I came across an interesting post over on Wearable World News today titled “The Danger of Smart Spam In the Internet of Things.” The article, by Jessica Groopman, ran yesterday and provides a kind of conceptual overview of the security and IoT space. I think Goodman gets it mostly right: she talks about the proliferation of device types and platforms that will (or already does) characterize the Internet of Things. With hundreds of billions (compared with hundreds of millions) of Internet connected endpoints, cyber criminals, hacktivists and other bad actors have an even greater ability to create armies of compromised endpoints and harness their collective power in attacks. Goodman also gets it right when she notes that many “smart” devices run commodity operating systems like Linux and don’t require lots of special effort to reverse engineer. Finally, IoT devices frequently are low power and embedded systems that lack the processing […]
smart home
SOHOwned: 300K Home Routers Hacked
A string of reports in recent weeks has focused a spotlight on rising attacks against an often-overlooked piece of equipment that can be found in almost every home and business: the wireless router. Just this week, the security firm Team Cymru published a report (PDF) describing what it claims is a widespread compromise of small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. Cymru claims to have identified over 300,000 SOHO devices (mostly in Asia and Europe) that were compromised. According to the report, the compromises first came to light in January, after Team Cymru analysts noticed a pattern of SOHO routers with overwritten DNS settings in central Europe. The affected devices are from a range of manufacturers, including well-known brands like D-Link, Micronet, Tenda and TP-Link. The devices were vulnerable to a number of attacks, including authentication bypass and cross-site […]
Security and The Internet of Things: An RSA Roadmap
The RSA Security Conference starts next week in San Francisco: the central event of a week-long orgy of IT security wheeling and dealing in the Bay Area. Though its roots are as a small and clubby gathering of cryptographers, RSA long ago stopped being that, and started resembling a kind of speed dating event for technology and IT security firms. Sure – there are plenty of interesting talks at RSA, but the important work takes place in private suites of adjoining hotels and chance encounters in the halls of the Moscone. If there’s a big IT security deal in the offing – like IBM’s $1 billion acquisition of Trusteer, or FireEye’s purchase of the firm Mandiant – chances are good that the conversation started at RSA. Long and short: RSA is a snapshot of the security industry at a particular place and time. As such, it tends to be a […]
Update – Virtual Vandalism: Firm Warns Of Connected Home Security Holes
[This story was updated to include response from Belkin describing its response to the vulnerabilities identified by IOActive, including firmware updates. – PFR Feb 19, 2014] A researcher with the respected security firm IOActive says that he has found a number of serious security holes in home automation products from the firm Belkin that could allow remote attackers to use Belkin’s WeMo devices to virtually vandalize connected homes or as a stepping stone to other computers connected on a home network. In a statement released on Tuesday, IOActive researcher Mike Davis said that his research into Belkin’s WeMo technology found the “devices expose users to several potentially costly threats, from home fires with possible tragic consequences down to the simple waste of electricity.” IOActive provided information on Davis’s research to the US Computer Emergency Readiness Team (CERT), which issued an advisory on the WeMo issues on Tuesday. Belkin did not […]
Internet of Dings: Verizon Shelves Home Automation Service
The news this week that search giant Google completed its acquisition of smart-home device maker NEST prompting at least one news outlet to proclaim that the “New Internet of Things Wave” has been set in motion. (Umm…new?) But there’s a cautionary note in the business headlines: news that Verizon shuttered its Verizon Home Monitoring service. Matt Hamblen over at Computerworld.com has the news and the confirmation from Verizon, which launched in 2012 and was designed to sink that company’s hooks deeper into wired homes. Verizon provided a common hardware platform for home automation and entertainment systems to plug into and talk to each other. Users could manage devices remotely from their computer, mobile device or from their televisions using FiOS TV. It comprised video surveillance, environmental control and physical security. In commercials, Verizon trumpeted it as the “ultimate 21st century green energy home control.” Verizon charged users $10 a month […]
