Explore Top IoT Security Conferences to Attend in 2023 and Beyond

explore-top-iot-security-conferences
Explore the events on IoT security, addressing to the complex cyber security challenges and privacy issues. It caters to a variety of attendees including industrialists, students and enthusiasts.

The significance of IoT security cannot be overstated in today's interconnected business landscape. Safeguarding sensitive data and mitigating risks is paramount, making robust IoT security a non-negotiable imperative for organizations seeking to thrive in the digital age.

From industry professionals seeking to expand their knowledge to builders and buyers in the market, these events provide a comprehensive platform to learn, connect, and discover the possibilities of scaling with IoT. Attendees can connect with buyers, sellers, and innovators, fostering meaningful connections and exploring potential business opportunities. At these industrial IoT conferences 2023 and beyond, attendees can immerse themselves in a vibrant atmosphere of innovation and collaboration.

1. IoT Tech Expo

September 26-27, 2023 | RAI (AMSTERDAM)

The IoT Tech Expo Europe is a prominent event that serves as a platform for exploring the latest innovations, solutions, and strategies in the field of IoT, digital twins, enterprise transformation, IoT security, and edge platforms. It promises two days of top-level content and thought leadership discussions. Industry experts, including keynote speakers and panelists, will share their unparalleled industry knowledge, real-life experiences, and insights through solo presentations, expert panel discussions, and in-depth fireside chats. Some of the key sessions will include panel discussions on staying on track with digital twins, examining their pitfalls across industries, and exploring the incorporation of other technologies like AI, ML, and Blockchain for agile processes. Notable speakers in this domain include Bruno Ávila, i-Team Director - Digital Urban Planning Lab, City of Amsterdam; Ben Lomax Thorpe, Head of Digital Twin, among others. Additionally, the event showcases success stories and case studies from organizations leading the way in digitalization and IoT implementation.

2. International Conference on the Internet of Things

November 7-10, 2023 | Nagoya (Japan)

This event brings together leading researchers, industry experts, and stakeholders in the IoT field. This conference serves as a platform for visionary and groundbreaking research, fostering innovation in various IoT verticals such as smart industry, smart cities, smart health, and smart environment. The 13th International Conference on the Internet of Things (IoT 2023) will include keynote speeches, research presentations, panel discussions, and interactive sessions. It will provide a platform for sharing visionary ideas, ground-breaking research findings, and innovative solutions in the realm of IoT and related fields. Nagoya, the host city for IoT 2023, will offer a captivating setting for the conference. With a focus on visionary research and innovation, the conference provides a platform for knowledge sharing, collaboration, and exploration of IoT advancements in various verticals.

3. 9th Annual IoT Security Foundation Conference

November 7, 2023 | IET (London)

The 9th Annual IoT Security Foundation Conference is a highly regarded event dedicated to IoT cybersecurity. With the increasing prominence of artificial intelligence in various industries, this year's conference will focus on the impact of AI on cybersecurity, exploring its implications for developers and cyber defenders at the forefront of the field. The call for presentations is currently open, inviting submissions on a wide range of IoT security-related themes till July 14th, 2023, with notifications of acceptance to be sent by August 18th, 2023. By participating in the IoTSF 2023 Conference, sponsors and exhibitors gain exposure within the IoT security community and can forge new customer relationships, generate leads, establish partnerships, and strengthen existing customer connections. The conference will cover a range of themes, including business, technical, operational, educational, and policy-related topics. Proposals are invited on these subjects, offering speakers an opportunity to contribute to the diverse interests of conference attendees.

4. ETSI IoT Conference 2023 (ETSI IoT Week 2023)

July 4-6, 2023 | Sophia Antipolis (France)

ETSI, the European Telecommunications Standards Institute, is organizing its annual flagship event, the ETSI IoT Conference. The conference, ' IoT Technologies for Green and Digital Transformation,' is a must-attend event for professionals involved in the Internet of Things, recognizing the significance of standard-enabled technologies for IoT service deployments. It provides a valuable platform for attendees to learn and share experiences related to IoT technologies, services, activities, and requirements, focusing on current and future standardization efforts. The 2023 edition of the conference will feature a combination of keynote speeches, presentations, interactive panels, and IoT demonstrations, creating ample networking opportunities for participants. The event will revolve around three main areas: IoT for the digital and green transformation, IoT technologies, and horizontal IoT standards for various vertical business sectors. The ETSI IoT Conference is particularly relevant for organizations and stakeholders interested in the service and operational aspects of IoT, including industry representatives, SMEs, research and development institutions, academia, decision and policy makers, as well as users of IoT standards such as cities, governments, and societal actors.

