In-brief: IBM and Samsung are collaborating on a platform they say will help billions of connected devices interact securely. The technology, “blockchain,” is borrowed – in part -from the online currency Bitcoin, but has better applications as a transaction processing system.
Last week, home broadband router maker ASUS was the latest vendor to issue an emergency patch for a critical vulnerability in its products. This, after proof-of-concept exploit code was released for the so-called “Inforsvr” vulnerability that affects several ASUS home routers. That vulnerability -if left unpatched – would allow anyone with access to a home- or small business network that used an ASUS broadband router to, essentially, commandeer the device. The “infosvr” feature is typically used for device discovery by the ASUS Wireless Router Device Discovery Utility, but the service also allowed unauthenticated users to execute commands through it using the “root” permissions, according to researcher Friedrich Postelstorfer, who created a proof of concept exploit for the security hole and released it on January 4. The exploit code finally prompted a patch from ASUS on January 13. The company had spent months analyzing the issue and working on a fix. Patch aside, it has been a worrying month for the […]
Venturebeat has a nice, contributed blog post by Michael Daly, of Raytheon on the lurking problem of device insecurity within the consumer Internet of Things. As Daly sees it, mass adoption of Internet of Things technologies seems destined to leave us with environments populated by low-cost and vulnerable devices whose makers don’t consider their wares valuable enough to maintain. From the article: “Offering a constant stream of security patches and updates to keep low-cost devices safe and functional for the long-term requires money. If vulnerabilities are discovered, patches or updates might be issued, but only in the first year or two. The vendor expectation is that users will need to buy a full replacement or live with the risks — not to mention that users are not very likely to manage patches and updates for non-critical devices.” In contrast to the kinds of managed networks we’re used to – with vendors […]
As the Consumer Electronics Show (CES) rages in Las Vegas this week, its tempting to look at the reports about connected devices and wonder when it is, exactly, that the tsunami of smart devices, wearable tech and intelligent appliances will finally wash over us. But it might be even more useful to wonder why – given all the hype- we haven’t been washed out to sea already by the IoT wave. A recent article in Adweek calls attention to one leading theory about why the IoT isn’t gaining traction with everyday consumers: consumer worries about privacy and the security of data. The Adweek article (and groovy infograph) make hay out of a case study by Affinnova, a marketing technology firm that was acquired by Nielsen. The study asked consumers to evaluate “more than 4 million product concept variations and identify the most desired products and functions.” The goal: insight into consumer preferences as well […]
Intel unveiled a new Internet of Things platform this week dubbed (surprisingly enough) the “Intel IoT Platform.” The goal is to provide a unified platform for connecting diverse and distributed connected things. Given Intel’s big investment in security with the purchase of McAfee, its no surprise that security is a big part of the “value add” for the IoT platform. Intel says that its IoT platform promotes interoperability of network, operational technology and information technologies. The IoT Platform envisions Intel Quark™ to Intel Xeon, and Intel-based devices, gateways, and datacenter solutions with hardware-based root of trust. With hardware enabled identity and secure boot features, Intel believes that you can eliminate a wide range of malicious attacks and compromises. Intel’s IoT Gateway devices are based on its 2009 acquisition of WindRiver. They also wrap security intelligence from Intel’s acquisition of McAfee. Specifically, Intel has embedded anomaly and intrusion detection and prevention capabilities in […]
