https://blog.paessler.com/investments-in-iot-security-are-set-to-increase-rapidly-in-2018
The two biggest challenges in 2018 will continue to be protecting against unauthorized access, and patching/updating the software of the device. Companies must not neglect the security problems of IoT and IIoT devices. Cyberattacks on the Internet of Things (IoT) are already a reality.
According to Gartner‘s market researchers, global spending on IoT security will increase to $1.5 billion this year.
1,741 Comments
Tomi Engdahl says:
How to Find Vulnerabilities in Code: Bad Words
https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
This is the first of several posts about how to find vulnerabilities in code. At a high level, the process looks like this
find dangerous functionality
find a path from input you control to that dangerous functionality
craft input to the program that makes it misbehave
We’ll start with the first part: how to find dangerous functionality. In my experience, 80% of the bugs are in about 20% of the code. If anything, it’s more like 90 / 10. Since you usually need to understand the code thoroughly to find novel vulnerabilities, deciding which 20% to focus on is critical. One way I do this is by focusing on clusters of “bad words”.
I’ll show you what I mean with a quick story
Tomi Engdahl says:
https://hackaday.com/2020/10/01/even-more-firmware-in-your-firmware/
Tomi Engdahl says:
Hackers Can Open Doors by Exploiting Vulnerabilities in Hörmann Device
https://www.securityweek.com/hackers-can-open-doors-exploiting-vulnerabilities-h%C3%B6rmann-device
Hackers could remotely open garage doors and gates by exploiting vulnerabilities found in a gateway device made by Hörmann, researchers warned on Wednesday.
Hörmann is a Germany-based company that specializes in home and industrial doors. The company’s products are sold in more than 50 countries across North America, Europe and Asia, and according to Wikipedia, it’s the fourth largest door manufacturer in the world.
Customers who want to control garage doors, entrance gates and other smart systems from a smartphone are provided the BiSecur gateway device, a wireless access control system that includes a Hörmann key fob and comes with Wi-Fi and Ethernet interfaces.
Researchers at Austria-based cybersecurity company SEC Consult have discovered a total of 15 vulnerabilities in the gateway device, including issues related to encryption, poorly protected communications, and the associated mobile application.
The flaws can be exploited for both attacks that require access to the local network and attacks that can be launched remotely from the internet. Based on its research, SEC Consult has created an open source Python-based communication library for BiSecur devices.
Tomi Engdahl says:
As botmasters are recruiting new types of connected devices into their ever-growing networks, botnets are becoming more and more of a threat. How did this happen? Let’s take a look at how botnets are evolving and what to expect in the near term.
How botnets are evolving: from IoT botnets to Hivenets
https://cybernews.com/security/how-botnets-are-evolving-from-iot-botnets-to-hivenets/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=from_botnets_to_hivenets&fbclid=IwAR3gJEwrnHb5G_9vQgSAS-HIOBktbXFy7vFAnBi7Avw0YIxlcVokqfcIoz0
A botnet is a collection of infected internet-connected devices dubbed bots that are controlled by a threat actor and used to carry out a broad range of malicious activities.
Attackers recruit systems for their botnets by infecting them with malware. The initial attack chain includes exploiting vulnerabilities in the target systems or gaining access to systems protected by weak passwords.
Botnet operators implement command and control mechanisms to enable the bots to execute commands they receive and carry out malicious activities
Tomi Engdahl says:
That is a ballsy statement ma’am! What do you guys think?
Business Insider: Cloudflare COO says cybersecurity will be ‘a thing of the past’ – Business Insider.
Cybersecurity as we know it will be ‘a thing of the past in the next decade,’ says Cloudflare’s COO, as security moves towards a ‘water treatment’ model
https://www.businessinsider.com/cloudflare-coo-michelle-zatlyn-cybersecurity-enterprisee-tech-transformers-2020-10
Five executives spoke about rising challenges and trends in cybersecurity and AI at Business Insider’s inaugeral round table for the top execs transforming the enterprise tech industry.
Cloudflare COO and cofounder Michelle Zatlyn predicts that cybersecurity as we know it today will be “a thing of the past the next decade” and that instead it will work like a water filtration system.