5. 4th International Conference on Big Data, Machine Learning and IoT (BMLI 2023)

August 26-27, 2023 | Dubai (UAE)

The 4th International Conference on Big Data, Machine Learning, and IoT serves as a major platform for presenting innovative ideas, developments, research projects, and approaches in the domains of big data, machine learning, and the internet of things. This event includes but is not limited to big data techniques, models, and algorithms; infrastructure and platforms for big data; search and mining in big data; security, privacy, and trust in big data. Authors are invited to submit original papers by July 01, 2023, through the conference's submission system. Additionally, selected outstanding papers will have the opportunity to be considered for publication in renowned journals such as the International Journal of Database Management Systems (IJDMS), the International Journal of Data Mining & Knowledge Management Process (IJDKP), and others. The event will provide an excellent opportunity for researchers, industry professionals, and practitioners to explore the latest advancements, share knowledge, and foster collaborations in the dynamic fields of big data, machine learning, and IoT.

6. 28th Australasian Conference on Information Security and Privacy (ACISP 2023)

July 5-7, 2023 | Brisbane (Australia)

The 28th Australasian Conference on Information Security and Privacy (ACISP 2023) is an event in the field of cybersecurity and privacy, bringing together researchers, practitioners, and industry experts from Australasia and around the world. This conference will serve as a platform to exchange innovative ideas, research findings, and advancements in information security and privacy. ACISP 2023 focuses on addressing the evolving challenges and emerging trends in the field, providing a forum for discussing theoretical and practical aspects of IoT security risks. Participants have the opportunity to present their research papers, engage in enlightening discussions, and network with professionals in the industry. The conference covers a wide range of topics related to information security and privacy, including cryptographic protocols and algorithms, security in emerging technologies, intrusion detection and prevention.

7. The Things Conference

September 21-22, 2023 | Amsterdam (Netherlands)

The Things Conference is dedicated to LoRaWAN, attracting thousands of professionals and enthusiasts worldwide. This highly anticipated gathering will serve as a hub for the entire LoRaWAN ecosystem, offering a unique opportunity to meet key players, gain valuable insights into the IoT industry, and explore the expanding LPWAN market. The event showcases a diverse range of LoRaWAN enabled security IoT devices and gateways at the Wall of Fame, where participants can interact with and experience first-hand the latest products from over 100 partners. The conference program features an impressive line-up of speakers from prominent companies such as Blues, Miromico, ELSYS, TagoIO, Edge Impulse, and more. Attendees can benefit from engaging keynotes, insightful workshops, interactive side sessions, case studies, and value-driven stories. These sessions cover various aspects of LoRaWAN, offering attendees valuable knowledge and practical guidance. One of the highlights of The Things Conference is The Things Certifications, which allow participants to showcase their expertise.

Final Thoughts

The conferences help industry experts, IT professionals, engineers, and decision-makers to gain insights and in-depth knowledge. Attendees can expect a comprehensive program consisting of keynote presentations, panel discussions, case studies, and interactive workshops. The above events will cover various topics, concerning the IoT security. Participating in these will provide networking opportunities, allowing attendees to connect with peers, share experiences, and establish valuable business connections. Leaders can stay updated with the evolving data center landscape and gain a competitive edge in their evolving technologies, to provide protection against threats.

Spotlight

GoDaddy

GoDaddy helps the world easily start, confidently grow, and successfully run an online presence. GoDaddy was born to give people an easy, affordable way to get their ideas online. Today, we have millions of customers around the world, but our goal hasn't changed. We’re here to help people easily start, confidently grow and successfully run their own ventures - online and off.

