Supply chain hacks like ME Docs and ASUS aren’t inevitable. In this Spotlight Podcast, sponsored by Trusted Computing Group, I speak with Dennis Mattoon, a Principal Researcher at Microsoft Research and the Chairman of the Trusted Computing Group’s DICE Architectures Working Group* about how strong device identities for IoT endpoints can stop supply chain compromises.
The compromise of device maker Asus Live Update Utility is just the latest evidence that sophisticated attackers have software supply chains in the crosshairs.
Forget about Congress’s latest attempt to regulate IoT security. CTIAs new certification is the toothiest standard going. In this Spotlight Podcast, we talk with Sameer Dixit of Spirent * on the sidelines of RSA about why.
Home connected device users are putting their IoT networks at risk by leaving exposed a common service devices use to seamlessly connect and communicate with each other, according to cybersecurity firm Trend Micro. Hackers recently have been found to exploit the Universal Plug and Play (UPnP) service of poorly configured routers and home networking devices, as evidenced by an attack earlier this year that allegedly hijacked thousands of Chromecast streaming dongles, Google Home devices and smart TVs to play an ad for a YouTuber PewDiePie’s channel. This event prompted Trend Micro researchers dig deeper into UPnP, discovering that the potential to exploit this service remains significant as many home users are leaving UPnP enabled–unknowingly or not–and often with older, unpatched versions of the service installed on devices, they said. “In a nutshell, we found that most devices still use old versions of UPnP libraries,” wrote Tony Yang, a Trend Micro […]
In this week’s episode (#130): we speak with security researcher Troy Hunt, founder of HaveIBeenPwned.com about his latest disclosure: a trove of more than 700 million online account credentials he’s calling “Collection #1.” Also we speak to Martin Hagen of the Norwegian device firm Tailit about how failing a security audit of the company’s GPS watch sparked a security make-over at the company.
