Monday, April 10, 2017

What is Pharming ?



Pharming is a scamming technique in which attackers redirect traffic of a legitimate website to another fraudulent website with the purpose of spreading malware or stealing sensitive data from victims. A typical example of pharming will be – a user types amazon.com in the URL bar, but gets redirected to a fraudulent website which looks identical to Amazon website. And, when the user types in his credentials or banking details, the information directly goes to the attackers. Attackers often use several techniques to make it possible.




Pharming vs Phishing


In phishing, attackers typically send a victim an email or SMS containing a link or tricks the victim into clicking on a malicious link in some other way. The malicious link may point to a website which looks quite identical to some legitimate website. If the victim does not understand the trickery and ends up giving sensitive details like credentials or banking information, the information directly goes to the attackers. So, in other words, in a phishing scam, attackers may use an identical looking website, but URL of the website will be different from the actual one, though a victim may not notice the difference and fall prey.

In pharming, on the other hand, a victim types the correct URL of a legitimate website, yet he gets redirected to an identical looking fraudulent website. Attackers often use techniques like DNS Cache Poisoning or compromise host file in a computer to make it possible.

So, in other words, phishing typically uses a bait in the form of a phony email, link or attachment to redirect a user to a fraudulent website, whereas pharming can automatically redirect a user to a fraudulent website, even though the user has typed in the correct URL in the address bar.


How is Pharming done ?


Two major techniques used by attackers in pharming are host file modification and DNS Cache Poisoning. Let’s understand in more detail how these two methods are actually used in pharming.


Pharming using host file modification


When we type a URL in the address bar of a browser, the URL gets converted into a IP address and the IP address is then used to access the actual website. A computer often uses a host file to map IP addresses. A host file is an operating system file that maps hostnames to IP addresses. Attackers often use malware to compromise the host file in a computer, so that when a user types in a legitimate website in the address bar of a browser, the browser gets the IP address of the fraudulent website instead and the user gets redirected to the malicious website, though he typed in the correct URL.

Pharming using DNS Cache Poisoning


When we type a URL of a website in the address bar of the browser, our computer contacts the Domain Name Servers or DNS Servers to resolve the IP address of the website. Now, the Internet does not have a single DNS Server, because that would be very inefficient. Instead, our ISP runs its own DNS Servers, which cache information from other DNS Servers. Our home router has its own DNS Server, which caches information from ISP's DNS Servers. And, our computer has a local DNS cache, which stores responses of previous DNS queries made by the computer.

The function of DNS cache is to store responses of previously made DNS queries, so that next time the same DNS query is made, it doesn't have to contact the DNS Servers again. Instead, it can retrieve the IP address from its cache.

DNS Cache is said to be poisoned when stores a malicious entry instead of a valid one. For example, if we type google.com, for the first time our computer will make a DNS query to appropriate DNS Server and once it gets a response, it will store the IP address of google.com in its DNS Cache, with a timestamp up to which the entry remains valid. Within that time, if we type google.com again, our computer will look at its DNS Cache for the entry.

Suppose, our computer has made a DNS query and waiting for a response from the DNS Servers. But, instead of an authentic response it gets a response containing IP address of the attacker's website. So, its DNS Cache will be poisoned and next time onwards whenever the computer will try to resolve the IP address of the same URL, it will end up being to the attacker's website.

In similar way, DNS Cache of any DNS Server also may get poisoned. Because, ISP's DNS Server gets response from other DNS Servers and it stores the responses in its cache. If that cache is poisoned, the same poisoned entry will spread to all home routers and from them to all computers.

Attackers often use DNS Cache Poisoning for the purpose of pharming. They poison the DNS Cache to store IP address of their malicious website, so that even though a user types in the correct URL, the browser gets IP address of the fraudulent website and the user gets redirected to the attackers’ website even though he typed in the correct URL.


How to prevent Pharming ?


We can always take a couple of steps to protect ourselves in a better way.