Executives from Cloudflare, Okta, and Red Points said that cybersecurity threats have been on the rise during the coronavirus pandemic.
“I have a point of view that cybersecurity is going to be a thing of the past the next decade because I think technology is going to solve those problems,” Zatlyn said at the round table, during which the executives discussed rising challenges in cybersecurity and where the industry is headed. “We’re not there today. Today, it’s a real serious threat for businesses.”
It’s not that technology in the future will be threat-proof: Instead, cybersecurity systems will weed out bad actors earlier in their attacks, Zatlyn says.
“You’re going to get to a point where it’s almost like the water treatment filtration systems: If you’re connected to the Internet, you’re going to connect through a cybersecurity network like Cloudflare or some others,” Zatlyn said. “And we’re going to cleanse it and make sure whatever’s passing through us is clean.”
The shift to remote work has sped up that transition, Zatlyn said, as it has underscored the value of cloud-based cybersecurity software instead of on-premise hardware that is meant to protect a single location of a corporate network.
“All sudden everyone’s at home, and so people are connecting and doing work online from new places,” Zatlyn said. “What you’re seeing along with that is a large increase in the number of cyberattacks, which is sad, but it’s true: They’re using the fact that employees are working at home, not on their corporate networks, as a weak link to go and attack.”
Other executives agreed: Security attacks have increased during the pandemic as hackers take advantage of remote work environments, says Okta chief product officer Diya Jolly, including a surge in impersonations, according to Red Points CEO Laura Urquizu.
“We’ve seen people attacking at the point where the vulnerability is the greatest, which means they’re doing phishing attacks where they’re trying to get people’s passwords and things like that,” Jolly said.
The silver lining is that cybersecurity technology has gotten better and cheaper than it used to be, she said: “Although attacks are up, traffic is up, and there are new attack types, the solutions are a lot better and a lot more affordable today if you’re a business having to defend yourself.”
Tomi Engdahl says:
Cybersecurity is Imperative for Connected Cars
With the explosion of electronics—from ECUs to interfaces—making their way into vehicles, how can manufacturers protect their designs against cyberattacks?
https://www.mwrf.com/technologies/systems/article/21143147/cybersecurity-is-imperative-for-connected-cars
Tomi Engdahl says:
How botnets are evolving: from IoT botnets to Hivenets
https://cybernews.com/security/how-botnets-are-evolving-from-iot-botnets-to-hivenets/
Tomi Engdahl says:
Arduino joins the Open Source Security Foundation
https://blog.arduino.cc/2020/10/30/arduino-joins-the-open-source-security-foundation/
Tomi Engdahl says:
https://cybernews.com/security/how-botnets-are-evolving-from-iot-botnets-to-hivenets/
Tomi Engdahl says:
https://www.eff.org/deeplinks/2020/11/police-will-pilot-program-live-stream-amazon-ring-cameras
Tomi Engdahl says:
New data shows just how badly home users overestimate IoT security
https://www.scmagazine.com/home/security-news/with-work-from-home-booming-new-data-shows-just-how-badly-home-users-overestimate-iot-security/
A new survey from the National Cyber Security Alliance (NCSA) shows adult workers vastly overestimate the security of the internet devices in their homes.
As COVID-19 forced companies to embrace remote working, home networks transformed into office networks. That’s proving a problem for CISOs.
“You can’t just assume that people know how to stay secure in this moment,” NCSA chief operating officer Sylvia Layton told SC Media.
The survey polled 1,000 adults – 500 aged 18-34 and 500 aged 50-75 – and found that the overwhelming majority of both believed the internet of things devices they owned were secure.
IoT devices, particularly those that are cheap, outdated and hard to upgrade, are widely considered to be an easy target for hackers. Yet 87 percent of the younger group and 77 percent of the older group said they were either “somewhat” or “very confident” in the security of their connected things.
“It’s surprising, but the older generation was more risk-averse,” said Layton.
Another finding from the same survey: 17 percent of the younger group and 37 percent of the older group said they did not regularly check or install updates (either claiming never, every 2-3 months, or “maybe if an auto-update happens.”) In many companies, especially in smaller companies, employees are using home computers rather than office issued computers – leaving updates completely in their own hands.
