In-brief: After legislation in five states stalled in the Spring, states like Massachusetts will be on the front line of renewed efforts to pass pro-consumer laws that create a “right to repair” for cell phones, medical devices and other software-driven products. At stake could be the right of consumers to control Internet of Things devices they purchase for use in their home, on their person or in their business.
In-brief: a vulnerability dubbed “Devil’s Ivy” affects hundreds of cameras by the firm Axios and – likely – thousands of other devices made by some of the world’s top technology brands. It’s another example of widespread software supply chain security risks.
In-brief: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to “enhance the security of its Internet of Things (IoT) devices and solutions.”
In-brief: In this Security Ledger podcast, Paul speaks with Sameer Dixit of Spirent Security Labs, a leading tester of connected (“smart”) vehicles. Truly secure, connected vehicles may be years away, he says. In the meantime, security flaws and poorly implemented features are a major issue, Dixit says, with many car companies still preferring bolt on security fixes over secure design.
Software used to remotely program implantable cardiac devices by a number of vendors is rife with exploitable software vulnerabilities that leave the devices vulnerable to attacks and compromise, according to a report by the firm Whitescope Inc.