OTHER ARTICLES
IoT Security

Top Technologies in IoT Network Security for Network Resilience

Article | June 27, 2023

Building resilient IoT networks: Exploring the top technologies for enhancing IoT security and protecting as well as safeguarding against evolving cyber threats in the interconnected era of Industry 4.0. Contents 1. What is Network Resilience and Why is it Needed? 1.1 Continuous Operation 1.2 Mitigating Security Threats 1.3 Data Protection 1.4 System Availability 1.5 Risk Management 1.6 Regulatory Compliance 2. Factors to Consider for Network Resilience 3. Top Trends in IoT Security 3.1 Zero Trust and AI 3.2 Supply Chain Security 3.3 Network Segmentation and Segregation 3.4 Over-the-Air (OTA) Updates 3.5 Device Authentication and Authorization 3.6 Software-defined Networking (SDN) Security 3.7 Identity and Access Management (IAM) 4. Conclusion 1. What is Network Resilience and Why is it Needed? Network resilience refers to the ability of an IoT network to withstand and recover from disruptions, attacks, or failures while maintaining its essential functions. It involves implementing measures to ensure the network remains available, reliable, and secure, even during security threats or unexpected events. Ensuring network resilience is a critical aspect of IoT network security. Network resilience refers to the ability of an IoT network to withstand and recover from disruptions, attacks, or failures while maintaining its essential functions. Ensuring network resilience in IoT network security is crucial for the following reasons: 1.1 Continuous Operation IoT networks often support critical applications and services that require uninterrupted operation. Network resilience ensures that these applications can continue functioning even during disruptions, such as network failures or security incidents. It minimizes downtime and ensures business continuity. 1.2 Mitigating Security Threats IoT networks are susceptible to various cybersecurity threats, including malware, unauthorized access, or Distributed Denial of Service (DDoS) attacks. Network resilience measures help mitigate these threats by implementing security controls, monitoring network traffic, and enabling prompt detection and response to security incidents. 1.3 Data Protection IoT devices generate and transmit vast amounts of sensitive data. Network resilience safeguards data integrity, confidentiality, and availability by implementing secure communication protocols, encryption mechanisms, and access controls. It ensures that data remains protected even during network disruptions or security breaches. 1.4 System Availability IoT systems often rely on real-time data processing and communication. Network resilience ensures that data flows seamlessly, allowing IoT devices to exchange information and execute tasks without interruptions. It supports critical functions such as monitoring, control, and decision-making processes. 1.5 Risk Management Building network resilience helps organizations effectively manage risks associated with IoT deployments. By identifying vulnerabilities, implementing protective measures, and having response plans in place, organizations can minimize the impact of security incidents, reduce financial losses, and maintain the trust of stakeholders. 1.6 Regulatory Compliance Many industries have specific regulations and standards governing the security and resilience of IoT networks. By ensuring network resilience, organizations can demonstrate compliance with these requirements, avoiding penalties, legal issues, and reputational damage. 2. Factors to Consider for Network Resilience Implementing redundancy and failover mechanisms within the network infrastructure helps mitigate the impact of single points of failure. This involves deploying backup systems, redundant network paths, and failover mechanisms to ensure continuous operation despite a failure or attack. Traffic Monitoring and Anomaly Detection for Continuous network traffic monitoring helps identify abnormal patterns or behaviours that may indicate security threats or attacks. By leveraging intrusion detection and prevention systems (IDPS) and traffic analysis tools, organizations can promptly detect and respond to network anomalies, safeguarding network resilience. Moreover, segmentation and Isolation: Dividing the IoT network into segments or zones and isolating critical devices or systems from less secure ones enhances network resilience. Implementing proper network segmentation, VLANs (Virtual Local Area Networks), or software-defined networking (SDN) enables effective control, containment, and mitigation of security incidents. DDoS attacks significantly threaten network resilience by overwhelming the network's resources and causing service disruption. Deploying robust DDoS protection measures, such as traffic filtering, rate limiting, and traffic diversion, helps mitigate the impact of such attacks and ensures network availability. Incident Response and Establishing comprehensive incident response and recovery plans specific to IoT network security incidents is crucial. These plans should outline clear procedures, roles, and responsibilities to efficiently respond to and recover from security breaches or disruptions, minimizing downtime and maintaining network resilience. In addition, regular penetration testing, vulnerability assessments, and network audits help identify weaknesses and vulnerabilities in the IoT network infrastructure. Promptly addressing these issues through patches, updates, and security configuration adjustments strengthens network resilience by proactively addressing potential security risks. By implementing these measures, organizations can enhance the resilience of their IoT networks, ensuring continuous operation, prompt threat detection, and effective response to security incidents. Network resilience plays a vital role in maintaining IoT systems' integrity, availability, and reliability in the face of evolving security challenges. 