Tomi Engdahl says:
Lack of protection for smart devices and the rise of cybercriminals willing to take advantage, means we’re at risk of being hacked through more than our phones and computers. According to new research, IoT devices make up a whopping THIRD of all the infected devices.
https://cybernews.com/security/your-iot-device-is-one-of-your-biggest-cybersecurity-risks/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=iot_risks&fbclid=IwAR2G0cLwlkXAGrVwKioRJrnpr7z4LyLxnUq6kMWjEQd05pKFR6iLEp_dUu8
Tomi Engdahl says:
GE APPLIANCES RECOGNIZED AS FIRST HOUSEHOLD APPLIANCE BRAND TO ACHIEVE GOLD LEVEL IOT SECURITY RATING FROM UL
https://pressroom.geappliances.com/news/ge-appliances-recognized-as-first-household-appliance-brand-to-achieve-gold-level-iot-security-rating-from-ul
UL verification confirms that GE Appliances Powered by SmartHQ™ meet critical benchmarks for cybersecurity and consumer data protection
https://github.com/haier-iot/guide/security
https://en.wikipedia.org/wiki/Haier
Tomi Engdahl says:
Embedded Linux Conference North America 2020
Learn how to design and defend an embedded Linux device.
Introduction to Embedded Linux Security – part 1
https://embeddedbits.org/introduction-embedded-linux-security-part-1/
Tomi Engdahl says:
Your IoT device is one of your biggest cybersecurity risks
https://cybernews.com/security/your-iot-device-is-one-of-your-biggest-cybersecurity-risks/
The tech revolution means that we’re more connected to the internet in more ways than ever. It’s not just smart speakers that are trying to use data and cloud connections to servers to try and improve our lives; toasters, refrigerators and cookers are also now “smart”.
But with that increased interconnectedness, and the rise of the internet of things (IoT), come major risks. A lack of adequate protection for smart devices, and the rise of canny cyber criminals who are willing and able to take advantage, means we’re at risk of being hacked through more than our phones, laptops and desktops nowadays.
That figure is alarming enough before you consider that it was just 16% last year. The proportion of IoT devices that have been co-opted by criminals into being used as part of a botnet, or siphoning off a user’s personal data, has doubled in just 12 months.
A major risk for IoT devices
“The Nokia Threat Report is a welcome confirmation for security professionals that mobile platforms are not something that can be disregarded as a risk,” says Boris Cipot, senior security engineer at Synopsys. “If we think about it, today we have more processing power and memory in our smartphones than we did just a few years ago on our laptops and desktops.”
Tomi Engdahl says:
Gitpaste-12 Worm Targets Linux Servers, IoT Devices
https://threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.
Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things (IoT) devices (that are based on ARM and MIPS CPUs).
Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules available – leading researchers to call it “Gitpaste-12.” It was first detected by Juniper Threat Labs in attacks on Oct. 15, 2020.
Tomi Engdahl says:
“Technology is changing much faster than our ability to secure it,” Katie Moussouris, a hacker and a pioneer in vulnerability disclosure, told CyberNews.
Hacker Katie Moussouris: frankly, today’s toys are not very secure
https://cybernews.com/security/hacker-katie-moussouris-frankly-todays-toys-are-not-very-secure/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=katie_moussouris&fbclid=IwAR0wtxkYn–_2zfXnUV6gyrvWDhy4wuZyRrV_LeAHjx0KW_Qx4xd8L-Otvg
“The rule that we have with our customers is no bug bounty botox. We don’t want people doing bug bounty programs if they are not ready,” Katie Moussouris, American computer security researcher, entrepreneur, a pioneer in vulnerability disclosure, and the founder of Luta Security told CyberNews.
Katie is also fighting the misconception that ‘hacker’ means ‘criminal’.
“We, hackers, really love showing off our tricks to other people. So it’s hard to be a criminal if you actually want to tell other people how you did it,” she told CyberNews.
