Category Archives: Security

Hacking the Fish Tank

DarkTrace never ceases to amaze.

Check this report :: https://www.darktrace.com/resources/wp-global-threat-report-2017.pdf

Read #6:

Technological innovations keep businesses dynamic and pro table, their employees productive and creative, and their premises exciting and modern. A North American casino recently installed a high-tech sh tank as a new attraction, with advanced sensors that automatically regulate temperature, salinity, and feeding schedules.

To ensure these communications remained separate from the commercial network, the casino con gured the tank to use an individual VPN to isolate the tank’s data. However, as soon as Darktrace was installed, it identi ed anomalous data transfers from the sh tank to a rare external destination.

Anomalous activity detected:

  • Transfer of 10GB outside the network
  • No other company device had communicated with this external location
  • No other company device was sending a comparable amount of outbound data
  • Communications took place on a protocol normally associated with audio and video

The tank’s communication patterns included sporadic communications with company devices, but that activity was in line with similarly con gured IoT devices. The external data transfers, however, were deemed highly unusual by Darktrace’s AI algorithms.

The data was being transferred to a device in Finland where an attacker had managed to gain control over the tank. This was a clear case of data ex ltration, but far more subtle than typical attempts at data theft.

By targeting an unconventional device that had recently been introduced into the network, the attack managed to evade the casino’s traditional security tools. Darktrace’s Enterprise Immune System detected the threat because the technology does not make assumptions about where threats will arise. It detected a subtle anomaly that indicated a much larger threat, and it aided the casino in remediating the vulnerability. The incident demonstrates the need to have complete visibility of every user and device – including internet-connected sh tanks.

Interpol Panel – public invited

Interpol is having their yearly conference in Singapore and normally their is very little public interaction but this year I am moderating a panel that will bring Interpol, the private sector, the startup sector and the VC community together to discuss the future of AI, IOT, and how Interpol will work with the goverment and the private sector to help ensure public safety in a world where automation machines and autonomous cars will become the norm.

Going to be interesting.

For more info and the the email to RSVP – go here :: https://www.interpol-world.com/seedplus

Any questions? Ping me.

APAC banking app security report

Check it out :: https://letstalkpayments.com/launch-of-the-latest-security-report-on-bank-apps-in-apac-at-singapore-fintech-festival/

Highlights:

The report reveals that 85% of mobile banks were vulnerable to high, medium and low security loopholes and over 50% of apps were found to have at least four to six bugs in them.

Here are the key threats to the mobile banking applications that were studied:

  • 13% of the mobile banking applications had broken trust for SSL
  • 15% of the mobile banking applications had Remote Code Execution through the Javascript interface
  • 10% of the mobile banking applications had insufficient Transport Layer Protection
  • 12% of the mobile banking applications had derived crypto keys
  • 26% had other threats that could harm the security of their mobile banking applications

For more info – you can grab the report here :: https://medici.letstalkpayments.com/research-categories/security-report-of-top-100-mobile-banking-apps-apac

https://www.appknox.com/ and https://devknox.io/

Happy mobile banking day!

Is anywhere ever the capital of anything?

Adding this interesting tweet::

Was reading Term Sheet today and came across this.

http://fortune.com/2016/11/15/term-sheet-tuesday-november-15/ :

The Capital of Fintech: There’s apparently a fight, or battle, or race on between cities to become the Capital of FinTech. Hubs, scenes, ecosystems “capitals,” and various spins on the phrase Silicon Valley are overrated.

I see the benefit of mentorship, available capital, and attracting talent, but I don’t quite see the value in fighting over who has the most and biggest. Berlin’s economy minister launched a letter-writing campaign to beg London fintech companies to move. Singapore and Hong Kong are battling with government-sponsored conferences. Does there really need to be a winner? Can’t fintech just be an everywhere thing? (PS. I can’t help but think this is a sign that the fintech frenzy, and its related valuations, might hitting its peak.)

She is referring to this article :: http://www.nytimes.com/2016/11/15/business/dealbook/where-finance-and-technology-come-together.html

Several cities around the world are competing to become the capital, or at least one of the regional capitals, of fintech. If the young financial technology industry has the transformative effect that some have imagined, the contest could also determine the future capitals of finance as a whole.

And then of course for Asia the often coffee chat is around Singapore or Hong Kong:

Hong Kong has lots of competition from Singapore, which recently started its own aggressive effort to become a capital of fintech. Singapore has begun offering some of the same inducements as Hong Kong, including its first fintech week.

Last year, more fintech companies in Singapore raised money from venture capitalists than did in Hong Kong, but the Singapore companies raised less money in sum than those in Hong Kong, according to data from Accenture.

Funny enough all this is happening during FinTech week in Singapore. 🙂

My take is just like the blockchain frenzy we are at peak hype cycle for FinTech – in other words, Peak of Inflated Expectations. Buzzword bingo at its finest. I personally don’t think there will be a capital of FinTech but I could be wrong. 

This goes with my feeling that the only Silicon Valley will be …. Silicon Valley. Same as the next Amazon is still most likely Amazon.

As Erin alludes to – the power of a network, capital, mentors and the support system for a given vertical trend is great but products can be built by people anywhere for anywhere but maybe it helps to be in a Singapore or Hong Kong for some things but not always. Example is Abra based in California but product focused on the Philippines. 

In general though I think some of the core advances in FinTech are more practical and structural and may not need to be based anywhere special. In hearing Neal Cross from DBS the other day he mentioned that DBS has 40% profit margins so chasing the hype of FinTech is silly unless it can beat what they already do. Hint, hint – the banks don’t have a lot of interest in disrupting themselves so focusing on them or their financial centers may not be the answer.

I find it funny that the issues still plaguing banks and how fixing them is little to do with hardcore FinTech. Take for example that all the Singapore banks require you to use a hardware token generator. Mine ran out of battery the other day and I filled out paper forms to turn it in and to get a new one. New one had to be mailed to me and until I got it, I was not able to transact. Yes I know they have SMS tokens but they are for view only – not paying my bills.

Why can’t the bank know I don’t have my token for 5 days but allow me to do transactions that I always do? Pay the power bill for example but don’t let me add a new payee since that could be suspicious activity. Why can’t they use a software based token generator? Why can’t they use touchID on my phone? Why can’t they use my voice?

My point is that practical use cases for disruption in finance may not be connected to having to be in FinTech central.

Back to reality …

AppKnox :: Just the beginning…

I think the best PR for a VC firm is the stories of the companies that the fund has invested in. There has been some PR about SeedPlus and of course we have a lot more stories to go but today I would like to highlight AppKnox. I met the CEO back during his JFDI tenure and I have to admit I did not get to stay up on it once I was unable to commit my time to the JFDI program.

Then I joined SeedPlus and was back to working with AppKnox. The company is a perfect fit for what we are trying to do at SeedPlus which is to take a strong tech product and export it around the globe. And that is exactly what we are doing.

Feel free to reach out if you want to know more about SeedPlus or AppKnox.