Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded devices like Internet connected webcams. Filed on October 30, the “IoT Firmware Update Architecture,” establishes security requirements for device makers to implement when designing firmware update mechanisms for connected devices. A familiar list of features The proposed rules include features that have long been recommended by security experts to permit safe handling of software updates. Among them the use of cryptographically signed updates and public key cryptography to provide end-to-end security and verify firmware images, as well as the ability to work with low-power and resource constrained IoT devices. Firmware has been the source of widespread security issues. For example, low-cost […]
Flaws in software run by a range of microprocessors could be widespread in embedded systems, security experts and the Department of Homeland Security are warning.
Mobile applications used with two, popular home automation platforms by Wink and Insteon fail to protect user login information, leaving the devices vulnerable to hacking, a researcher at Rapid7 found.
In-brief: A year after Mirai, as many as 100,000 devices, globally, may be running some version of the Mirai malware, while countless others are vulnerable to being enlisted in a Mirai-like attack. Worse: these systems may not be patched for “years,” according to the SANS Internet Storm Center.
In-brief: the firm Pen Test Partners notes that there are security arguments against expanding right to repair laws. But do they stand up to scrutiny?