Tomi Engdahl says:
Alexa… stalk my wife! It’s the dark side of the smart-tech boom: how home gadgets – from doorbells to speakers – can be used by controlling and abusive partners… with terrifying results
https://www.dailymail.co.uk/femail/article-8968595/Its-dark-smart-tech-boom.html
Tomi Engdahl says:
Dries Depoorter’s installation displays real-time sunsets and sunrises via unsecured CCTV cameras
https://blog.arduino.cc/2020/08/19/24h-sunrise-sunset-displays-real-time-sunsets-and-sunrises-via-unsecured-cctv-cameras/
Tomi Engdahl says:
You Need to Opt Out of Amazon Sidewalk
https://gizmodo.com/you-need-to-opt-out-of-amazon-sidewalk-1845750268
Have you heard of Amazon Sidewalk? Probably not. But there is a good chance that you or someone you know has an Amazon Echo or Ring camera. And if you own one of those devices and live in the U.S. (or know someone who does), you need to tell them to opt-out of the service as soon as possible.
In a nutshell, it’s a sort of secondary, shared network for certain connected Amazon devices. The idea is it uses Echo and Ring devices as a bridge to extend connectivity over longer distances. So, say your internet goes down and thus renders your outdoor Ring security camera useless. Not an issue with Sidewalk—you can just tap into a neighbor’s Echo or Ring device. Because, oh yeah, Sidewalk pilfers a small portion of your bandwidth that then gets lumped together with other Echo and Ring devices in your vicinity to create this separate network.
While Amazon was quick to give the general gist of what Sidewalk does, it didn’t spell out what security and privacy precautions Amazon was taking to make sure this secondary network wouldn’t be easily exploited. Instead, it was framed as me, an Echo owner, donating a “small portion” of my internet bandwidth to provide a service to my neighbors. Oh, and in a throwaway sentence near the end, the email said that Amazon Sidewalk would be enabled by default on all supported Echo and Ring devices linked to my account.
On Amazon’s Sidewalk FAQ, there’s a bit more detail, including a comprehensive list of devices that can act as Sidewalk Bridges (but not devices that are Sidewalk-enabled). The FAQ also provides a link to a more detailed whitepaper on the privacy and security used by Sidewalk
Tomi Engdahl says:
IoT Unravelled Part 3: Security
https://www.troyhunt.com/iot-unravelled-part-3-security/
In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. In part 2, I covered IP addresses and the importance of a decent network to run all this stuff on, followed by Zigbee and the role of low power, low bandwidth devices. I also looked at custom firmware and soldering and why, to my mind, that was a path I didn’t need to go down at this time.
Now for the big challenge – security. As with the rest of the IoT landscape, there’s a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly. But there are also some quick wins, especially in the realm of “using your common sense”. Let’s dive into it.
The “s” in IoT is for Security
Ok, so the joke is a stupid oldie, but a hard truth lies within it: there have been some shocking instances of security lapses in IoT devices. I’ve been directly involved in the discovery or disclosure of a heap of these and indeed, security is normally the thing I most commonly write about. Let me break this down into logical parts and use real world examples of where things have gone wrong and I’d like to cover it in two different ways:
Risks that impact IoT devices themselves
Risks that impact data collected by IoT devices
Tomi Engdahl says:
https://www.edn.com/rtc-design-part-1-real-time-clocks-still-matter-in-automation-iot-applications/
Tomi Engdahl says:
Open-source AI enhances IoT device security
https://www.edn.com/open-source-ai-enhances-iot-device-security/
One major challenge to cyber-security in Internet of Things (IoT) devices is the constantly evolving nature of threats. New vulnerabilities are continually being found and exploited and new methods of attack are evolving, turning IoT security into an ongoing battle for developers. Now, however, an emerging approach to IoT security using artificial intelligence (AI) promises to provide protection against both known and new, unknown threats.