  • ISPs can do much to prevent pharming. They can filter out malicious redirects up to a great extent. So, use a trusted ISP. Rigorous security at the ISP level can be a good first line of defense against pharming.
  • It is always a good practice to look at the address bar of a browser and check whether there is any spelling mistakes in the URL before providing any credentials to the website.
  • Pharmers often target banking and ecommerce websites. So, before typing in any financial details, it is always a good practice to verify whether HTTPS is being used. No legitimate website will transfer any sensitive information without using HTTPS.
  • It is always a good practice to verify the digital certificate of a website when you have any doubt. You can go to browser properties menu and click on the “Certificate” tab to verify whether the website is using a secure certificate from its legitimate owner.
  • Look at the padlock of the address bar of a browser to verify whether the connection is secure. An unlocked padlock indicates an unsecured connection.
  • Use anti-malware programs from trusted sources and keep them updated regularly. Some anti-malware programs can detect pharming.
  • Keep your Operating System and browser updated with recent security patches. Attackers often exploit security vulnerabilities present in a system to infect the system. More updated a software is, lesser are its security vulnerabilities.

What is Smishing ?



We often get spam SMS’s. They are not only annoying, sometimes they can be dangerous too. Attackers often harvest phone numbers of potential victims and send them malicious SMS typically containing a link or a number to call back to. When a user clicks on the link or calls the number provided, he falls prey of the scam. This type of scams are called smishing.


A typical example of smishing will be an SMS like this :

We’re confirming you’ve signed up for our dating service. You will be charged $2/day unless you cancel your order clicking on the link http://somescam.com


If a victim clicks on the link, he may get redirected to a malicious website spreading malware or even he may end up being in a fraudulent website looking identical to some legitimate website and end up compromising sensitive credentials or other personal details.




Smishing is a type of phishing scam in which attackers use SMS or Short Message Service to deceive users. Attackers often use smishing to steal sensitive information from users or to spread malware.

The term “smishing” is derived from two words “SMS” and “phishing”. An SMS is typically used in this type of scams and hence the name.


Some real life examples of Smishing


Amazon Phishing Scam


This smishing scam appeared in January, 2017. In this scam, a victim typically gets an SMS as mentioned below:

Order Confirmation (#101-2341765-1192723)
Order total: 70$
If you did not authorize this purchase, click http://bit.ly/amazon-refund to Cancel and Refund.

As usual the link points to some fraudulent website that looks quite identical to Amazon website and asks for sensitive credentials from the victim. The fake website even asks for entering credit card numbers to the victims. No doubt on providing such sensitive details the victims’s Amazon account as well as financial details get compromised.


However, if you look carefully, you can notice some pointers that indicate the SMS is not legitimate.

  • It should have been written as $70 and not 70$. A legitimate communication should not have this mistake.
  • It is unlikely that Amazon will send a link using such URL shortening service.

However, if a user gets any such unexpected text, the best way to deal with it would be not to visit the provided link, but to login in legitimate Amazon website and verify the active orders. The user can also call the Amazon customer care and clarify.

Apple Phishing Scam


This smishing scam appeared in 2016. A victim typically gets an SMS as mentioned below:

Your Apple ID has been locked for invalid details and is pending termination. Confirm your details at http://somesmishinglink Apple.

In this case also, if a victim clicks on the link, he gets redirected to a fraudulent website which looks identical to legitimate Apple’s website and it asks for sensitive credentials from the victim.

However, if any user gets any such SMS, the best response would be not to visit the link, but to login in the legitimate website of Apple and check whether there is any such notification or to call Apple customer care directly to verify.



Netflix Phishing Scam


This smishing scam also appeared in 2016. The scam mainly targeted Australian Netflix users.

Update your Netflix Account so you can continue enjoying your Netflix service. http://somesmishinglink

This link also points to a fraudulent website looking identical to legitimate Netflix website and asks for sensitive credentials. A user receiving any such SMS, however, should verify the information going to legitimate Netflix website instead of clicking on the link or call customer care of Netflix and report it.


