Why Augmented Reality Adds Network Risk
Applications that use augmented reality, such as Pokemon Go, pose a serious danger to organizations, but there are steps that will help eliminate these risks.
Augmented reality (DR) is not new in itself, but the explosive popularity of Pokemon Go has shown that the time for this technology is due to a combination of technological advances and cultural changes.
')
Mobile devices now have computational power and connection speeds to fully support DR. People accepted gadgets that are always online and geolocated as part of everyday life, despite the potential privacy risks.
A much more significant risk is present for organizations that are not prepared for the effects of DR on the network and security, as there are more and more applications that use additional reality.
Imagine two company employees: one employee connects his device to a printer in the office to get a manual or online instructions for replacing toner or removing jammed paper. The second is an engineer who uses the tablet to obtain information on the repair of critical equipment at an electrical substation. Both of them are real users of extra reality and it’s easy to see the commercial potential and benefits.
However, in addition, it is easy to see the risks involved. Traffic that allows you to do all this “magic” passes through your network, revealing the details of the IP address, location, device type, user access rights and much more. If a hacker intercepts such traffic, as it was already possible with Pokemon Go traffic, how do you think he can learn about the user and the network?
It is therefore not surprising that the US Pentagon and the Israel Defense Department have banned their employees from using Pokemon Go due to the potential impact of the application on security.
So what are the real risks of DR for organizations and how can you solve them?
To understand this, let's consider the type of network traffic generated by the DR application, as well as what information it shows.
IXIA's ATI (Application and Threat Intelligence) team recently analyzed the connection between Pokemon Go and Niantic (application developer) servers, which revealed interesting security findings. (more about the study can be found here .
Pokemon Go, like many other additional reality applications, uses device location data to provide users with relevant information based on their location and environment.
It’s not hard to imagine a hacker who combines localization data with other personal data (remember that the Pokemon Go user agreement allows Niantic to access personal data, including Google profiles, search history, etc.) to create a detailed one-to-one picture of user behavior. This kind of data is very valuable for criminals.
In addition, communication between the Pokemon Go application and its servers is carried out via HTTPS, but earlier versions of the application do not support attaching a certificate, which makes it possible to easily perform a man-in-the-middle attack to intercept data.
Thus, it is easy to see user data that applications of additional reality provide as part of their functionality, which allows hackers to track information and manipulate it if the application security has any vulnerabilities. The key point is that the nature of the DR itself is such that it is personalized for each specific user.
This means that the PD must have access to some personal data - geolocation, purchase history, financial details, etc. Does this information need to be transferred outside your organization’s network?
Just four days after the launch of Pokemon Go, cybercriminals created a fake version of the application, complete with built-in malware, which provides a convenient application model for other new applications of additional reality.
The possibilities for malware in DR applications are almost endless: keyloggers for capturing user credentials, mobile remote access Trojan (mRAT), which can infect a device and secretly intercept data and communications, or an agent that downloads other malware in network through the device.
This is a very important issue, so now organizations are deciding how best to manage and control the applications of additional reality in their network, to get ahead of the curve and organize protective measures before the explosion of interest in the next DR application.
All of these factors are important when deciding on the need and choice of a mobile device management (MDM) system, since DR applications such as Pokemon Go are focused on the mobile device market. Staff training and awareness raising is also crucial, as human error and inattention are often the key vulnerability that cyber-criminals exploit.
The next factor in a risk mitigation strategy for DR should be the visibility of application traffic on the network. To protect against the impact of sensitive data or the introduction of malicious data, enterprises must ensure full visibility in real time and an understanding of their network traffic throughout the entire time.
There are a variety of tools and solutions for providing such network visibility (for example, described here ) What companies are looking for is intelligent filtering and distribution, including Layer 7 application traffic and encrypted traffic at line speed and without packet loss.
» A good example of such a solution is visibility.
Without this end-to-end visibility, additional reality can significantly affect the security of your organization.
