The 1.5 Billion Dollar Market: IoT Security

https://blog.paessler.com/investments-in-iot-security-are-set-to-increase-rapidly-in-2018
The two biggest challenges in 2018 will continue to be protecting against unauthorized access, and patching/updating the software of the device. Companies must not neglect the security problems of IoT and IIoT devices. Cyberattacks on the Internet of Things (IoT) are already a reality.

According to Gartner‘s market researchers, global spending on IoT security will increase to $1.5 billion this year.

1,618 Comments

  1. Tomi Engdahl says:

    ICS / IIoT Market Segmentation Needed So We Can Communicate Effectively
    https://pentestmag.com/ics-iiot-market-segmentation-needed-so-we-can-communicate-effectively/

    There have been many events and data points that show even people knowledgeable in ICS and security are having difficulty communicating together because we have different views and experiences on what an ICS is. The latest example is Kaspersky’s Threat Landscape for Industrial Automation Systems H1 2018 report. The report stated that “42% of all machines had regular or full-time internet connections”, and base on the other statistics a large percentage of that 42% were sending and receiving email. In case you think Kaspersky isn’t looking at ICS, they characterized the 320 computers in the survey as SCADA servers, historians, OPC gateways, engineering workstations (EWS) and operator stations/HMI.

    My initial reaction was, that’s crazy. We see almost no direct Internet access from ICS computers and certainly these computers are not receiving email.

    This demonstrates the challenge we have in communicating effectively about ICS when we use these broad terms without some sort of taxonomy. There are even more important areas where this large ICS category inhibits effective communication and action including appropriate architecture, security controls, regulation, and risk. And the confusion is getting worse.

    The answer: a taxonomy of ICS/IIoT is needed.

    The taxonomy doesn’t need to be perfect or overly detailed; it’s purpose is to assist in effective communication. Here are some possible categories:

    Value – what would be the consequence if integrity or availability of the ICS/IIoT is compromised?
    Architecture – classic Purdue model, IoT, classic + cloud, ???2
    Maturity of ICSsec program – huge difference in what should be done based on maturity. This is one of the biggest issues today with asset owners just starting their ICSsec efforts spending time and money on actions with minimal risk reduction.
    Sector / System Type – This is the most obvious category. There are some sectors and systems that are homogenous while others, such as the chemical manufacturing, that have significant variance between small and large manufacturers. My thought is you could have three to five numbered sectors, and then place industries in one of those as appropriate. We could then discuss, for example, Sector 2 systems should deploy these security controls or have these threats.
    Your category here … this is far from a complete list of possibilities.

    The bundling of more and more sectors and systems into ICS/IIoT term is helpful only in that it is increasing awareness and hopefully corresponding action. It is leading to unhelpful and confusing discussions even amongst those active in ICS. Executives and those peripherally involved in ICS will almost certainly be misled by “ICS” information that is unrelated to their ICS. We need an ICS/IIoT taxonomy.

    Reply
  2. Tomi Engdahl says:

    https://www.uusiteknologia.fi/2019/05/28/cpx2019-nanoagentit-tuovat-tietoturvaa-iot-laitteisiin/

    Tietoturvan merkitys esineiden internetissä oli hyvin esillä tänään Helsingissä järjestetyssä tietoturvatalo Check Pointin CPX Finland-tapahtumassa. Paikalla oli noin 250 alan ammattilaista ja uusimpana aiheena IoT-laitteiden tietoturvan parantaminen nanoagenteilla.

    Check Pointin tutkimuksen ja tuotekehityksen Oded Gonda totesi tapahtumassa, että modernin tietoturvan pitää toimia millisekunneissa ja olla käytettävissä paikasta riippumatta silloinkin, kun laitteet puhuvat suoraan toisilleen.

    Check Pointilla on jo Infinity -arkkitehtuuri, joka tuottaa tietoturvan niin pilveen, mobiililaitteille, IoT-laitteille kuin yritysverkkoihin ja päätelaitteisiinkin. Kehitystyö kuitenkin jatkuu. Yritys aikoo julkistaa pian neljän megatavun kokoisen nanoagentin, joka voidaan upottaa periaatteessa mihin tahansa IoT-laitteeseen.

    Nanoagentti kontrolloi Gondan mukaan kaikkea laitteeseen tulevaa ja siltä lähtevää liikennettä. Se pitää yhteyttä tekoälypohjaiseen, globaaliin tietoturvajärjestelmään, joka ohjaa tietoturvaa ja tekee ratkaisut reaaliajassa. Nanoagentin ohjelmisto perustuu avoimeen lähdekoodiin.