How to prevent Smishing ?


We can always take a couple of steps from our side to protect ourselves in a better way.

  • Never ever share your financial information via SMS, call or email. A bank will never ask for that to any of its customers.
  • Do not follow instructions on an SMS sent by an unknown sender. Delete such SMS instantly.
  • Please be alert to the fact that an SMS claiming to be from your bank may not be genuine.
  • Do not click on any link of an SMS sent by an unknown sender.
  • If you get an unexpected SMS asking for providing any sensitive information quickly, be careful. Attackers often use social engineering to create a sense of urgency to the victims and ask for a quick response, so that victims do not get much time to think and reveals all the requested sensitive information instead.
  • It is always good to block unwanted numbers from sending texts or calls.
  • If an SMS sent by some unknown sender asks for calling a number, do not do that.
  • If anything looks suspicious, do your research before responding. Sometimes a simple google search reveals a lot.
  • Use your common sense and caution and make sure you do not fall victim of identity theft.
  • Beware of messages that come from numbers that do not look like phone numbers, for example 5000 numbers. These messages are actually sent by email-to-text services. Attackers often use these services to mask their identity.
  • Never reply to any suspicious messages hurriedly. If your bank is to cancel your credit card, you should be able to call your bank customer care and discuss the matter with them.

What is Vishing ?



Vishing is the practice of using social engineering over telephone system with the purpose of stealing sensitive financial information or other sensitive personal data from a victim. Vishing is one of the most serious threats today and is widely perpetrated by criminals.


The word “vishing” is a combination of two words “voice” and “phishing”. In this technique, attackers use telephone system to do phishing and hence the name.

Vishing is typically used by criminals to steal sensitive banking information like account number, PIN, password, OTP and credit card numbers or to steal other personal details of users that the attackers can exploit to perpetrate identity theft.

Attackers often use VoIP and automated system like IVR to perpetrate vishing. They may even use techniques like War Dialing and Caller ID Spoofing to serve their purpose.


What is War Dialing ?


Attackers often use war dialing to harvest phone numbers of potential victims. It is a technique to automatically scan a list of telephone numbers in a particular region. Attackers often use a dedicated software to dial all numbers in a local area one by one. As soon as they get a response from any number, they simply note it down, so that they can later use it for vishing.


What is Caller ID Spoofing ?


Attackers often use Caller ID Spoofing to deceive a victim in vishing. They mask the actual caller telephone number and a different deceiving number appears in the receiver of the victim.

Attackers can use a variety of methods and different technologies for that purpose. In the past, Caller ID Spoofing would require an advanced knowledge, but nowadays attackers often use VoIP or PRI lines to do that easily. For example, some VoIP providers give a user the option to configure the displayed number. This has lots of legitimate uses also. For example, a doctor may want to answer a patient from his home, but may not want to reveal his home phone number at the same time. But, attackers often use this technique to hide their identity and impersonate others.

How does Vishing work ?




Attackers may perpetrate vishing as mentioned below.

  • Criminals first harvest phone numbers of potential victims. They may use several techniques for that purpose. They may steal phone numbers from an institution or they may use war dialing to find out valid phone numbers.
  • The criminals then start making calls to potential victims. They usually use Caller ID Spoofing to deceive the victims and hide their identity.
  • In a vishing call, the attackers may trick a user in revealing sensitive financial details. They may say the call is from a bank and there is a problem with the user’s bank account or credit/debit card and the user needs to give his financial details to the caller in order to address the problem. The attackers may also use automated instructions to ask the victim to type in his credit card number, account number or PIN on the keypad. And, in some cases, the attackers ask the victim for his personal details that the attackers can later use to impersonate the victim for fraudulent purposes.

A real life example of Vishing


A widely perpetrated vishing scam is Microsoft tech support scam. In this scam, the attackers typically call a victim posing as a member of Microsoft technical support and inform the victim that his computer is infected with malware which is generating all sort of errors. The attackers can then ask for remote access of the victim’s computer or ask the victim to download some software or fake anti-malware programs to solve the victim’s problem. Some attackers may even deceive a victim to reveal his bank account information to make a payment. In other words, the goal of this vishing scam is to infect the victim’s computer with malware or to steal sensitive financial details from the victims.


