The Internet of Things leverages the same, basic infrastructure as the original Internet – making use of protocols like TCP/IP, HTTP, Telnet and FTP. But the devices look and act very differently from traditional PCs, desktops and servers. Many IoT devices run embedded operating systems or variants of the open source Linux OS. And many are low-power and many are single function: designed to simply listen and observe their environment, then report that data to a central (cloud based repository). But IoT devices are still susceptible to hacking and other malicious attacks, including brute force attacks to crack user names and passwords, injection attacks, man in the middle attacks and other types of spoofing. Despite almost 20 years experience dealing with such threats in the context of PCs and traditional enterprise networks, however, too many connected devices that are sold to consumers lack even basic protections against such threats. […]
Reports
Obama Administration: Speak Up On Trusted ID Plans!
The Obama Administration is throwing its weight behind two federal efforts to increase the use of so-called “trusted identities” online as a way to combat consumer fraud and threats to critical infrastructure. Writing on the White House blog on Monday, Michael Daniel, the Obama Administration’s cyber security coordinator said that the current system for managing online identities (user IDs and passwords) is “hopelessly broken,” and that the stakes are getting ever higher for breaches. “While today it might be a social media website, tomorrow it could be your bank, health services providers, or even public utilities,” he wrote. Daniel said two federal initiatives aim to tip the scales in the direction of stronger and more secure online identities, but that more public engagement is needed to ensure that what is produced by those projects gets adopted. Specifically: Daniel highlighted two NIST-led efforts: the National Strategy for Trusted Identities in Cyberspace (NSTIC), […]
10 Essential Internet of Things Infographs
The term “Internet of Things” (or IoT) is so often used these days that it can be difficult to know exactly what it refers to. But the “Internet of Things” isn’t any less relevant or important just because it happens to be nudging its way up the steep side of Gartner’s Hype Curve. So understanding what people mean by “Internet of Things” is critical, even if not all those people would agree on a common definition themselves. Fortunately, many firms with a hand in the IoT have gone through the trouble of boiling their view of the Internet of Things down into handy, informative infographics. We’ve pulled a few of them together here for The Security Ledger – focusing on those that speak to the critical issues of safety, security and data privacy whenever possible. Check out this slideshow. Mouse over the image to learn more, or click on the […]
Senator Asks Automakers About Cyber Security, Privacy Plans
Cyber attacks on so-called “connected vehicles” are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey’s letter, dated December 2, cites recent reports of “commands…sent through a car’s computer system that could cause it to suddenly accelerate, turn or kill the breaks,” and references research conducted by Charlie Miller and Chris Valasek on Toyota Prius and Ford Escape. That research was presented in an August demonstration at the DEFCON hacking conference in Las Vegas. [For more on the security threats facing connected vehicles, check out this link.] “Today’s cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network […]
Symantec Warns: Worm Can Target Internet of Things
Symantec, the security software firm, is reporting that its researchers have discovered a new, malicious “worm” that is spreading on the Internet and has been adapted to attack embedded devices running the Linux operating system, including many devices that are part of the Internet of Things. Writing on the Symantec research blog, Kaoru Hayashi, a threat analyst within Symantec’s Security Response organization, said that the company had uncovered the worm, dubbed Linux.Darlloz, spreading between more common PC systems. However, an analysis of the program revealed that its creators were thinking big: engineering the worm to be capable of attacking a “range of small, Internet-enabled devices in addition to traditional computers.” Specifically, Symantec’s team found variants of Darlloz for chip architectures common in devices ranging from home routers and set-top boxes to security cameras. The warnings about an “Internet of Things worm” were hypothetical, however. Hayashi said that no attacks against non-PC […]