Tomi Engdahl says:
Streetlight Spy Cameras Have Led to a Massive Privacy Backlash in San Diego
The city council unanimously voted to pass one of the strongest privacy regulations in the country after a campaign against ‘smart streetlights’
https://www.vice.com/en/article/z3vn83/streetlight-spy-cameras-have-led-to-a-massive-privacy-backlash-in-san-diego
Tomi Engdahl says:
Spying Robot Vacuums Really Suck
LidarPhone exploits the LiDAR sensor in robotic vacuums to eavesdrop on your private conversations.
https://www.hackster.io/news/spying-robot-vacuums-really-suck-525120df5929
Tomi Engdahl says:
Open-source AI enhances IoT device security
https://www.edn.com/open-source-ai-enhances-iot-device-security/
One major challenge to cyber-security in Internet of Things (IoT) devices is the constantly evolving nature of threats. New vulnerabilities are continually being found and exploited and new methods of attack are evolving, turning IoT security into an ongoing battle for developers. Now, however, an emerging approach to IoT security using artificial intelligence (AI) promises to provide protection against both known and new, unknown threats.
The traditional approach to cyber security is to implement protections against known threats by monitoring system activity to identify attacks as they happen. As attacks evolve, the protective software must be continually updated in order to maintain protection. For IoT devices, however, this approach has several drawbacks. One is that providing regular updates to installed devices is both costly and burdensome for the device vendor. Further, it requires that devices be designed to receive and process updates, which in itself introduces vulnerabilities that can be exploited.
A second drawback is that updates typically can take place only after a new threat has emerged and been analyzed. This means that the IoT device remains vulnerable for what may be a significant period of time. This time of vulnerability can pose significant risk for both the vendor and user.
Software company Exein has developed an approach to providing IoT security that promises to provide protections against cyber attack that can handle both known and unknown threats. This approach does not require external updates to threat lists or any other outside information. It is entirely built into the device’s own firmware. In addition, the software framework is maintained as an open-source repository, giving developers easy access to the core and helping ensure continual improvement through the community development process.
The core of Exein’s approach is AI based on convolutional neural network technology. A machine learning engine (MLE) running on the device in the user space continually monitors software processes to look for anomalous behavior.
https://github.com/Exein-io/exein
Tomi Engdahl says:
‘Smart’ doorbells for sale on Amazon, eBay came stocked with security vulnerabilities
https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/
The NCC Group-Which? team said they tried to contact the various vendors of the vulnerable smart doorbells, with mixed success. The unnamed vendor of one device, for example, removed an online listing for the product after the researchers shared their findings.
NCC Group research director Matt Lewis said his team’s findings point to “a wider culture that favors shortcuts over security in the manufacturing process.” Other research has found home-networking devices ranging from routers to webcams to be riddled with vulnerabilities.
In this case, researchers bought another device from Amazon and eBay that was vulnerable to KRACK, a three-year-old bug that attackers could use to eavesdrop on wireless networks
Smart doorbells, which allow a home owner to talk to someone at their front door, have drawn greater scrutiny from researchers as they have grown in popularity.
Tomi Engdahl says:
If you go the route of having IOT, don’t do it without dumping some money into your infrastructure. At the very least VLAN them out and keep them from talking to everything else on your network. If you want to go down a further rabbit hole, find out where all your devices need to communicate to across the internet to work and block connections to literally everything else. A little googling can go a long way.
Tomi Engdahl says:
Bruh, if they fixed it what reason would you have to buy the new one, later this yr?
Critical Flaws in Millions of IoT Devices May Never Get Fixed
Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.
https://www.wired.com/story/amnesia33-iot-vulnerabilitiesmay-never-get-fixed/
Tomi Engdahl says:
https://www.cleveland19.com/2020/12/11/cybersecurity-experts-warn-millions-smart-devices-are-vulnerable-hacking/
Tomi Engdahl says:
Smart ovens have been turning on overnight and preheating to 400 degrees
June Oven owners are reporting preheating incidents
https://www.theverge.com/2019/8/14/20802774/june-smart-oven-remote-preheat-update-user-error
At least three smart June Ovens have turned on in the middle of the night and heated up to 400 degrees Fahrenheit or higher. The ovens’ owners aren’t sure why this happened, and June tells The Verge that user error is at fault. The company is planning an update that’ll hopefully remedy the situation and prevent it from happening again, but that change isn’t coming until next month.