    ”Kun meillä tällä hetkellä on keskimäärin viisi verkkoon kytkettyä laitetta kullakin, muutaman vuoden kuluttua, 5G-ympäristössä, hallitsemme ehkä 50 laitetta. Kun valaisimiakin ohjataan sovelluksella verkon kautta, palvelu on järkevää siirtää pilveen”, Check Pointin Sandkuijl totesi.

    Reply
  3. Tomi Engdahl says:

    http://www.etn.fi/index.php/13-news/9529-nanoagentti-suojaa-iot-laitteet

    Nyt on pinnalla erityisesti pilven tietoturva. Aivan uutta on verkkoon kytkettyjen IoT-laitteiden tietoturvan parantaminen nanoagenteilla.

    - Tietojemme mukaan viime vuonna lähes joka viidennessä yrityksessä koettiin jokin pilvipalveluihin liittyvä tietoturvan loukkaus. Yleisimpiä olivat tietovuodot, käyttäjätilien kaappaukset ja haittaohjelmatartunnat. Kun SaaS-sovellusten ja esimerkiksi pilvipohjaisen sähköpostin käyttö yleistyy, käyttäjätilien hakkerointi ja kalasteluyritykset yleistyvät entisestään, Lindqvist sanoi.

    Check Pointilla on jo valmiina ratkaisu, Check Point Infinity -arkkitehtuuri, joka tuottaa tietoturvan niin pilveen, mobiililaitteille, IoT-laitteille kuin yritysverkkoihin ja päätelaitteisiinkin.

    Reply
  4. Tomi Engdahl says:

    How Nest, designed to keep intruders out of people’s homes, effectively allowed hackers to get in
    https://www.washingtonpost.com/technology/2019/04/23/how-nest-designed-keep-intruders-out-peoples-homes-effectively-allowed-hackers-get/

    As hacks such as the one the Thomases suffered become public, tech companies are deciding between user convenience and potential damage to their brands. Nest could make it more difficult for hackers to break into Nest cameras, for instance, by making the log-in process more cumbersome. But doing so would introduce what Silicon Valley calls “friction” — anything that can slow down or stand in the way of someone using a product.

    At the same time, tech companies pay a reputational price for each high-profile incident.

    Reply
  5. Tomi Engdahl says:

    It has in a recent article been described how intruders accessed Google Nest users’ cameras, which was possible due to weak or earlier compromised passwords

    Google argues that the vulnerable, simple password model is chosen as a tradeoff between convenience and security.

    Nabto believes otherwise: We eliminate the password and instead use o a paired public key approach (similar to SSH’s authorized_keys access control). For end-users, this means no hassle in configuring and managing passwords. For hackers, this means you have to somehow obtain the user’s private key to access the device, a vastly more complicated task than downloading a list of stolen passwords or brute-forcing a poor login mechanism.

    So all in all, it indeed IS possible with high security and a great user experience if you think a bit outside the password-entry box. Read more here:

    PLATFORMS, SECURITY
    Pairing and Access Control: Part 1 – Intro and Device
    https://www.nabto.com/pairing-and-access-control-part-1-intro-and-device/

    paired public key authentication (PPKA)

    PPKA is the recommended approach to access control as outlined in section 8.2 of TEN036 Security in Nabto Solutions.

    To recap, PPKA gives several benefits:

    simple solution with no dependency on a central user management solution or CA service
    strong security
    intuitive user experience with no need to sign up for a central service or issue certificates from a CA

    Reply
  6. Tomi Engdahl says:

    The Nabto PPKA pairing flow is as follows:

    user creates an RSA keypair on a client device and associates it with a name, e.g. “Joe’s iPhone 8”
    in a trusted setting (similar to WPS for wifi configuration), the target IoT device is put into “open for local pairing” mode, e.g. at the first boot
    the user connects to the device on the local network while the device is in pairing mode
    the user’s public key is registered as the owner on the device through the device’s access control list
    The user is now paired with the device. He can open for pairing again later on to add other users as guests. Or “manually” add other users’ public keys to the device’s access control list.

    After pairing, the user can access the device from remote. When connecting from remote, the Nabto servers (denoted the basestation services) first perform a normal challenge response handshake with the client (as regular TLS) and hence validates that the client possesses the private key that matches the public key (the authentication step). The fingerprint of this public key is then passed on to the device which finally looks it up in its access control list (the authorization step): Does this client have access and what are the permissions?

