The Internet of Things leverages the same, basic infrastructure as the original Internet – making use of protocols like TCP/IP, HTTP, Telnet and FTP. But the devices look and act very differently from traditional PCs, desktops and servers. Many IoT devices run embedded operating systems or variants of the open source Linux OS. And many are low-power and many are single function: designed to simply listen and observe their environment, then report that data to a central (cloud based repository). But IoT devices are still susceptible to hacking and other malicious attacks, including brute force attacks to crack user names and passwords, injection attacks, man in the middle attacks and other types of spoofing. Despite almost 20 years experience dealing with such threats in the context of PCs and traditional enterprise networks, however, too many connected devices that are sold to consumers lack even basic protections against such threats. […]
Hacks & Hackers
Amphion Forum: Spotlight on Security and Internet of Things
A little more than a month from now, the world’s attention will shift to San Francisco for the annual RSA Security Conference – perhaps the biggest single IT security industry event of the year. But this week, at a much smaller venue, the focus will be about what’s amounting to the ‘next big thing’ in the security world: the Internet of Things. The Amphion Forum focuses on a growing part of the computer security landscape that still struggles for attention in a security market still focused on the needs of large companies. Namely: the security challenges posed by mobile devices – phones and tablets and a menagerie of newly-connected endpoints, from wearable computers to implantable medical devices to household appliances. The privacy and security challenges facing organizations that wish to embrace the IoT are legion. Intelligent devices have been shown to lack basic protections against unauthorized access, such as strong […]
Senator Asks Automakers About Cyber Security, Privacy Plans
Cyber attacks on so-called “connected vehicles” are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey’s letter, dated December 2, cites recent reports of “commands…sent through a car’s computer system that could cause it to suddenly accelerate, turn or kill the breaks,” and references research conducted by Charlie Miller and Chris Valasek on Toyota Prius and Ford Escape. That research was presented in an August demonstration at the DEFCON hacking conference in Las Vegas. [For more on the security threats facing connected vehicles, check out this link.] “Today’s cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network […]
Two Million Passwords Stolen From Facebook, Twitter, ADP
The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]
The French Disconnection: Radio Gun Stops Smart Cars In Their Tracks
You could call it “The Death of the Car Chase.” According to the BBC, a UK company, E2V is demonstrating the RF Safe-Stop, a 350 KG (770 lb) device that can shoot RF (radio frequency) pulses at moving vehicles, “confusing” the vehicle’s electronic systems and causing its engine to shut off, stranding both vehicle and driver. E2V’s Safe-Stop product is intended for use as a non-lethal weapon for the military and law enforcement and is marketed as a tool for “checkpoint enhancement,” “convoy protection” and “vehicle immobilisation” (sp). According to this BBC report, the device acts like a small radar transmitter, directing a beam of radio pulses (identified elsewhere as L and S-Band RF pulses) that saturate the wiring that connects the vehicles on board systems. Those pulses confuse the engine control unit and cause it to reset, stopping the vehicle. Safe-Stop sends a continuous stream of pulses to keep the ECU confused […]
