In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. A study of 4.8 billion automated…
Archive for the ‘connected devices’ Category
Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)
In-brief: ARM’s purchase of Simulity adds the ability to do over the air updates to embedded SIM chips and highlights ARM’s efforts to build out security and management at IoT scale. A tiny deal this week by ARM could have a big impact on the security of the Internet of Things. The company, which makes a wide range of low power…
Posted in ARM, connected devices, hardware, harman, Internet of things, M&A, mirai, Network, OTA update, over the air update, Patching, Platform, sensor, SIM card, smart infrastructure, software, Top Stories | Comments (0)
At Source Boston, Josh Corman of the Atlantic Council said that healthcare is suffering from a lack of security talent, devices rife with vulnerabilities, and government incentivizing bad behavior.
Posted in Atlantic Council, connected devices, healthcare security, I Am The Cavalry, Internet of things, IoT, IoT security, Josh Corman, Medical device security, security research, SOURCE Boston, vulnerabilities | Comments (0)
St. Jude Medical patched the Merlin@home Transmitter, addressing flaws made public last year in a controversial disclosure by MedSec Holdings and Muddy Waters.
Posted in connected devices, Food and Drug Administration, Internet of things, IoT, IoT patches, IoT security, Justine Bone, Medical device security, medical device security patches, MedSec, Muddy Waters, short stock sale, St. Jude Medical patches, vulnerabilities | Comments (0)
In-brief:Security and privacy risks from connected devices are likely to persist, with no easy fix for what experts agree are widespread problems. The annual Consumer Electronics Show kicked off this week in Las Vegas – the show’s 50th year and bigger than ever. Some 3,800 companies are on hand, more than 100,000 attendees and 2.6 million square feet of exhibit space. Smart devices designed to be connected to the Internet of Things are all the rage again this year. Smart TVs and mobile phones are in abundance, of course, but there’s a dizzying array of other gear, too, ranging from a smart washer and dryer from Samsung to wearable technology to a concept car by Bosch that features face recognition and gesture control. But behind the glitz and excitement of new products, features and capabilities lurk serious security and privacy concerns that experts agree will not be easy to resolve. Among […]
When thinking of cyber threats, malware, phishing, and data breaches typically come to mind. But as 2016 has shown us, threats don’t stop there. Cybercriminals are getting more and more creative and finding new, sophisticated methods of attack to access our data. One of the more successful methods as of late: attacking connected IoT devices in the smart home.
These smart home devices can be almost anything – a connected thermostat, lightbulb, camera, the list goes on. In fact, according to Gartner, there are 5.5 million IoT devices connected in homes each day around the world. And with all of these devices connecting to one router, there’s now that many more gateways into your smart home network, making it more susceptible to compromise.
The question is: how likely is such a breach? Many of these connected devices are manufactured with low security standards. Just remember what happened with the Dyn DDoS attack. Low device security standards caused one of the largest Internet of Things (IoT) botnet attacks in recent history, affecting almost the entire east coast in the process.
I know what you might be thinking – that attack was caused by compromising thousands of IoT devices. But, if a handful of these devices are located in a single home, while the damage may not be as widespread, it can get personal. Once a cybercriminal finds their way inside your home network through these devices, the hacking possibilities are virtually endless. They can control your entire home— flicker your lights, access your camera to peer into your life, shut down your devices, and worst of all, capture any personal data sent across the network.
Now, with all of these devices—in addition to your computer and phone — making up unique (and hackable) gateways into your smart home network, a new security approach is needed. This approach is layered security or sometimes referred to defense in deapth. The way to create this in your home is by adding protection directly into your gateway to protect all the devices in the home. Additional security such as a firewall and antivirus should also be used to protect your network and PCs, laptops, mobile devices and Macs. This layered security strategy is the approach that businesses use to safeguard their data and employees.
While companies like ours work to help ensure your connected homes are as secure as possible, there are a few things you can do directly to protect your smart devices today. Here are a couple of tips for protecting your connected home network, today:
- Change up your passwords. Take standard security precautions with your connected devices, such as regularly updating your login information. Frequently changing the passwords on both your home router and smart home devices is an easy way to ensure your network is better secured. Make sure the passwords are hard to guess.
- Apply updates: Very often these connected device manufacturres will create patches to the firmware to fix known bugs and often implement improved security. It’s important to apply updates when notified by the device manufacturer.
- Be mindful of who’s connecting to your network. We typically don’t think twice about handing out our Wi-Fi password to visitors in our homes, but it’s important to limit access to your network. You can’t keep track of everyone’s activity, so remain conservative and limit who’s getting entry to your gateway.
- Do your homework. When looking to purchase a new IoT device for your home, do your due diligence – research the manufacturer, check security standards, read reviews. If the device doesn’t seem up to par, it’s not worth the risk.
In-brief: MicroChip and Amazon are partnering on a chip designed to pair with Amazon’s IoT cloud and provide cryptographically strong identities for IoT devices. There is an interesting piece on a collaboration between Microchip Technology and Amazon.com on a chip that’s designed to work with Amazon’s cloud services and protect connected devices from certain forms of attack. According to the article, the two firms are marketing an add-on chip called the AWS-ECC508 that works with Amazon’s IoT Cloud, creating a cryptographically secure path between IoT endpoint, cloud services and end user. From the article: The AWS-ECC508 is designed to provide end-to-end security between the IoT device and the cloud infrastructure. It does this by leveraging Amazon’s mutual authentication system, which verifies the identity of the cloud service and the device before any data or commands are accepted. The identities are based on cryptographic keys. Until now, creating such cryptographic identities […]
In-brief: Smart, connected devices from closed circuit cameras to printers and thermostats are undermining the security of businesses, providing possible paths for hackers onto corporate networks, according to a study by the firm ForeScout. Smart, connected devices from closed circuit cameras to printers and thermostats are undermining the security of businesses, providing possible paths for hackers onto corporate networks, according to a study by the firm ForeScout. The study, conducted by noted independent researcher Samy Kamkar, identified seven IoT devices that can be hacked in as little as three minutes, including IP cameras, environmental controls, multi function printers, Voice over IP (VoIP) phones – even “smart” connected light bulbs. Easy to hack, the devices can take days or weeks to remediate, ForeScout said. The devices can become entry points for corporations that malicious hackers use to compromise business networks, said Pedro Abreu, ForeScout’s Chief Strategy Officer. “All these devices have credentials for […]
Next time when you find yourself hooked up behind the wheel, make sure your car is actually in your control.
Hackers can remotely hijack your car and even control its brakes from 12 miles away.
Car hacking is a hot topic.
Today many automobiles companies have been offering vehicles with the majority of functions electronically controlled, from instrument cluster to steering, brakes, and
In-brief: A study by the Online Trust Alliance (OTA), a non-profit focused on online trust, put a figure on how many consumer security vulnerabilities could have been easily avoided. That figure: 100 percent. That’s right…every single one. We’ve been reporting about the low-hanging fruit of vulnerabilities in consumer-focused connected devices for a long time. Years, in fact. Whether the device is a home surveillance camera or a “smart TV” or Bluetooth [fill in the blank], trivial and (often) exploitable security holes are often part of the package. Now a study by the Online Trust Alliance (OTA), a non-profit focused on online trust, put a figure on how many consumer security vulnerabilities could have been easily avoided. That figure: 100 percent. That’s right…every single one. OTA did a survey of vulnerabilities in consumer facing IoT devices between November 2015 and July 2016 and found that all of them could have been avoided had device manufacturers and developers […]