    Source: https://www.nabto.com/pairing-and-access-control-part-1-intro-and-device/

    Reply
  7. Tomi Engdahl says:

    etn.fi/index.php/embedded-conference-finland/72-ecf/9518-ecf19-iot-tietoturva-tulee-vihdoin-pakolliseksi

    Reply
  8. Tomi Engdahl says:

    Industry is Not Prepared for the IIoT Attacks that Have Already Begun
    https://www.securityweek.com/industry-not-prepared-iiot-attacks-have-already-begun

    Industrial Internet of Things (IIoT) is an essential part of business transformation and the Industry 4.0 revolution. Its use is burgeoning, with more than 7 billion devices in use worldwide. This is expected to grow to more 20 billion by 2025 — and does not include phones, tablets or laptops. It is a journey just beginning, and nobody yet knows the destination or route.

    Cybersecurity complications are expected, but the most common perception is that so far this has been limited to the rise of massive DDoS botnets able to deliver huge attacks — like Mirai — from thousands of compromised IoT devices. A new survey now shows that direct cyber-attacks against IIoT have already started, and that DDoS is not a primary concern to security teams.

    While attacks against IIoT have already started, organizations have little confidence in the immediate future. Globally, 83% of organizations are concerned about their IoT systems suffering a future cyber-attack (with 32% being ‘very’ concerned). Concern is highest in the UK (91%), with the U.S. at 87%. Japan and China show the least concern at 76% and 77% respectively.

    Reply
  9. Tomi Engdahl says:

    IoT Security- it’s complicated
    https://pentestmag.com/iot-security-its-complicated/

    IoT security is an extremely hot topic right now.

    It seemed this market became crowded very fast with many startups, each working hard to find the best way to differentiate itself. And many customers just confused.

    Internet of Things (IoT) security is the latest addition to the cybersecurity world. As more and more devices are being connected to the internet, and especially after large-scale attacks have occurred, it is clear that security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry.

    Reply
  10. Tomi Engdahl says:

    OWASP TOP10 Internet of Things 2018 – Miten teet IoT-järjestelmästä kyberturvallisen – Voita ainakin nämä 10 tyypillistä haavoittuvuutta
    https://cyberinsights.elfgroup.fi/iot-jarjestelmien-kyberturvallisuus-opas

    Reply
  11. Tomi Engdahl says:

    An 14-year-old’s Internet-of-Things worm is bricking shitty devices by the thousands
    https://boingboing.net/2019/06/25/teenaged-kicks.html

    A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices’ firewall rules and removes its network config and triggers a restart — this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device’s firmware.

    Reply
  12. Tomi Engdahl says:

    University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices
    https://www.csoonline.com/article/3168763/university-attacked-by-its-own-vending-machines-smart-light-bulbs-and-5-000-iot-devices.html

    A university, attacked by its own malware-laced soda machines and other botnet-controlled IoT devices, was

    Reply
  13. Tomi Engdahl says:

    Amazon confirms Alexa customer voice recordings are kept forever
    That is unless you know how to delete them manually.
    https://www.zdnet.com/article/amazon-confirms-alexa-customer-voice-recordings-are-kept-forever/

    Reply
  14. Tomi Engdahl says:

    Japan to Hack 200 Million IoT Devices
    https://www.eetimes.com/author.asp?section_id=36&doc_id=1334266

    The government’s plan to hack IoT devices already installed in Japan is likely to expose the uncomfortable truth known to many experts but unknown to most consumers: Many IoT devices in use are vulnerable to cyberattacks.

    Insecurity in IoT is triggered by many factors — including consumer indifference and inaction. Too often, consumers don’t bother to change the initial settings in an IoT device after purchase and installation. Second, peer-to-peer communication among IoT devices, by nature, remain unchecked and unsupervised. Third, service providers aren’t doing automated updates of firmware frequently enough.

    While security experts hail the Japanese government plan as a necessary step, many Japanese media reports have balked, criticizing the heavy hand of the government.

    Reply
  15. Tomi Engdahl says:

    Securing IoT device data against physical access
    A technical overview of how Ubuntu Core with full disk encryption and secure boot can be implemented to harden IoT devices
    https://ubuntu.com/engage/iot-disk-encryption?utm_source=Facebook_ad&utm_medium=social&utm_campaign=CY19_IOT_UbuntuCore_Whitepaper_SecureBoot_FDE

    Reply
  16. Tomi Engdahl says:

    Security flaws in a popular smart home hub let hackers unlock front doors
    https://techcrunch.com/2019/07/02/smart-home-hub-flaws-unlock-doors/

    Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock.