3. Top Trends in IoT Security 3.1 Zero Trust and AI Zero Trust is an emerging security concept that assumes no implicit trust towards devices or users, even if they are already inside the network perimeter. Implementing Zero Trust principles in IoT networks can help mitigate the risks associated with compromised devices and unauthorized access for IoT security. In order to bolster cybersecurity measures, adopting a zero trust approach. Effectively addressing cybersecurity challenges entails not merely technological solutions but a comprehensive organizational strategy rooted in cultural and policy frameworks. Emphasizing the zero trust concept underscores the importance of policy implementation throughout the entire organization, complementing technological measures. 3.2 Supply Chain Security The complex and interconnected nature of IoT supply chains introduces security risks. The supply chain for IoT devices involves multiple stages, including device manufacturing, software development, distribution, and deployment. Each stage presents potential security risks that can compromise the integrity and security of the IoT network. This includes adopting secure supply chain management practices, such as verifying the security practices of suppliers and manufacturers, and establishing clear security requirements and standards for the entire supply chain. Conducting third-party risk assessments helps evaluate the security posture of suppliers and vendors to identify any potential vulnerabilities or weaknesses. 3.3 Network Segmentation and Segregation In IoT security, minimizing the potential impact of a compromised IoT device is crucial, and network segmentation and segregation play a vital role in achieving this goal. Network segmentation involves dividing the network into separate zones or segments, based on factors such as device type, functionality, or security requirements. The containment strategy helps minimize the impact of a security breach by isolating compromised devices and preventing lateral movement within the network. 3.4 Over-the-Air (OTA) Updates Software updates play a critical role in maintaining the integrity and security of IoT devices. IoT devices frequently require updates to address software bugs, patch vulnerabilities, or introduce new features. Over-the-Air (OTA) update mechanisms are being enhanced with robust security measures to ensure the secure delivery and installation of updates. Code signing is a prevalent practice where updates are digitally signed with cryptographic keys to verify the authenticity and integrity of the software. Secure boot is another important mechanism that establishes a chain of trust during the device boot-up process, ensuring that only authorized and tamper-free software is loaded onto the device. 3.5 Device Authentication and Authorization The increasing number of IoT devices poses a significant challenge in ensuring secure and trusted authentication and authorization. Two-factor authentication (2FA), for example, adds an extra layer of protection by requiring users or devices to provide two separate forms of authentication, such as a password and a unique code sent to a mobile device. Digital certificates, on the other hand, enable secure and trusted device authentication by leveraging public key infrastructure (PKI) technology. Each IoT device is issued a unique digital certificate, which serves as a digital identity, allowing for secure communication and verification of device authenticity. 3.6 Software-defined Networking (SDN) Security Securing Software-defined Networking (SDN) environments is paramount to protect IoT deployments. SDN offers centralized control and management of network resources, providing flexibility and scalability. This ensures that only authorized entities can access and make changes to the SDN infrastructure, preventing unauthorized access and configuration changes. Additionally, continuous traffic monitoring and analysis enable the detection of suspicious activities and potential security breaches. Encryption IoT standards and protocols should be employed to secure communication between the SDN controller, switches, and IoT devices, safeguarding data privacy and integrity. Network segmentation within the SDN environment helps limit the impact of security breaches, reducing the attack surface. 3.7 Identity and Access Management (IAM) Implementing IAM solutions, such as role-based access control (RBAC) and multi-factor authentication (MFA), within IoT networks significantly enhances network security. IAM ensures that only authorized individuals can access and interact with IoT devices and systems. RBAC enables administrators to assign specific access privileges based on user roles and responsibilities, reducing the risk of unauthorized access. Additionally, incorporating MFA adds an extra layer of security by requiring users to provide multiple forms of authentication, such as a password and a unique token or biometric verification. This significantly reduces the risk of unauthorized access even if a user's credentials are compromised. 4. Conclusion The technologies discussed in this article play a crucial role in enhancing IoT network security and resilience. By leveraging these technologies, organizations can mitigate the risks associated with IoT deployments, protect against cyber threats, and ensure the reliability and continuity of their IoT networks. As the IoT landscape evolves, staying up-to-date with these top technologies will be essential for organizations to maintain a robust and secure IoT infrastructure. The transformative landscape of Industry 4.0 demands strong network security in IoT environments. The top technologies discussed in this article empower organizations to enhance network resilience, protect against cyber threats, and ensure the uninterrupted functioning of IoT networks. Embracing these technologies and staying ahead of emerging threats, helps organizations build a secure foundation for their IoT deployments and capitalize on the vast opportunities offered by the IoT ecosystem.

