firmware

How Connected Consumer Devices Fail The Security Test

Podcast: Play in new window | Download ()Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeThe Internet of Things leverages the same, basic infrastructure as the original Internet – making use of protocols like TCP/IP, HTTP, Telnet and FTP. But the devices look and act very differently from traditional PCs, desktops and servers. Many IoT devices run embedded operating systems or variants of the open source Linux OS. And many are low-power and many are single function: designed to simply listen and observe their environment, then report that data to a central (cloud based repository).   But IoT devices are still susceptible to hacking and other malicious attacks, including brute force attacks to crack user names and passwords, injection attacks, man in the middle attacks and other types of spoofing.  Despite almost 20 years experience dealing with such threats in the […]

Experts: ‘Infinite’ Attack Surface of IoT Demands New Approach

If the growth of the Internet of Things has been a curiosity to enterprises and the IT security industry that serves them, it won’t stay that way for long, experts warned at a gathering in San Francisco. The rapid adoption of Internet of Things (IoT) technology is poised to transform the IT industry, vastly expanding the opportunities for cyber attacks against a much wider range of targets: from implantable medical devices to manufacturing plants to automobiles, according to participants in a panel discussion on “Shaping The Internet of Things” at The Amphion Forum event in San Francisco. While media attention on The Internet of Things has focused on products like the Nest Thermostat and connected automobiles, the IoT encompasses an almost limitless population of devices – many far more mundane, said Ralph Broom a Principal Engineer at the firm Noblis, and one of three panel members. The Internet of Things, in […]

Amphion Forum: Spotlight on Security and Internet of Things

A little more than a month from now, the world’s attention will shift to San Francisco for the annual RSA Security Conference – perhaps the biggest single IT security industry event of the year. But this week, at a much smaller venue, the focus will be about what’s amounting to the ‘next big thing’ in the security world: the Internet of Things.   The Amphion Forum focuses on a growing part of the computer security landscape that still struggles for attention in a security market still focused on the needs of large companies. Namely: the security challenges posed by mobile devices – phones and tablets and a menagerie of newly-connected endpoints, from wearable computers to implantable medical devices to household appliances. The privacy and security challenges facing organizations that wish to embrace the IoT are legion. Intelligent devices have been shown to lack basic protections against unauthorized access, such as strong […]

Open Source IoT Platform Would Boost Security

Interoperability (or the lack of it) stands out as one of the major obstacles to the expansion of the Internet of Things. As we’ve discussed on this blog, the lack of a common platform for Internet-enabled devices to communicate on has resulted in a balkanized IoT landscape. Nest’s smart thermometer and smoke detector communicate and share information famously, but if you want to link them with some smart appliance from GE or LG, you’re out of luck. But that may soon be changing. On Tuesday, The Linux Foundation announced a new, cross industry consortium of major IT infrastructure makers, software vendors and electronics firms. The AllSeen Alliance is tasked with developing a common, open source platform that allows hardware and software firms to unite their creations, regardless of their brand – and provide basic security features, to boot. The Alliance counts electronics giants like Panasonic, Qualcomm, LG and Sharp as […]

connected vehicles

Senator Asks Automakers About Cyber Security, Privacy Plans

Cyber attacks on so-called “connected vehicles” are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey’s letter, dated December 2, cites recent reports of “commands…sent through a car’s computer system that could cause it to suddenly accelerate, turn or kill the breaks,” and references research conducted by Charlie Miller and Chris Valasek on Toyota Prius and Ford Escape. That research was presented in an August demonstration at the DEFCON hacking conference in Las Vegas. [For more on the security threats facing connected vehicles, check out this link.] “Today’s cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network […]