    Reply
  17. Tomi Engdahl says:

    New Silex malware is bricking IoT devices, has scary plans
    Over 2,000 devices have been bricked in the span of a few hours. Attacks still ongoing.
    https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/

    Reply
  18. Tomi Engdahl says:

    Home> Systems-design Design Center > How To Article
    Designing hardware for data privacy
    https://www.edn.com/design/systems-design/4462039/Designing-hardware-for-data-privacy

    As Internet-connected devices become more prevalent, they are fueling an increasing risk to privacy. Fortunately, there are now many off-the-shelf chips and services available to help designs resist intrusion and prevent unauthorized access to private data. The key lies in identifying the specific threats that need mitigation.

    Broadly stated, privacy entails keeping designated information inaccessible without authorization from the information’s owner. Privacy involves security; information cannot be kept private without also keeping it secure. But they are not the same thing.

    Reply
  19. Tomi Engdahl says:

    ‘World’s first Bluetooth hair straighteners’ can be easily hacked
    https://techcrunch.com/2019/07/11/bluetooth-hair-straighteners-hacked/

    Here’s a thing that should have never been a thing: Bluetooth-connected hair straighteners.

    Glamoriser, a U.K. firm that bills itself as the maker of the “world’s first Bluetooth hair straighteners“, allows users to link the device to an app, which lets the owner set certain heat and style settings. The app can also be used to remotely switch off the straighteners within Bluetooth range.

    Big problem, though. These straighteners can be hacked.

    Reply
  20. Tomi Engdahl says:

    Leivänpaahtimet osallistuvat kyberhyökkäyksiin Suomessakin – Mitä kuluttajan pitää tietää älylaitteensa tietoturvasta?
    Tällä hetkellä kuluttajan on käytännössä vaikea tietää laitteensa tietoturvan tasoa. Selkeää kriteeristöä ei ole.
    https://yle.fi/uutiset/3-10880289

    Reply
  21. Tomi Engdahl says:

    Hacked Bluetooth hair straighteners are too hot to handle
    http://nakedsecurity.sophos.com/2019/07/18/hacked-bluetooth-hair-straighteners-are-too-hot-to-handle/

    What do cigarettes, candles, and faulty electrical appliances have in common with one another?

    The answer is they are among the top causes of house fires in countries such as the US and UK.

    hair straighteners.

    They get hot (235 degrees Celsius, or 455 degrees Fahrenheit) and are easy to leave turned on inadvertently, which together explains why Hampshire Fire and Rescue estimates that up to 2016 they have been responsible for as many as 650,000 house fires in the UK alone.

    Correct: Pen Test Partners researcher Stuart Kennedy found enough weaknesses to remotely override the product’s chosen temperature setting as someone is using it. Writes Kennedy:

    For instance, if somebody was using the straighteners at 120°C and had a sleep time of say 5 mins after use, you could change that to 235°C and 20 mins sleep time.

    What went wrong when the Glamoriser had the smart stuff added?

    just fire up the app on their own phone and do the whole thing from there as long as the owner wasn’t connected or is out of range.

    It’s not dissimilar to the case of hot tub hacking, another IoT calamity

    Reply
  22. Tomi Engdahl says:

    Cyber Warning For OS Inside 2 Billion Industrial, Medical And Enterprise IoT Devices
    https://www.forbes.com/sites/zakdoffman/2019/07/29/warning-as-2-billion-medical-industrial-and-enterprise-iot-devices-at-risk-of-attack/

    A team of security researchers at California-based Armis has disclosed the discovery of 11 zero-day vulnerabilities in one of the world’s most widely used IoT operating systems. VxWorks is so common, in fact, that it powers more than 2 billion devices around the world, including medical equipment, firewalls, elevators and industrial machinery. Armis describes VxWorks as “the most widely used operating system you have likely never heard about.”

    Armis has estimated that the vulnerabilities expose around 200 million of the devices carrying the VxWorks OS to the potential risk of attack.