How to prevent Vishing ?


Vishing is very difficult for legal authorities to monitor or trace. But, we can always take a couple of steps to protect ourselves up to a significant extent.

  • Never ever provide your financial details over phone. A bank will never ask for your account number, credit card number, password or PIN over phone.
  • If someone is asking for any OTP or One Time Password over phone, be sure it is a scam. OTPs are meant for users only and no legitimate authority will ever ask for any OTP from any user.
  • Do not reveal any personal details or personally identifiable information over phone. If you have any doubts, you can politely inform the caller that you are going to call back and then call the authentic number of the website/provider/institution to verify about the call. It is always better to be safe than sorry.
  • If you get a call informing any of your web account is having some problem, please do not reveal any information immediately. You can always login to your account visiting the legitimate website and verify whether there is any such notification or you can call the legitimate customer care numbers and clarify.
  • Get your number registered on the National Do Not Call Registry to block automated calls. It may not stop vishing, but you would get far fewer automated calls than you are used to.
  • Do not trust the caller ID of a phone call. As said above, attackers can very easily spoof that.
  • If you think you have fallen victim of vishing and your financial information are compromised, immediately call the bank and report the incident. Verify whether there is any unauthorized transaction. Also, immediately change your IPIN, password, ATM PIN or other credentials that may have been compromised.
  • It is always good to report vishing incidents to appropriate legal authority. It often helps a lot in catching the actual criminals.

So, to summarize, never ever reveal any financial information or any personally identifiable information over phone. It is always good to verify the authenticity of a call before responding. Be informed about various security threats and stay safe and stay secure.

Thursday, April 6, 2017

What is Rooting of Android devices ?


We often here the term “rooting” of Android devices. Some people root their Android devices and often we hear malware roots a device and steals sensitive data. What is rooting actually ? Should we root an Android device ? Why do people root a device ? And, what are the security concerns of rooting a device ? Let’s understand that in more detail.




What is Rooting of an Android device ?


Android uses Linux kernel. And, all Unix based operating systems have the concept of “root” user, which has administrative privileges. By default, an Android user does not have administrative privileges on his Android device. Rooting is a technique which gives a user the administrative privileges on his device.

Why do users root an Android device ?


There are several purposes for which rooting is usually done.

  • Users often root an Android device with the purpose of overcoming limitations put by carriers or hardware manufacturers.
  • By default a user does not have administrative privileges on his Android device and so he cannot alter system applications and settings. Rooting gives the user administrative privileges, which enables the user to alter or replace these system applications and settings.
  • Rooting enables a user to run specialized applications that require administrative privileges on the device.
  • Users can even completely remove or replace the operating system of the device after rooting.
  • Rooting enables a user to remove pre-installed applications.
  • Rooting gives the user lower-level access to the hardware of the device. For example, it enables the user to control status lights or recalibrate touch screens.
  • Users often root an Android device to get better control of the Android device. For example, the user can change themes, icons or boot animations that appear while the device is booting. He can even overclock or underclock the CPU and the GPU or automate system level processes through third-party applications.
  • After rooting, users can even install custom firmware or custom ROM to get better control on the rooted device.

How do Android applications work actually & how does rooting make a device less secure ?


Android applications are written in java. The application code along with other required data and resource files are kept in an APK or an Android Package that a user uses to install the application on his device.

By default, an Android device may contain several sensitive data about the user like location, contacts, messages etc. So, Android needs to make sure an unauthorized application cannot access all the sensitive data unnecessarily or for malicious purpose. To ensure that, Android takes a couple of steps.

