The German magazine Der Spiegel made headlines this week with its story detailing the US National Security Agency’s (NSAs) offensive hacking capabilities. The story is based on classified NSA documents absconded with by former contractor Edward Snowden and lays bare a Webster’s Dictionary full of classified hacking tools and programs. Among the highlights of the story: + The NSA developed and deployed a wide range of hacking tools that could compromise hardware from leading IT and networking equipment makers including Cisco Systems, Juniper Networks and the Chinese vendor Huawei and Dell Inc. + The NSA tools were designed to provide persistent access that allowed the NSA to monitor activity on the compromised endpoint, avoid detection by third party security software and survive software and firmware updates. One such tool, DEITYBOUNCE, provided persistent access to Dell’s PowerEdge servers by “exploiting the system BIOS” and using “System Management Mode to […]
Tag: privacy
What Will 2014 Bring For Internet of Things? Some Thoughts.
As we’ve noted before, The Internet of Things is figuring prominently in both year-end round ups and year-end predictions. Many technology pundits saying that the IoT and security issues related to Internet-connected devices will be a major trend to watch this year. Here are some interesting takes on what 2014 holds for The Internet of Things. Better Design (Wired) While superbly designed products like the NEST Thermostat get much of the attention when folks talk about the potential of The Internet of Things, good design isn’t a prerequisite for making a “smart” device – nor is it even that common in the nascent IoT, as a casual reading of some of our coverage will show you. But good design – or at least better design – that includes robust security will be necessary if the IoT market is to mature. That’s the argument Jermoe Nadel makes in this article on […]
A Christmas Hangover From Smart Devices
Editor’s note: This is reposted from Veracode’s blog. Just in time for the holidays, I received an e-mail by way of Electric Imp. If you’re not familiar with the “Imp,” (my phrase, not theirs), it’s a PaaS that makes it easy to build and connect smart devices. Among the cool gift ideas Electric Imp was promoting: a whole line of products produced by the company Quirky along with GE under the “Wink: Instantly Connected” products banner and available at Best Buy and other stores. There’s Egg Minder, an Internet-connected egg tray that tracks how many eggs you have left in your fridge, and how fresh each of them is. Not your thing? How about Nimbus? It’s a “customizable Internet-connected dashboard that lets you “track the data that affects your life, from commute times and weather to social media and more.” Nimbus looks like someone ripped the gauges out of a […]
How Connected Consumer Devices Fail The Security Test
The Internet of Things leverages the same, basic infrastructure as the original Internet – making use of protocols like TCP/IP, HTTP, Telnet and FTP. But the devices look and act very differently from traditional PCs, desktops and servers. Many IoT devices run embedded operating systems or variants of the open source Linux OS. And many are low-power and many are single function: designed to simply listen and observe their environment, then report that data to a central (cloud based repository). But IoT devices are still susceptible to hacking and other malicious attacks, including brute force attacks to crack user names and passwords, injection attacks, man in the middle attacks and other types of spoofing. Despite almost 20 years experience dealing with such threats in the context of PCs and traditional enterprise networks, however, too many connected devices that are sold to consumers lack even basic protections against such threats. […]
Thingful is a Facebook for Smart Devices
The data on exactly how many Internet of Things devices will be online by the end of the decade is a matter of debate. Cisco famously put the number at 50 billion by 2020, though Morgan Stanley thinks it could be as high as 75 billion. The analyst firm IDC estimates the number at 50 billion. But others have put the number lower. Gartner puts the number of connected things at around 30 billion by 2020. We might all be better off taking a cue from McDonald’s and just start using the phrase “billions and billions” by the end of the decade. As with McDonald’s hamburgers – the exact number doesn’t really matter, so long as everyone agrees that it’s going to be big. Really big. But all those devices – and the near-limitless IPV6 address space that will accommodate them – do present a management and governance problem: how […]