Read More
Industrial IoT, IoT Security

The IoT Smarthome Battlefield: A Jointly Endorsed IoT Standard for the Home Area Network

Article | July 11, 2023

Google announced that together with Amazon and Apple (the big 3 smart home players) they will work on the adoption of a joint wireless IoT standard for the smart home. This new connectivity standard is designed to make it easier for smart home products to work with each other.In the statement, Google said they were “joining Amazon, Apple and others to create Connected Home over IP, a new independent working group managed by the Zigbee Alliance (separate from the existing Zigbee 3.0/Pro protocol). We’re contributing two of our market-tested and open-source smart home technologies, Weave and Thread. Both are built on IP and have been integrated into millions of homes around the world.”

Read More
Industrial IoT, IoT Security

Smart Home Technologies: Zigbee, Z-Wave, Thread, and Dotdot

Article | July 12, 2023

If you own smart home products like SmartThings or Nest, you may be familiar with some of the technologies behind them. Network protocols like Zigbee and Z-Wave dominate the industry, while Thread, a younger network standard, is gaining headway as a strong contender in the battle for market share. Although this may seem like your typical rivalry between industry leaders, the competitive landscape is more complicated than selecting one over another.

Read More

12 Industrial IoT Companies You Should Know

Article | February 10, 2020

As the industrial IoT market continues to expand at rapid rates, companies across the world are reaping the benefits. Utilizing this growing network of tools and systems, businesses have been able to prevent costly downtime, decrease product development costs, enhance customer engagement and satisfaction and acquire and implement intelligent data for strategic planning purposes.The potential benefits are seemingly endless, and the list of organizations that are embracing this industrial revolution is continuing to grow, so let’s highlight some of the main IIoT companies you need to know for a number of the most common IIoT use cases.

Read More

Spotlight

GoDaddy

GoDaddy helps the world easily start, confidently grow, and successfully run an online presence. GoDaddy was born to give people an easy, affordable way to get their ideas online. Today, we have millions of customers around the world, but our goal hasn't changed. We’re here to help people easily start, confidently grow and successfully run their own ventures - online and off.

Related News

Software and Tools

ATEL® Unveils the WB550 Apex by ATEL™: The Ultimate 5G Indoor Router with Unmatched Connectivity, Security, and Value

PR Newswire | October 25, 2023

ATEL®, a leader in telecommunications technology, is excited to announce the launch of its latest innovation, the WB550 Apex by ATEL™ 5G Indoor Router. Designed to meet the most demanding Internet connectivity needs, the WB550 Apex by ATEL™ offers unparalleled data speeds, robust security features, and the power to connect up to 32 users. As more of our lives shift to the cloud, having a real-time connection to the Internet is no longer an option, explains Terence "TC" Caston VP of Product Marketing: "Our businesses and homes rely on low-latency applications that perform best with networks that have the power to support them. ATEL® has ensured the network's edge devices have the power to deliver!" The WB-550 FWA (Fixed Wireless Access) device gives your business or home the reliability and power to connect to the things that move you. Key highlights of the WB-550 include: Support for NSA or SA 5G networks C-Band 5G and LTE Cat-19 fallback for lightning-fast speeds in areas without 5G Connections for up to 32 devices on its powerful Wi-Fi 6 network For managing your deployment of devices, ATEL® has also included its premiere device remote management solution called ATRACS™. Our remote management portal has been designed to bring the best-of-breed features to every ATEL® device we launch with two years of free service! About ATEL Asiatelco Technologies Co. (ATEL®) was established in 2003. Since its inception, ATEL® has been growing steadily with its sales covering more than 50 countries. ATEL's business model is JDM/ODM for serving wireless operators and branded customers. With 20 years of accumulated experience, ATEL® has built a strong, effective, and efficient team in R&D and manufacturing. Customers can always rely on the ATEL® team's performance. Quality, flexibility, on-time delivery and lower cost, are just some of the key factors of success at ATEL® and the key to customer satisfaction. ATEL-USA was established in 2017, with its headquarters in Newport Beach, California. We have invested in the industry's top talent for hardware, software, marketing, quality, and operations. This has allowed us to continue the transition from a 3rd Party ODM to a full-service OEM supplier of quality wireless products. Our products include FWA (Fixed Wireless Access), POTs replacement devices, mobile broadband routers, hot spots, home phone connect, OBD, CPE, IoT, safety devices, and smart devices for the US market. A strong, effective, and efficient R&D team, along with the manufacturing team, has positioned ATEL-USA to enter into the OEM space.