Android is a multiuser operating system. Each application on an Android device runs as a different user. When an application is installed on a device, it is given a unique user ID along with its own set of permissions. Moreover, each process has its own VM and an application runs in isolation from other applications. In other words, every application runs its own process in its own VM as a separate user, so that it cannot access data of other applications unnecessarily. However, two applications can communicate with each other using IPC to share data between them.

By default, an Android device can have three types of users :

  • Primary User – It is the first user added to the device. This user has more privileges than other users and can manage the settings. This user cannot be removed except by factory resets and is always running even when other users are in the foreground.
  • Secondary User – These are the other users added to the device. They can be removed easily by themselves or by the primary user and cannot impact other users on the device.
  • Guest User – An Android device can also have a guest user. It is basically a temporary user and the user along with its data are deleted immediately after its work is over. There can be only one guest user at a time.
So, how does rooting impact security of an Android device ? Malware often uses social engineering to deceive a user into running malicious programs. These malicious programs when by trickery is run by an innocent user get the same privileges that the user has. If the user is an administrative user, the malware will easily get administrative privileges on the device. And, if the user is a normal non-administrative user, the malware will only get non-administrative privileges, unless the malware uses some other vulnerabilities in the system that can escalate the privileges.

So, in other words, for a normal Android user, even if the device is infected by malware, the malware can have limited capabilities. But, if the device is rooted and the user has administrative privileges, the malware can easily exploit that to gain system level access on the device and cause more harms. It can steal all the sensitive data from the device easily or cause monetary losses.

Moreover, rooting a device voids warranty of an Android device. Google does not officially support a rooted device. Some Android applications even refuse to run on a rooted device. Applications often run an API called SafetyNet for that purpose. They perform this check before running on a device and refuse to run if the device is rooted. Android Pay is one such application which does that. There are quite a number of other applications which do that. Moreover, rooting can even brick a device if not done properly.

How to secure a rooted Android device ?


One should not root an Android device. And, if a user must, it is extremely important for the user to make sure the device remains secure.

  • If you rooted an Android device and now have changed your mind, you still can unroot a device. There are quite a number of tools available for that purpose.
  • On a rooted Android device, please make sure applications are installed only from official App Store. It is always good to review the permissions requested and the reputation of the developer before installing the application. If the application is unsafe, the damages will be much more for a rooted device.
  • Use your common sense while accessing the Internet using the device. Do not click on unsafe links, do not open attachments of emails sent by unknown sender and it is better not to browse unsafe websites.
  • Please make sure you configure proper Android Firewall. It is always advisable to prevent applications from accessing the network unnecessarily. This can prevent malware from installing on the device, as well as can prevent malware from exfiltrating sensitive data.
  • Use anti-malware programs from trusted sources and make sure you update them regularly.
  • Keep the device updated with recent patches of Android and other applications. More updated a device is, lesser are its known vulnerabilities.
  • Please make sure you backup your device often. This can help a lot in case the device is infected by malware like ransomware as well as when something goes wrong with the device.
  • Please be careful while accessing public WiFi. Please do not transfer any sensitive data while accessing a public WiFi and give no sensitive credentials and other information.
  • Please do not save any password of any online servicees or sites on the device.
  • Use Android in-built security like PINs, passwords, patterns or biometric locks. Please make sure you lock a device when it is not used.
  • There are some applications which hold lots of sensitive data. You can lock those applications separately as a second layer of security to prevent anyone from accessing the data even if he manages to unlock the device. There are quite a number of applications available for that purpose.
  • You can enable remote wipe on your Android device. This will prevent thieves from accessing the sensitive data even if they manage to steal the device.

Monday, January 16, 2017

What is Fog Computing ?



Cloud models for IoT are not designed for the volume, variety and velocity of data that the IoT generates. Billions of connected IoT devices generate a huge amount of data every day. Moving all the data to the cloud for analysis would require bandwidth and time. By the time the data goes to the cloud for analysis, the opportunity to act on it may not remain. And, to address that concern fog computing is developed.


What is Fog Computing and how is Fog Computing different from Cloud Computing ?

