things that went wrong or contributed to the sinking – the locker in the crows nest that held the binoculars was locked and inaccessible due to ..read more

As the UK’s Product Security and Telecommunications Infrastructure Bill entered Parliament today, I had some time to reflect on how far we’ve come. I was reminded today that today was a long time coming. The person who triggered this was someone that I worked with when I was at Panasonic and he was at Nokia. Twenty years ago, we were sat in one of the smallest meeting rooms at Panasonic Mobile, next to the smoking room as it was the only one available – the Head of Security Research from Vodafone, the Head of Security of GSMA, plus the Security Group Chair of GSMA and me. The topic was hardwar ..read more

Fraudsters are using the Covid-19 crisis as bait to conduct SMS scams on a global scale. Many of these criminals are adapting their existing campaigns to exploit the situation. Some of the examples we’ve seen on the twitter hashtag #covid19scamsms include text messages that trick recipients into divulging their personal and financial details based on lures of ‘goodwill payments’, ‘free home testing kits’ or ‘threats of a fine for breaking lockdown conditions’. In this post, we collate guidance from expert organizations and government agencies worldwide to help mobile phone users thwart such ..read more

I recently wrote about the topic of SIM swapping on my company’s site. This was also posted to the GSMA’s Fraud & Security Group blog. There has been an increase in the amount of awareness of the issue over the last 18 months or so and I expect that to continue throughout 2020. Some factors are driving it – the recently published Princeton paper is probably the first scientific analysis of these problems, especially on the social engineering aspect. Others are the sheer life impact as I describe in my earlier blog – either a huge loss of money or life-takeover of all the victim’s online ac ..read more

Minister for Digital and the Creative Industries, Margot James launches the consultationTime moves quickly in the IoT world. It seems like only five minutes since we launched the Code of Practice on Consumer IoT Security. The staff in the Secure by Design team at DCMS have been working incredibly hard to move forward on the commitments to explore how to identify to consumers what good looks like when it comes to purchasing a connected product. Alongside this, there have been many discussions on the various different possibilities for regulation. The Minister for Digital, Margot James ha ..read more

Today marks the launch of the Code of Practice for Consumer IoT Security following a period of public consultation. You can find out more on the Department for Digital, Culture, Media & Sport’s (DCMS) website. The publication also means that the UK is now way ahead of the rest of the world in terms of leadership on improving IoT security and privacy. As the original and lead author of the Code of Practice, I was really pleased to read the feedback and see that many other people feel the same way about improving the situation globally. I was able to discuss the feedback at length with colle ..read more

There is a lot of support to get poorly secured products off the market. The recent research by Andrew Tierney on the TappLock is just another demonstration of some of the rubbish that is allowed to be sold. I was pleased to see that it had been de-listed by Amazon.   We still have some way to go – the public feedback on the UK government’s IoT security Code of Practice is being reviewed right now, then it’s onto next steps following the publication. My own personal feeling is that this is not about creating lots of new things in terms of security – much of what needs to be done is already w ..read more

I saw a misleading report yesterday from a security researcher who said that the UK’s Code of Practice on IoT security couldn’t have prevented something like Mirai. Luckily I had already written something that explains how Mirai would have been prevented: https://www.copperhorse.co.uk/how-the-uks-code-of-practice-on-iot-security-would-have-prevented-mirai I urge everyone interested to read the Secure by Design report plus the guidance notes within to see where things are going, especially the points about future consideration of regulation; and to understand that the Code of Practice is outc ..read more