Read More

IoT Security

SecurityGen expands in Middle East, Aligns with Digital Growth

SecurityGen | October 12, 2023

Cybersecurity provider SecurityGen is expanding its operations in the Middle East to support the region's accelerated growth of 5G and digital transformation initiatives. With the rapid growth of 5G and initiatives like Saudi Vision 2030, there is a significant need for secure high-speed broadband networks in the Middle East. Cities in the region are utilizing 5G for IoT-based applications like 'Smart City' initiatives, and operators need to ensure network security to capitalize on these opportunities. 5G is expanding quicker than any other mobile generation in history. However, this increases the risk of cyberattacks against operators and their consumers. By 2025, there will be approximately 50 million 5G connections in the MENA region, with approximately 20 million in the GCC Arab States. By 2025, the GCC Arab States will be marginally ahead of the global average in terms of 5G adoption, with 16 percent (5G as a percentage of total mobile connections) versus 15 percent globally. Amit Nath, Co-founder and CEO at SecurityGen, stated, The Middle East represents potential for significant growth in 5G over the next few years. As the region expands culturally and economically via digital transformation projects along with ambitious initiatives like Saudi Arabia's Saudi Vision 2030, the spotlight is on the telecom operators and how they deliver secure high-speed broadband to communities in the areas beyond the reach of wireline networks. [Source: Cision PR Newswire] SecurityGen will bolster its presence in the Middle East by enhancing its delivery capabilities and senior leadership. This expansion aims to cater to the growing adoption of 5G and IoT-based projects in the region, helping telecom operators secure their networks from cyber threats. SecurityGen's new Managing Director for the Middle East & Africa, Imad Ayad, with over 20 years of experience in telecom and tech, will drive growth and strengthen partnerships with operators and enterprises in the region. Nath added that their appointment of Imad Ayad as the new Managing Director for Middle East & Africa at SecurityGen aimed to facilitate further growth throughout the region. Ayad possesses more than two decades of experience in leading roles within the telecommunications and technology sectors, including significant positions at Nokia, Alfa Telecommunications, Enghouse Networks, and Tranglo. Nath also emphasized that Ayad's specialized background in Value-Added Services (VAS) and SMS security, combined with SecurityGen's extensive expertise and established security solutions, positioned them as an ideal partner for operators expanding their 5G operations in the region, with a primary focus on cybersecurity. About SecurityGen SecurityGen, established in 2022, is a worldwide entity with a dedicated focus on telecommunications security. Their mission revolves around establishing a strong security framework to facilitate secure telecom digital transformations and guarantee the safety and resilience of network operations. The organization's comprehensive range of products and services is strategically designed to offer an all-encompassing defense against both established and cutting-edge telecom security threats.

Read More

IoT Security

8 Vulnerabilities in OAS Platform for IoT Data, Detected by Cisco

Cisco | September 14, 2023

Cisco disclosed eight vulnerabilities in the OAS platform’s engine configuration management functionality. Three of the eight detected vulnerabilities were rated as high-severity. The issues detected in OAS platform v18.00.0072 were addressed and, v19 was released. Cisco's Talos security researchers have identified eight vulnerabilities in the Open Automation Software (OAS) Platform that can be exploited to bypass authentication, disclose sensitive information, and overwrite files. The OAS Platform is commonly used to facilitate communication and data transfer between servers, industrial control systems (ICS), IoT devices, and other hardware in industrial and enterprise settings. The OAS Platform is widely deployed in industrial operations, enterprise environments, and cross-platform integrations. It plays a crucial role in facilitating communication and data exchange across various devices and systems, facilitating logging and notifications. The vulnerabilities pose a significant security risk, especially in environments where the OAS Platform is used for critical industrial and enterprise operations. Unauthorized access and data breaches can lead to operational disruptions and potentially compromise sensitive information. Among the eight vulnerabilities, three are rated as high-severity. Cisco's Talos security researchers were responsible for discovering and disclosing these vulnerabilities. The most critical issues are CVE-2023-31242 and CVE-2023-34998, both of which are authentication bypass flaws. CVE-2023-31242 can be triggered through a sequence of requests, while CVE-2023-34998 can be exploited by sniffing network traffic. The identified vulnerabilities in the OAS Platform mainly revolve around authentication bypass, information disclosure, and file manipulation. Attackers could leverage these weaknesses to create new users, gain unauthorized access, decrypt sensitive information, and perform arbitrary file and directory actions. These vulnerabilities essentially allow attackers to gain unauthorized access to the system by loading and saving configurations to a disk and installing them on other devices. The issues were identified in OAS Platform version 18 and have been addressed in the subsequent release, version 19.00.0000, highlighting the importance of keeping software up-to-date to mitigate security risks. These issues stem from the fact that when the OAS engine is deployed, by default, no admin user is defined and no authentication is required to access functionality such as new user creation. Even if an admin user is created, the configuration must be stored prior to restarting the engine, or it will revert to its default state. An attacker can create a new user, save the changes, and thus gain access to the underlying system. Also, the vulnerability enables an attacker to acquire a protobuf containing valid admin credentials and construct their own requests. The perpetrator could then again obtain access to the underlying system by utilizing the user creation and saving functionality. Cisco warns that these authentication bypass flaws could be combined with CVE-2023-34317, an improper input validation flaw in the user creation functionality, to gain access to the underlying system by adding ‘a user with the username field containing an SSH key.’ CVE-2023-34353 is another high-severity authentication bypass that allows an attacker to perform network snooping to acquire the protobuf containing admin credentials and then decrypt sensitive information. While two of the remaining vulnerabilities could result in information disclosure, the other two could be exploited to create or overwrite arbitrary files and create arbitrary directories.

