cameras

connected car - audi-thumbnail

Traffic Monitoring Tech Vulnerable To Hacking

Connected cars aren’t the only transportation innovation that’s coming down the pike (pun intended). As we’ve noted before: smart roads and smart infrastructure promise even more transformative changes than – say – having Siri read  your text messages to you through your stereo system. The applications of smart road and connected infrastructure are almost limitless. But at this early stage (mostly proof of concept), much of the light and heat around smart roads is around applications of remote sensors at the roadside, or embedded in the road surface to identify problems like icy roads, the presence of liquids, traffic density, vehicle and pedestrian detection and more. For a nice overview of some sensor applications, check out this video from Liebelium. But that doesn’t mean that attacks against smart infrastructure are problems for the future. The security researcher Cesar Cerrudo points out in a blog post over at IOActive.com that many […]

Continue Reading
heartbleed SSL image

Tripping Over Heartbleed’s Long Tail

The news about the dreadful Heartbleed OpenSSL vulnerability keeps pumping – almost a month since it first made headlines. But now that other, equally scary security news is stealing the headlines (like the nasty Internet Explorer vulnerability that was announced this week, Heartbleed is taking a back seat. So where do things stand? I think its safe to say that we’re entering a phase that might be considered Heartbleed’s ‘long tail.’ On the one hand: there’s evidence of good news. The Register reported today that data collected by the firm Qualys suggests that almost all websites that were vulnerable to Heartbleed three weeks ago are now patched and no longer vulnerable. The Register’s John Leyden quotes Ristic, the director of engineering at Qualys, putting the percent of web sites, globally, that are still vulnerable to Heartbleed at 1 percent. That’s great news – but I don’t think its the end of the story […]

Continue Reading
Internet of Things Interactions

IoT And Big Data To Create Insurance Industry Winners, Losers

This blog writes a lot about risk and the Internet of Things. Specifically: we talk about how smart, sensor rich, connected devices create all kinds of new risks for enterprises and consumers. It goes without saying that feature development (and adoption) are running well ahead of pesky issues like secure design and deployment or data privacy. Smart companies are trying to put some brakes on that trend. (Witness Google prohibiting sensitive health data from its Android Wear platform.) But, by and large, companies are plowing ahead into IoT technologies without a lot of consideration of the risks. But there’s one industry where risk _is_ the business: the insurance industry. And there, the thinking about the potential of Internet of Things is decidedly bullish. In fact, a recent report from the financial services research firm Celent (paywall) suggests that broad adoption of IoT technologies will revolutionize the way insurance companies market and sell to […]

Continue Reading

Linux IoT Worm Still Alive And Mining Virtual Coins

A few months ago we wrote about a new Internet worm notable because it spread between devices running the Linux operating systems, and because it had the ability to infect a range of non-PC devices including set top boxes. Symantec was quick to suggest that the worm, Linux.Darlloz, was the first “Internet of Things” malware. Now, three months later, Symantec is updating the story: noting that Darlloz is still out there, and seems to have  been put to use mining for virtual currencies. Writing on Symantec’s blog on Thursday, analyst Karou Hayashi said that researchers there discovered a new variant of Darlloz in January that included code changes and improvements from the version discovered at the end of 2013. Darlloz is versatile: it can run on devices using a variety of architectures, including the common Intel x86, but also hardware running the ARM, MIPS and PowerPC architectures. Those are more common […]

Continue Reading

Update – Virtual Vandalism: Firm Warns Of Connected Home Security Holes

[This story was updated to include response from Belkin describing its response to the vulnerabilities identified by IOActive, including firmware updates. – PFR Feb 19, 2014] A researcher with the respected security firm IOActive says that he has found a number of serious security holes in home automation products from the firm Belkin that could allow remote attackers to use Belkin’s WeMo devices to virtually vandalize connected homes or as a stepping stone to other computers connected on a home network. In a statement released on Tuesday, IOActive researcher Mike Davis said that his research into Belkin’s WeMo technology found the “devices expose users to several potentially costly threats, from home fires with possible tragic consequences down to the simple waste of electricity.” IOActive provided information on Davis’s research to the US Computer Emergency Readiness Team (CERT), which issued an advisory on the WeMo issues on Tuesday.  Belkin did not […]

Continue Reading
1 7 8 9 10 11 13