 





The term fog computing refers to extending cloud computing to the edge of an enterprise’s network. As said above, IoT devices consume cloud services and generate a huge amount of data. Using fog computing, the data gathered by the IoT devices can be processed close to where the data is generated up to certain extent, instead of analyzing the whole of it in the clouds.

For computing does the following:

  • Instead of sending the vast amount of data collected by the IoT devices to the cloud, it analyzes the most time-sensitive data nearer to the devices.
  • It sends selected data to the cloud for historical analysis and longer-term storage.

The fog brings the cloud closer to the IoT devices that collect the data. The devices called fog nodes can analyze the data collected up to a certain extent. Any device with computing, storage and network connectivity like an industrial controller, switch, router, embedded server and video surveillance camera can be a fog node. And, these fog nodes can be deployed anywhere with a network connection, like on a factory floor, on top of a power pole, in a vehicle etc. These fog nodes run IoT enabled applications & can respond in milliseconds. They can also provide a transient storage for a couple of hours.

These fog nodes can analyze almost 40 percent of data being collected. As a result, it minimizes the latency of the IoT devices, offloads traffic from the core network and can keep sensitive data inside the network, instead of transferring it to the cloud for analysis.

Fog nodes get the data collected from the IoT devices and then directs different types of data to different places for analysis.

  • The most time-sensitive data is analyzed on the fog node closest to the IoT devices that collect the data.
  • If the data can wait for seconds or minutes, they are sent to aggregation nodes for analysis.
  • Less time sensitive data is sent to the cloud for historical analysis, big data analytics and long term storage.


Advantages of Fog Computing


There are a number of advantages of using fog computing.


  • As said earlier, as fog applications can monitor and analyze data collected by IoT devices in real-time, it can enable the devices to respond immediately and initiate an action, like locking a door, changing equipment settings, zooming cameras, opening a valve etc in real-time.
  • As fog computing can speed up response of IoT devices, it can improve output of the devices and increase safety. For example, if oil pipelines experience a change in pressure, pumps can automatically slow down to avoid disaster.
  • Fog applications can analyze collected sensitive data locally instead of sending it to the cloud for analysis. As a result, they can provide better privacy controls.
  • As fog applications process selected data locally, they can conserve network bandwidth and lower operating cost.


Applications of Fog Computing


There are several applications of fog computing.

Smart Grids


A smart grid is an electricity distribution network, with smart meters deployed at various locations to measure real-time status information. These information collected by the smart devices can be analyzed in real time by the fog nodes and enable real-time responses, like stabilizing a power grid in response to a change in demand or other emergency.

Smart Vehicles


Fog computing can be integrated into vehicular networks. Fog nodes can be deployed along the roadside and send or receive information to or from the running vehicles. It can also utilize vehicles on-the-fly to form a fog and cloud and support real-time events like traffic light scheduling, congestion mitigation, parking facility management etc.


Healthcare


Health data collected from the patients are by the IoT devices are sensitive and private in nature. With fog computing, the collected data can be analyzed in real-time locally, instead of sending it to the cloud for analysis. As a result, fog applications can maintain privacy of data in a better way.


Smart Cities


Fog computing can be used efficiently in smart cities. Data collected by the smart devices can be analyzed by the fog nodes to control traffic congestion, public safety, high energy use and municipal services in real-time. Moreover, cellular networks often have bandwidth limits which does not meet the requirements all the time. In fog computing, data can be analyzed by fog nodes locally up to a certain extent and thus can optimize network usage.


Smart Buildings


A smart building may contain thousands of sensors to measure various parameters like temperature, keycard readers, parking space occupancy etc. Using fog computing to analyze the data can enable real-time actions like controlling lighting, triggering alarms or addressing other emergency situations.

Security


Often video cameras are used to monitor public places like parking lots, buildings etc for enforcing security. Data collected by those devices needs a large bandwidth to be able to be transported to the cloud for analysis. Using fog computing, the collected data can be analyzed in real-time to monitor and detect anomalies and respond to it accordingly.