    A spokesperson for Wind River, the company behind VxWorks, disputed this and told me the number is not that high:

    Reply
  23. Tomi Engdahl says:

    Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices
    Security updates are out, but patching will most likely take months, if not years.
    https://www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d3f2673ba8d0400013cb8f5&utm_medium=trueAnthem&utm_source=facebook

    11 Zero Day Vulnerabilities Impacting VxWorks, the Most Widely Used Real-Time Operating System (RTOS)
    https://armis.com/urgent11/

    Reply
  24. Tomi Engdahl says:

    Researchers Show How Easy It Is to Hijack an IoT Surveillance Feed
    https://www.securitysales.com/emerging-tech/cybersecurity-tech/researchers-hijack-iot-surveillance-feed/

    Researchers replaced an IP camera’s real-time footage with pre-recorded video, highlighting the dangers of weak encryption.

    Reply
  25. Tomi Engdahl says:

    lens is a framework that allows you to tap live cabling for inspection and injection.

    https://github.com/ervanalb/lens

    Reply
  26. Tomi Engdahl says:

    Hackers can turn headphones into ‘acoustic weapons,’ cybersecurity expert warns
    https://nypost.com/2019/08/13/hackers-can-turn-headphones-into-acoustic-weapons-cyber-security-expert-warns/

    Speakers on your phone, computer and other internet-connected devices could be hacked and used to wreak havoc on your eardrums, warns a new investigation.

    A cybersecurity expert claims to have conducted a malware test that found everyday items like headphones could be turned into “acoustic weapons.”

    Blasting music at really high volumes is dangerous because it can cause conditions like tinnitus, psychological issues of even deafness.

    He also observed that the components in the smart speaker started to melt four or five minutes into his malware attacks and were permanently damaged.

    emit frequencies could be used to track someone’s movements

    Reply
  27. Tomi Engdahl says:

    Well of course! SSDP can too. Any discovery protocol can be.

    So now we have a nice selection of DDoS discovery protocols.

    Protocol used by 630,000 devices can be abused for devastating DDoS attacks
    https://www.zdnet.com/article/protocol-used-by-630000-devices-can-be-abused-for-devastating-ddos-attacks/#ftag=CAD-03-10abf5f

    Security researchers warn that the WS-Discovery protocol is currently being abused for massive DDoS attacks.

    Security researchers are sounding the alarm about the Web Services Dynamic Discovery (WS-DD, WSD, or WS-Discovery) protocol, which they say can be abused to launch pretty massive DDoS attacks.

    WS-Discovery is a multicast protocol that can be used on local networks to “discover” other nearby devices that communicate via a particular protocol or interface.

    it’s been adopted by ONVIF

    it’s an UDP-based protocol

    the WS-Discovery response is many times larger than the initial input.

    In the case of WS-Discovery, the protocol has been observed in real-world DDoS attacks with amplification factors of up to 300, and even 500. This is a gigantic amplification factor

    a proof-of-concept script for launching WS-Discovery DDoS attacks published on GitHub in late 2018

    Reply
  28. Tomi Engdahl says:

    Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
    https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/final

    Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing…

    Reply
  29. Tomi Engdahl says:

    A new IOT botnet is infecting Android-based set-top boxes
    https://www.zdnet.com/article/a-new-iot-botnet-is-infecting-android-based-set-top-boxes/

    New Ares IoT malware/botnet has been seen on HiSilicon, Cubetek, and QezyMedia set-top boxes, per new report.

    Reply
  30. Tomi Engdahl says:

    3 Wi-Fi attacks against the popular ESP32/8266 IoT devices:

    Zero PMK Installation (CVE-2019-12587) – Hijacking ESP32/ESP8266 clients connected to enterprise networks;

    ESP32/ESP8266 EAP client crash (CVE-2019-12586) – Crashing ESP devices connected to enterprise networks;

    ESP8266 Beacon Frame Crash (CVE-2019-12588) – Crashing ESP8266 Wi-Fi devices.

    These vulnerabilities were found in SDKs of ESP32 and ESP8266. Their version were ESP-IDF v4.0-dev-459-g7a31cb7 and NONOS-SDK v3.0-103-g7a31cb7 respectivelly at the time of the vulnerabilities discovery.

    While a custom version of hostapd is provided to test the first 2 vulnerabilities, for the last one, an ESP8266 is used to inject fake 802.11 beacon frames in order to crash others of its own..

    PoC Building and running instructions:

    https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

    Reply
  31. Tomi Engdahl says:

    Guy returns his “smart” light bulbs, discovers he can still control them after someone else buys them
    https://boingboing.net/2019/09/03/dutch-treat-2.html

    You know what’s great about putting wifi-enabled, Turing-complete computers into things like lightbulbs? Not. A. Single. Fucking. Thing.