Read More

Software and Tools

ATEL® Unveils the WB550 Apex by ATEL™: The Ultimate 5G Indoor Router with Unmatched Connectivity, Security, and Value

PR Newswire | October 25, 2023

ATEL®, a leader in telecommunications technology, is excited to announce the launch of its latest innovation, the WB550 Apex by ATEL™ 5G Indoor Router. Designed to meet the most demanding Internet connectivity needs, the WB550 Apex by ATEL™ offers unparalleled data speeds, robust security features, and the power to connect up to 32 users. As more of our lives shift to the cloud, having a real-time connection to the Internet is no longer an option, explains Terence "TC" Caston VP of Product Marketing: "Our businesses and homes rely on low-latency applications that perform best with networks that have the power to support them. ATEL® has ensured the network's edge devices have the power to deliver!" The WB-550 FWA (Fixed Wireless Access) device gives your business or home the reliability and power to connect to the things that move you. Key highlights of the WB-550 include: Support for NSA or SA 5G networks C-Band 5G and LTE Cat-19 fallback for lightning-fast speeds in areas without 5G Connections for up to 32 devices on its powerful Wi-Fi 6 network For managing your deployment of devices, ATEL® has also included its premiere device remote management solution called ATRACS™. Our remote management portal has been designed to bring the best-of-breed features to every ATEL® device we launch with two years of free service! About ATEL Asiatelco Technologies Co. (ATEL®) was established in 2003. Since its inception, ATEL® has been growing steadily with its sales covering more than 50 countries. ATEL's business model is JDM/ODM for serving wireless operators and branded customers. With 20 years of accumulated experience, ATEL® has built a strong, effective, and efficient team in R&D and manufacturing. Customers can always rely on the ATEL® team's performance. Quality, flexibility, on-time delivery and lower cost, are just some of the key factors of success at ATEL® and the key to customer satisfaction. ATEL-USA was established in 2017, with its headquarters in Newport Beach, California. We have invested in the industry's top talent for hardware, software, marketing, quality, and operations. This has allowed us to continue the transition from a 3rd Party ODM to a full-service OEM supplier of quality wireless products. Our products include FWA (Fixed Wireless Access), POTs replacement devices, mobile broadband routers, hot spots, home phone connect, OBD, CPE, IoT, safety devices, and smart devices for the US market. A strong, effective, and efficient R&D team, along with the manufacturing team, has positioned ATEL-USA to enter into the OEM space.