#IXIA
Augmented reality (DR) is not new in itself, but the explosive popularity of Pokemon Go has shown that the time for this technology is due to a combination of technological advances and cultural changes.
')
Mobile devices now have computational power and connection speeds to fully support DR. People accepted gadgets that are always online and geolocated as part of everyday life, despite the potential privacy risks.
A much more significant risk is present for organizations that are not prepared for the effects of DR on the network and security, as there are more and more applications that use additional reality.
Imagine two company employees: one employee connects his device to a printer in the office to get a manual or online instructions for replacing toner or removing jammed paper. The second is an engineer who uses the tablet to obtain information on the repair of critical equipment at an electrical substation. Both of them are real users of extra reality and it’s easy to see the commercial potential and benefits.
However, in addition, it is easy to see the risks involved. Traffic that allows you to do all this “magic” passes through your network, revealing the details of the IP address, location, device type, user access rights and much more. If a hacker intercepts such traffic, as it was already possible with Pokemon Go traffic, how do you think he can learn about the user and the network?
It is therefore not surprising that the US Pentagon and the Israel Defense Department have banned their employees from using Pokemon Go due to the potential impact of the application on security.
So what are the real risks of DR for organizations and how can you solve them?
What is in the data?
To understand this, let's consider the type of network traffic generated by the DR application, as well as what information it shows.
IXIA's ATI (Application and Threat Intelligence) team recently analyzed the connection between Pokemon Go and Niantic (application developer) servers, which revealed interesting security findings. (more about the study can be found here .
Pokemon Go, like many other additional reality applications, uses device location data to provide users with relevant information based on their location and environment.
It’s not hard to imagine a hacker who combines localization data with other personal data (remember that the Pokemon Go user agreement allows Niantic to access personal data, including Google profiles, search history, etc.) to create a detailed one-to-one picture of user behavior. This kind of data is very valuable for criminals.
In addition, communication between the Pokemon Go application and its servers is carried out via HTTPS, but earlier versions of the application do not support attaching a certificate, which makes it possible to easily perform a man-in-the-middle attack to intercept data.
Thus, it is easy to see user data that applications of additional reality provide as part of their functionality, which allows hackers to track information and manipulate it if the application security has any vulnerabilities. The key point is that the nature of the DR itself is such that it is personalized for each specific user.
This means that the PD must have access to some personal data - geolocation, purchase history, financial details, etc. Does this information need to be transferred outside your organization’s network?
Malware
Just four days after the launch of Pokemon Go, cybercriminals created a fake version of the application, complete with built-in malware, which provides a convenient application model for other new applications of additional reality.
The possibilities for malware in DR applications are almost endless: keyloggers for capturing user credentials, mobile remote access Trojan (mRAT), which can infect a device and secretly intercept data and communications, or an agent that downloads other malware in network through the device.
Who controls?
This is a very important issue, so now organizations are deciding how best to manage and control the applications of additional reality in their network, to get ahead of the curve and organize protective measures before the explosion of interest in the next DR application.
All of these factors are important when deciding on the need and choice of a mobile device management (MDM) system, since DR applications such as Pokemon Go are focused on the mobile device market. Staff training and awareness raising is also crucial, as human error and inattention are often the key vulnerability that cyber-criminals exploit.
The next factor in a risk mitigation strategy for DR should be the visibility of application traffic on the network. To protect against the impact of sensitive data or the introduction of malicious data, enterprises must ensure full visibility in real time and an understanding of their network traffic throughout the entire time.
There are a variety of tools and solutions for providing such network visibility (for example, described here ) What companies are looking for is intelligent filtering and distribution, including Layer 7 application traffic and encrypted traffic at line speed and without packet loss.
» A good example of such a solution is visibility.
Without this end-to-end visibility, additional reality can significantly affect the security of your organization.
#IXIA
Source: https://habr.com/ru/post/310520/
All Articles