    In the latest installment in the Internet of Shit edition of the unanticipated (but totally predictable) consequences, Americablog editor John Aravosis discovered that the Philips Hue lightbulbs he returned to Amazon were now on in someone else’s house — but still under his control.

    He writes, “Because I’m a nice guy, I deleted my account, which I’m hoping didn’t just delete her account.”

    Reply
  32. Tomi Engdahl says:

    ESP8266 AND ESP32 WIFI HACKED!
    https://hackaday.com/2019/09/05/esp8266-and-esp32-wifi-hacked/

    [Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quickly.

    https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

    Reply
  33. Tomi Engdahl says:

    600,000 GPS trackers for people and pets are using 123456 as a password
    A lack of encryption and easily enumerated IDs open users to a host of creepy attacks.
    https://arstechnica.com/information-technology/2019/09/600000-gps-trackers-for-people-and-pets-are-using-123456-as-a-password/

    Vulnerabilities in the T8 Mini GPS Tracker Locator and almost 30 similar model brands from the same manufacturer, Shenzhen i365 Tech, make users vulnerable to eavesdropping, spying, and spoofing attacks that falsify users’ true location.

    Researchers at Avast Threat Labs found that ID numbers assigned to each device were based on its International Mobile Equipment Identity, or IMEI. Even worse, during manufacturing, devices were assigned precisely the same default password of 123456. The design allowed the researchers to find more than 600,000 devices actively being used in the wild with that password.

    Reply
  34. Tomi Engdahl says:

    Drones are among the easiest consumer devices to attack, say security researchers who hacked their way into a variety of gadgets.

    IoT Security Risks: Drones, Vibrators, and Kids’ Toys Are Still Vulnerable to Hacking
    https://spectrum.ieee.org/tech-talk/telecom/internet/iot-security-risks-drones-vibrators-iot-devices-kids-toys-vulnerable-to-hacking

    A simple project to study compromised security cameras drew a trio of researchers deep into an investigation of the security risks of today’s connected devices. After they figured out how to bypass the camera’s authentication system and access its feed, they wondered what other devices in the growing Internet of Things (IoT) might also be vulnerable to hacking. Their list—which includes drones, children’s toys, and vibrators—raises serious concerns about the security of IoT devices.

    To assess the toy’s vulnerabilities to hacking, the researchers bought a Dino and began analyzing the encrypted Real-Time Transport Protocol (RTP) traffic, which transmits audio between the Dino device and cloud.

    they bought a second Dino, which exhibited the same patterns.

    “Since the traffic was encrypted, that could only mean one thing—the Dino devices were using a weak mode of encryption and the same set of hard-coded keys to encrypt/decrypt traffic,” explains Cardenas. “Since the Dinos used the same keys, we could use one of the Dinos to decrypt the network traffic the other was sending, without us even knowing the keys being used, only their identifiers.”

    hacker can impose his or her own voice recording into an interaction between a child and the toy, all the while sounding like Dino

    In another series of experiments, the researchers explored ways to hack vibrators.

    the researchers found unencrypted information that allows a hacker to gain the username and password of a trusted partner

    A hacker within Wi-Fi range can simply connect to the drone’s Wi-Fi access point (which do not required passwords), establish a connection, and then access files transferred to and from the drone. With this access, an attacker can also take control of the drone, either to crash it, cause damage to infrastructure, injure bystanders, or spy through the drone’s camera.

    The researchers alerted the manufacturers of all devices

    Based on these results, Cardenas emphasizes the need for consumers to be aware of IoT vulnerabilities. “We believe (the vulnerabilities in this study) are the tip of the iceberg.

    “Because the impact of these attacks won’t affect the developers of IoT, a pure market-driven solution for fixing the security problem will likely fail,”

    Reply
  35. Tomi Engdahl says:

    Must watch: GE’s smart light bulb reset process is a masterpiece… of modern techno-insanity
    Read this for 2 seconds. Pause 8 seconds. Read for 2 seconds. Pause 8 seconds…
    https://www.theregister.co.uk/2019/06/20/ge_lightblulb_reset/

    Reply
  36. Tomi Engdahl says:

    Guy returns his “smart” light bulbs, discovers he can still control them after someone else buys them
    https://boingboing.net/2019/09/03/dutch-treat-2.html

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*