Since its launch, competitors have sprung up, including Tovala and Brava, all with the promise to make cooking easier. People can monitor their food through an app, ensure it’s prepared perfectly, and, in some cases, subscribe to a food delivery plan that complements the oven. However, with that connected promise comes a risk: the oven is always available through the tap of an app, which can be both good and bad. Sure, someone can turn their oven off from work if they realize they left it on, but on the flip side, they can also accidentally turn their oven on in the middle of the night.
The potatoes, which were still in the oven, burned to a crisp. “Had I not left the potatoes overnight, I may have not realized it had turned on in the night,” he wrote.
The New York City Fire Department says “unattended cooking” accounts for 33 percent of home fires, and that fires typically start when a stove or oven is near items that can catch fire, like paper towels, or when food or grease is left in the oven. None of the June Oven owners reported fires.
Tomi Engdahl says:
Critical Flaws in Millions of IoT Devices May Never Get Fixed
Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.
https://www.wired.com/story/amnesia33-iot-vulnerabilitiesmay-never-get-fixed/
Tomi Engdahl says:
Hacker opens 2,732 PickPoint package lockers across Moscow
PickPoint says this is the world’s first targeted cyberattack against a post-gateway network.
https://www.zdnet.com/article/hacker-opens-2732-pickpoint-package-lockers-across-moscow/
Tomi Engdahl says:
Research: Millions of smart devices vulnerable to hacking
https://apnews.com/article/hacking-software-17d67bd69718c2d0d5f6e2493285abc2
Tomi Engdahl says:
IoT devices have a lifespan of 5 to 7 years, which means design choices manufacturers make today will determine how much e-waste we have in the future.
The IoT’s E-Waste Problem Isn’t Inevitable
https://spectrum.ieee.org/consumer-electronics/gadgets/the-iots-ewaste-problem-isnt-inevitable
In my office closet, I have a box full of perfectly good smart-home gadgets that are broken only because the companies that built them stopped updating their software. I can’t bear to toss them in a landfill, but I don’t really know how to recycle them. I’m not alone: Electronic waste, or e-waste, has become much more common.
The adoption of Project Connected Home Over IP (CHIP) standards by Amazon, Apple, Google, and the Zigbee Alliance will make smart homes more accessible to more people. But the smart devices these people bring into their homes will also eventually end up on the junk heap.
Perhaps surprisingly, we still don’t have a clear answer as to what we should do when a product’s software doesn’t outlive its hardware, or when its electronics don’t outlast the housing.
Tomi Engdahl says:
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
https://threatpost.com/smart-doorbell-vulnerable-to-attack/162527/
Investigation reveals device sector is problem plagued when it comes to security bugs.
Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from hardcoded credentials, authentication issues and devices shipping with unpatched and longstanding critical bugs.
Tomi Engdahl says:
This Smart Toilet Will Know You by the Shape of Your Asshole
A team of researchers at Stanford University developed a prototype smart toilet with four cameras that can identify users based on their “analprint.”
https://www.vice.com/en/article/jge377/stanford-smart-toilet-uses-butthole-for-identification?utm_content=1608651233&utm_medium=social&utm_source=VICE_facebook
Tomi Engdahl says:
Fun
https://m.youtube.com/watch?v=DJklHwoYgBQ&t=229s&ab_channel=AdultSwim
Tomi Engdahl says:
Your new smart car is an IoT device that can be hacked
https://cybernews.com/security/your-new-smart-car-is-an-iot-device-that-can-be-hacked/
Tomi Engdahl says:
H.R.1668 – IoT Cybersecurity Improvement Act of 2020
https://www.congress.gov/bill/116th-congress/house-bill/1668/text
Tomi Engdahl says:
smea – Adventures In Smart Buttplug Penetration testing – DEF CON 27 Conference
https://www.youtube.com/watch?v=RnxcPeemHSc&feature=youtu.be
Julkaistu 15.11.2019
Analysts believe there are currently on the order of 10 billions Internet of Things (IoT) devices out in the wild. Sometimes, these devices find their way up people’s butts: as it turns out, cheap and low-power radio-connected chips aren’t just great for home automation – they’re also changing the way we interact with sex toys. In this talk, we’ll dive into the world of teledildonics and see how connected buttplugs’ security holds up against a vaguely motivated attacker, finding and exploiting vulnerabilities at every level of the stack, ultimately allowing us to compromise these toys and the devices they connect to.
