With the New Year fast approaching, it’s (unofficially) ‘prediction season,’ when everyone worth their salt stares into the crystal ball and tries to imagine what the world will look like 12 months hence.
To sort through our 2014 predictions, we called on Mark Stanislav, the chief Security Evangelist at Duo Security.
Mark is a seasoned security researcher who has taken an interest in the security of the Internet of Things. Earlier this year, we wrote about research Mark did on the IZON Camera, an IP-enabled home surveillance camera that is sold by big-box retail stores like Best Buy, as well as by the Apple Store.
Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.
Beneath the IZON’s polished exterior, the IZON was a mess of sloppy coding and poor security implementation, Stanislav discovered. Like many IoT devices, IZON cameras punted security to those responsible for the wireless network that it was deployed on – essentially trusting any connection from within the same network. The devices also came supplied with an embedded web server for remote management and trivial default administrator credentials, making it easy for external hackers to locate and remotely connect to IZON devices.
In our conversation, Stanislav said that he believes more stories like that are on the horizon in 2014, as crowd-funded sites like Kickstarter bring a slew of sophisticated, but insecure IoT devices to market. The new devices will be manna from heaven for independent security researchers of all stripes.
“Whether they’re home cameras or other devices, I think myself and other security researchers will be making that a focus point for research in coming years,” Stanislav told me.
In this podcast, Stanislav talks with The Security Ledger about his concerns about the IoT as well as the need for stronger authentication and better management of smart, mobile devices by enterprises.
Check out the podcast below. You can listen on Security Ledger, or check out the interview on Soundcloud.com using the link provided.
|Listen on Security Ledger|
|Listen on Soundcloud.com|