OWASP (Open Web Application Security Project) is a non-profit organization that provides cost effective security information about computer and Internet applications. Today’s Event is held by local Helsinki chapter. Agenda is to present and talk about the security of Blockchains, security labels on consumer devices and about deploying Bug bounties.

First presentation focused on Cryptocurrencies and the technology they use(i.e blockchain). Halfway trough, we got to security. The presenter provided us a site that shows vulnerabilities on different kind on cryptocurrency wallets.

Hacker erased Ether(ethereum technology based token) worth $60 million dollars using a bug on the system.

Next subject handled IoT device identification security. IoT devices have an identity, but they need to contain anonymity aswell. Hackers could potentially target the signal these devices send, or even the hardware, if code integrity or flow control are compromised.

Things to take into consideration when designing an IoT -device. (Note the”User awareness”, often personal data can be compromised by user error)

Direct quote from the speaker(he preferred his name not being mentioned ): “Basically there are no rules at the moment” when it comes to cryptocurrencies and blockchains. This means that the user should be very careful when handling funds through them.

Second subject of the evening: IoT security labels on consumer devices.

Goals on developing and maintaining security labels

In the future, we will need regulations and protocols with manufacturing IoT devices. The National Cyber Security Centre Finland (NCSC-FI) provides this solution in form of a security label, that could be an answer for the security problems IoT devices create. These risks might be i.e private data leaks, heavily user targeted advertisement and even loss of financial data like credit card information

On of the requirements presented for security label, was to neutralize the need for default login credentials(i.e “admin, admin” type credentials).

According to the presenters(anonymous again), many Finnish companies agreed that a third party verification(security labels) are needed to create a healthy and maintainable market for IoT devices. Also according to a user conducted survey; “consumers are ready to pay 10% more for secure and safe devices.”

A draft for applying a security label

Conclusion:

In the future, security labels are needed to regulate and maintain security risks that IoT devices create. Consumers are ready to pay more for this kind of security. Finnish legislation will most likely have laws to protect users in the future.

Loppukevennykseksi tarjoilla hulppeaa verkostoitumista. Tarjolla mm. Sauna, Disobey olutta ja palju.

Mikälie tottelematon Lager -olut. Maku oli kyllä mitä mainioin.

mmmmm…

Sources:

OWASP Helsinki Chapter Official -site 2019. https://www.owasp.org/index.php/Helsinki. Read. 21.5.2019

Cryptocurrency wallet vulnerabilities. https://wallet.fail/ Read. 21.5.2019

NSCSC-FI official -site 2019- https://www.kyberturvallisuuskeskus.fi/en. Read. 21.5.2019