Thursday, January 12, 2017

Smart Contracts and Blockchain



Smart contracts are computer protocols that can facilitate, verify or enforce the negotiation or performance of a contract or make a contractual clause unnecessary. They usually have a User Interface and can emulate the logic of contractual clauses. The can execute the terms of a contract in an automated way. They can make contractual clauses partially or fully self-executing and self-enforcing.

Usually users need to go to a lawyer or a notary and pay them to get the document. In case of smart contracts, one has to pay with cryptocurrency and the smart contract is created. A smart contract do not only define rules and penalties in an agreement, but also can enforce them in an automated way. It is usually written as code, that is placed in a blockchain. At triggering events like an expiration date etc the contract is executed according to the coded terms.


How is Blockchain used in Smart Contracts ?





Smart contracts are implemented using blockchain. Once a smart contract is created, it is placed in a blockchain. It typically works in the following way:

  • A user requests a transaction. The transaction can involve contracts, records or cryptocurrency.
  • The request is broadcast to a P2P network consisting of computers, called nodes.
  • The transaction and the user’s status are verified using known algorithms.
  • On successful verification, the verified transaction is added to a block along with other transactions.
  • The block is added to the blockchain.

Regulators can use the blockchain to learn about the current activities in the market. At the same time, the individuals involved can remain anonymous and maintain privacy.



An Example of using a Smart Contract





Let’s understand the whole concept with a very simple example.

Suppose Adam wants to rent a property from Bob. To do that, Adam would need to pay using cryptocurrency through blockchain. A smart contract would be created between Adam and Bob, where the terms will be written as a code. The smart contract would be placed in the blockchain.

Bob would then need to provide a digital key by the effective date of the agreement. On the effective date of the agreement, the appropriate terms would be executed and Adam would get the property, while Bob would get the payment. So, even if Bob releases the digital key before the effective date of the agreement, blockchain will hold the key and it will get released only the scheduled date. And, if Bob is unable to release the digital key, Adam would automatically get refunded. The terms of the smart contract will be automatically executed and the smart contract will get expired automatically after the scheduled period.


Advantages of Smart Contracts


There are a number of advantages of using a Smart Contract.

  • Smart Contracts eliminate the need of any intermediary like a broker, lawyer etc.
  • The documents are encrypted in blockchain, which makes it much more secure. Also, the involved parties can be anonymous and maintain privacy.
  • Usually a user has to spend lots of time for paperwork or to manually process documents. Smart contracts can automate the whole process, thereby saving time.
  • As smart contracts eliminate the need of intermediaries, it saves costs involved in the whole process.
  • As smart contracts are executed in an automated manner, it helps in avoiding errors that result from manual execution.


Applications of Smart Contracts


There are many applications of smart contracts.

  • One can use smart contracts for all sort of situations ranging from financial derivatives to insurance premiums, breach contracts, financial derivatives, credit enforcement, legal processes, property law or even crowd funding agreements.
  • Smart contracts can be used to facilitate business operations that usually go through lots of issues resulting from independent processing and lawsuits and settlement delays.
  • Smart contracts can be used in contracts involving shares, bonds or derivatives. It can also facilitate mortgage, which is often manual and confusing. Smart contracts can automate every aspect of the transaction including payment processing and signing mortgage agreements.
  • Smart contracts can be used in property transfers and can improve transaction integrity, efficiency and transparency.
  • Smart contracts can be used in supply chain along with IoT to track managed assets and products from factories.
  • Smart contracts can automate insurance claims and speed up processing, verification and payment.
  • Smart contracts can also be used in clinical trials and medical research studies to facilitate many sensitive agreements like involving cross-institutional data sharing.
  • Smart contracts can be used in cancer research automating patient data consent management and incentivizing data sharing.
  • Smart contracts can also be used in a blockchain protected voting system to facilitate secure voting and improve voter turnout.


Thus smart contracts can eliminate intermediaries in a contract and save time, extra costs and increase security in a negotiation. This was a short introduction to smart contracts. Hope it helped.