Google Beacon – persistent project or privacy predicament?

Just another day at the office when an unexpected parcel from Google drops on the door step… the random gift of a Google Beacon!

The organisation is pushing the initiative once more by sending businesses free Beacons to encourage implementation. Unfortunately, in today’s security conscious environment these deliveries are sparking more privacy questions than implementations.

What is Project Beacon?

Project Beacon provides proximity experiences for customers using Bluetooth low energy (BLE) technology to send signals to local smart devices. The device continuously broadcasts an identifier which connects to a user’s device. Once your device has interacted with the Beacon it can then transmit its programmed action to the device.

Google Beacon

What are they and why is Google promoting Beacons?

Google is promoting the advantage of improved offline attribution with Google ads. Since the Beacons can be used to pinpoint a physical location, you can track conversion from online advertising to in store visits.

For example, if someone searches for a winter coat locally and visits a Google advertisement for your store but then clicks off before purchasing it wouldn’t have been classed as a conversion. However, with Google Beacon, the device can be tracked into the store as a physical visit.

For the customer, Beacons enable promotions to be broadcasted to receptive devices in the Beacon range to encourage in-store visits. You can read more about the features and benefits of Google Beacon here.

What does this technology mean for privacy?

The concerns around Beacon privacy and security is not just relevant to Google, but other distributors as well, including Apple. Although many may consider these threats minimal, they are still concerns according to Kontakt.io.

Hijacking

As default, most Beacons do not encrypt the data that’s transferred to them from connected devices. Kontakt.io explains a hacker could change the connected Beacon password and change it so that they have full control of the device, putting the entire IoT infrastructure at risk.

Physical tampering

Unsurprisingly, as a Beacon is a physical box, it is also subject to physical attacks. Although this is extreme and unlikely, someone could physically remove the device, take it apart to access its information.

Cloning and Piggybacking

One of the largest threats is from cloning, where an attacker listens to the device and captures Beacon data, copying the information to an external application without consent. After capturing the data, the hacker may clone it, copying the configuration and contents to another Beacon in order to mislead customers. Using a duplicate Beacon opens up an array of possibilities for the hacker, including triggering in-app payments.

As the latest drive continues and technology gets smarter, so do the hackers and the future of project Beacon is still undecided.

virtualDCS BSI certification

We’ve passed again! virtualDCS recertifies its ISO 27001 status

The renewed ISO 27001 accolade showcases the team’s continuous commitment to information security and data protection.

Looking at the entire scope of the business, from how the company purchases teabags to its comprehensive staff vetting procedure, the BSI assessed and commended virtualDCS on its processes and unique structure.

virtualDCS BSI certification

ISO 27001 is the international standard for best practice for information security management systems, covering technical and business controls that ensure a company is managing its data in the most secure way possible.

Richard May, Managing Director of virtualDCS said:

“There’s often some confusion around the standards and what they cover, but in essence, the re-certification shows that we’re managing customer data in the most secure way possible. This means that anyone that works with us can continue to be confident that we’re handling their information with the utmost sensitivity.

Many businesses that have an ISO 27001 certification tend to heavily limit the scope of the audit, but we wanted to encapsulate the entire business and its practices. If we’re going to be certified, then we’re going to do it right.”

Re-certification was truly a team effort as each employee within the company is responsible for a set of unique standard operating procedures. These procedures are monitored and updated by the appointed team member. virtualDCS chose to deploy this unique approach so that information security would be at the forefront of everyone’s mind and at the heart of the business.

For more information contact the team on 03453 888 327, using the contact form below or by emailing enquiries@virtualDCS.co.uk

Infographic: A history of Ransomware

Have you ever wondered where Ransomware came from? Our latest Infographic reveals this and so much more.

What was the first recorded example of Ransomware and how was it administered?  When did it officially become ‘Ransomware as a Service?’

How was this technology spread before the Internet? These are just a few of the questions commonly asked around the latest business threat.

We’ve created this infographic to answer these common queries, but if there’s anything else you’d like to know feel free to contact the team using the contact form below.

 

a brief history of ransomware

1 2