A non-profit group that represents prominent computer security researchers has issued an open letter to the automotive industry calling for more collaboration on cyber security issues. The group, I Am The Cavalry said the automotive industry needs to elevate cyber security to put it on par with other vehicle safety issues. The announcement, on Friday at DEF CON 22 in Las Vegas – an annual hacker conference – included a letter to CEOs in the automotive industry, calling for the adoption of “five key capabilities that create a baseline for safety relating to the computer systems in cars.” The letter asks for safety to be built into the design of computer systems in vehicles. “Increasing reliance on computer systems and internet connectivity in cars is opening up a whole new area of consumer risk, much of which is still being investigated and understood,” the group said. “Modern cars are computers […]
Search Results for "connected home"
Micro Survey of Smart Home Devices Finds Much To Fault
Larry Dignan over at ZDNet is writing about a new survey by HP’s Fortify application security division that finds 70 percent of Internet of things devices have exploitable software vulnerabilities. Some caveats: HP makes its conclusions based on scans of “10 of the most popular Internet of things devices.” That’s a very small sample size that could (greatly) skew the results one way or the other. So take this with a grain of salt. You can download the full survey here. (PDF) [Read Security Ledger coverage of Internet of Things here.] According to Dignan, HP found 25 vulnerabilities per device. Audited devices included TVs, Webcams, thermostats, remote power outlets, sprinklers, door locks, home alarms, scales and garage openers. One of each, from the sound of it. The findings, assessed based on the OWASP Internet of Things Top 10 list and vulnerability categories, account for the devices as well as cloud and […]
Internet of Dings: Verizon Shelves Home Automation Service
The news this week that search giant Google completed its acquisition of smart-home device maker NEST prompting at least one news outlet to proclaim that the “New Internet of Things Wave” has been set in motion. (Umm…new?) But there’s a cautionary note in the business headlines: news that Verizon shuttered its Verizon Home Monitoring service. Matt Hamblen over at Computerworld.com has the news and the confirmation from Verizon, which launched in 2012 and was designed to sink that company’s hooks deeper into wired homes. Verizon provided a common hardware platform for home automation and entertainment systems to plug into and talk to each other. Users could manage devices remotely from their computer, mobile device or from their televisions using FiOS TV. It comprised video surveillance, environmental control and physical security. In commercials, Verizon trumpeted it as the “ultimate 21st century green energy home control.” Verizon charged users $10 a month […]
Is 2014 The Year Uncle Sam Takes On Connected Device Security?
The Consumer Electronics Show – or CES- kicked off last week in Las Vegas. In the last decade, CES has become one of the premiere venues for consumer device makers to launch new products and to show off prototypes of technology they hope to introduce to the public. Home entertainment megafauna dominate the coverage of CES — there was Samsung’s 85-inch LED LCD model with 4K resolution that can transform from flat-screen to curved display. But this year’s show is also a showcase for the next wave of connected devices, including wearable technology, smart appliances and connected vehicles. All these new platforms raise important questions about security, privacy and reliability. I sat down to talk about some of those issues with Mark Stanislav, the lead security evangelist at the firm Duo Security. Mark is a frequent contributor to The Security Ledger who last joined us to provide an end of year […]
How Connected Consumer Devices Fail The Security Test
The Internet of Things leverages the same, basic infrastructure as the original Internet – making use of protocols like TCP/IP, HTTP, Telnet and FTP. But the devices look and act very differently from traditional PCs, desktops and servers. Many IoT devices run embedded operating systems or variants of the open source Linux OS. And many are low-power and many are single function: designed to simply listen and observe their environment, then report that data to a central (cloud based repository). But IoT devices are still susceptible to hacking and other malicious attacks, including brute force attacks to crack user names and passwords, injection attacks, man in the middle attacks and other types of spoofing. Despite almost 20 years experience dealing with such threats in the context of PCs and traditional enterprise networks, however, too many connected devices that are sold to consumers lack even basic protections against such threats. […]