Read More

IoT Security

SecurityGen expands in Middle East, Aligns with Digital Growth

SecurityGen | October 12, 2023

Cybersecurity provider SecurityGen is expanding its operations in the Middle East to support the region's accelerated growth of 5G and digital transformation initiatives. With the rapid growth of 5G and initiatives like Saudi Vision 2030, there is a significant need for secure high-speed broadband networks in the Middle East. Cities in the region are utilizing 5G for IoT-based applications like 'Smart City' initiatives, and operators need to ensure network security to capitalize on these opportunities. 5G is expanding quicker than any other mobile generation in history. However, this increases the risk of cyberattacks against operators and their consumers. By 2025, there will be approximately 50 million 5G connections in the MENA region, with approximately 20 million in the GCC Arab States. By 2025, the GCC Arab States will be marginally ahead of the global average in terms of 5G adoption, with 16 percent (5G as a percentage of total mobile connections) versus 15 percent globally. Amit Nath, Co-founder and CEO at SecurityGen, stated, The Middle East represents potential for significant growth in 5G over the next few years. As the region expands culturally and economically via digital transformation projects along with ambitious initiatives like Saudi Arabia's Saudi Vision 2030, the spotlight is on the telecom operators and how they deliver secure high-speed broadband to communities in the areas beyond the reach of wireline networks. [Source: Cision PR Newswire] SecurityGen will bolster its presence in the Middle East by enhancing its delivery capabilities and senior leadership. This expansion aims to cater to the growing adoption of 5G and IoT-based projects in the region, helping telecom operators secure their networks from cyber threats. SecurityGen's new Managing Director for the Middle East & Africa, Imad Ayad, with over 20 years of experience in telecom and tech, will drive growth and strengthen partnerships with operators and enterprises in the region. Nath added that their appointment of Imad Ayad as the new Managing Director for Middle East & Africa at SecurityGen aimed to facilitate further growth throughout the region. Ayad possesses more than two decades of experience in leading roles within the telecommunications and technology sectors, including significant positions at Nokia, Alfa Telecommunications, Enghouse Networks, and Tranglo. Nath also emphasized that Ayad's specialized background in Value-Added Services (VAS) and SMS security, combined with SecurityGen's extensive expertise and established security solutions, positioned them as an ideal partner for operators expanding their 5G operations in the region, with a primary focus on cybersecurity. About SecurityGen SecurityGen, established in 2022, is a worldwide entity with a dedicated focus on telecommunications security. Their mission revolves around establishing a strong security framework to facilitate secure telecom digital transformations and guarantee the safety and resilience of network operations. The organization's comprehensive range of products and services is strategically designed to offer an all-encompassing defense against both established and cutting-edge telecom security threats.

Read More

IoT Security

8 Vulnerabilities in OAS Platform for IoT Data, Detected by Cisco

Cisco | September 14, 2023

Cisco disclosed eight vulnerabilities in the OAS platform’s engine configuration management functionality. Three of the eight detected vulnerabilities were rated as high-severity. The issues detected in OAS platform v18.00.0072 were addressed and, v19 was released. Cisco's Talos security researchers have identified eight vulnerabilities in the Open Automation Software (OAS) Platform that can be exploited to bypass authentication, disclose sensitive information, and overwrite files. The OAS Platform is commonly used to facilitate communication and data transfer between servers, industrial control systems (ICS), IoT devices, and other hardware in industrial and enterprise settings. The OAS Platform is widely deployed in industrial operations, enterprise environments, and cross-platform integrations. It plays a crucial role in facilitating communication and data exchange across various devices and systems, facilitating logging and notifications. The vulnerabilities pose a significant security risk, especially in environments where the OAS Platform is used for critical industrial and enterprise operations. Unauthorized access and data breaches can lead to operational disruptions and potentially compromise sensitive information. Among the eight vulnerabilities, three are rated as high-severity. Cisco's Talos security researchers were responsible for discovering and disclosing these vulnerabilities. The most critical issues are CVE-2023-31242 and CVE-2023-34998, both of which are authentication bypass flaws. CVE-2023-31242 can be triggered through a sequence of requests, while CVE-2023-34998 can be exploited by sniffing network traffic. The identified vulnerabilities in the OAS Platform mainly revolve around authentication bypass, information disclosure, and file manipulation. Attackers could leverage these weaknesses to create new users, gain unauthorized access, decrypt sensitive information, and perform arbitrary file and directory actions. These vulnerabilities essentially allow attackers to gain unauthorized access to the system by loading and saving configurations to a disk and installing them on other devices. The issues were identified in OAS Platform version 18 and have been addressed in the subsequent release, version 19.00.0000, highlighting the importance of keeping software up-to-date to mitigate security risks. These issues stem from the fact that when the OAS engine is deployed, by default, no admin user is defined and no authentication is required to access functionality such as new user creation. Even if an admin user is created, the configuration must be stored prior to restarting the engine, or it will revert to its default state. An attacker can create a new user, save the changes, and thus gain access to the underlying system. Also, the vulnerability enables an attacker to acquire a protobuf containing valid admin credentials and construct their own requests. The perpetrator could then again obtain access to the underlying system by utilizing the user creation and saving functionality. Cisco warns that these authentication bypass flaws could be combined with CVE-2023-34317, an improper input validation flaw in the user creation functionality, to gain access to the underlying system by adding ‘a user with the username field containing an SSH key.’ CVE-2023-34353 is another high-severity authentication bypass that allows an attacker to perform network snooping to acquire the protobuf containing admin credentials and then decrypt sensitive information. While two of the remaining vulnerabilities could result in information disclosure, the other two could be exploited to create or overwrite arbitrary files and create arbitrary directories.

Read More

Events