Tomi Engdahl says:
Hacker used ransomware to lock victims in their IoT chastity belt
https://www.bleepingcomputer.com/news/security/hacker-used-ransomware-to-lock-victims-in-their-iot-chastity-belt/
Tomi Engdahl says:
#IoT development teams can pursue these essential activities to build #cybersecurity into their devices National Institute of Standards and Technology
6 essential activities to help developers build in IoT cybersecurity
https://www.edn.com/6-essential-activities-to-help-developers-build-in-iot-cybersecurity/?utm_content=buffer2838f&utm_medium=social&utm_source=edn_facebook&utm_campaign=buffer
Tomi Engdahl says:
Legal requirements for #IoT security are starting to emerge National Institute of Standards and Technology #legislation #cybersecurity
https://buff.ly/39O9Z5h
Tomi Engdahl says:
Singapore widens security labelling to include all consumer IoT
devices
https://ww.zdnet.com/article/singapore-widens-security-labelling-to-include-all-consumer-iot-devices/
Introduced last October as a voluntary programme, the Cybersecurity
Labelling Scheme rates devices according to their level of
cybersecurity features and will now be extended to include all
consumer smart devices such as smart lights and smart printers.
Tomi Engdahl says:
Calgary man issues warning after discovering ‘creepy’ security camera live feeds
https://globalnews.ca/news/7593916/calgary-warning-security-cameras-live-streaming/
WATCH: A Calgary man is reminding people who own security cameras to change their default password after stumbling upon a website featuring live private camera feeds from around the world. As Tracy Nagai reports, he fears some people may not know they’re being watched.
After searching the website, called Insecam, Douros said he realized something was wrong.
On the website, live feeds of people’s front steps, workspaces and private homes are open to the public.
“I don’t know if people are aware that their signal is being broadcast out for anyone to find it, if they know how to find it,” he said.
“A lot of those people don’t know they’re broadcasting their personal moments at home, like peoples’ living rooms or basements.”
On the website, it states that a private or unethical camera will be removed immediately upon an e-mail complaint. The other option is for people to reset the default password on their camera.
“These IP cameras stream over their WiFi so it’s connected to their internet and they must make sure their internet is also password protected,” Calgary police Staff Sgt. Mark England said.
Calgary cybersecurity expert Harry Diamantopoulos said the risk extends to any smart home technology and people need to look at their WiFi router first if they’re concerned about their security.
“The home router is the heart of the home network and that needs to be secured,” Diamantopoulos said. “The first thing that anybody should do is to change that password on that router.”
“People may not even be aware that there are security risks by not changing that password.”
Tomi Engdahl says:
Kotien IoT-laitteet tuovat uusia tietoturvahaasteita
https://www.uusiteknologia.fi/2021/01/26/kotien-iot-laitteet-tuovat-tietoturvahaasteita/
Uusimman IoT-teknologian laajamittainen käyttö kodeissa luo aivan uusia tietoturvahaasteita, joiden ratkaisemiseksi on hyödynnettävä DNA:n tietoturvapäällikkö Seppo Pekosen mukaan parhaita tarjolla olevia tietoturvaratkaisuja. Ne ovat muiden laitteiden tavoin haavoittuvia ja siten voivat pahimmassa tapauksessa vaarantaa kodin sisäverkon tietoturvallisuuden.
Tomi Engdahl says:
The history of the connected battlespace, part one: Command, control, and conquer
Since the end of World War II, the US and allies have tried to network-enable war.
https://arstechnica.com/information-technology/2021/01/connected-battlespace-1/
Tomi Engdahl says:
https://www.sadankomitea.fi/uutinen/5-vaarinkasitysta-autonomisista-asejarjestelmista/
Tomi Engdahl says:
Ars Technicast special edition, part 1: The Internet of Things goes to war
https://arstechnica.com/information-technology/2021/01/ars-technicast-special-edition-part-1-the-internet-of-things-goes-to-war/