Insecurity in the Internet of Things

MARIO BALLANO BARCENA | March 1, 2016

article image
The Internet of Things (IoT) market has begun to take off. Consumers can buy connected versions of nearly every household appliance available. However, despite its increasing acceptance by consumers, recent studies of IoT devices seem to agree that “security” is not a word that gets associated with this category of devices, leaving consumers potentially exposed.

Spotlight

Kickstarter

Kickstarter aims to let creative people of all kinds — journalists, artists, musicians, game developers, entrepreneurs, bloggers — raise money for their projects by connecting directly with fans, who receive exclusive access and rewards in exchange for their patronage. More than just a fundraising app, Kickstarter's a publishing platform where project creators can communicate with the people that are supporting them.

OTHER ARTICLES

The Internet Of Things is all over HVACR. Is the value there yet?

Article | March 23, 2020

AHR Expo used to be mostly a “mechanical engineering” event, and even in 2017, when I first got there, there were just a few companies who mentioned IoT or connectivity at their stands. Only the most prominent players in the HVACR industry presented their IoT solutions. In my conversations with companies at that time, no one was taking IoT very seriously. And it’s understandable, there already were Modbus, BacNet – well-defined protocols to connect machines to a PC or PLCs to make them work in unison without any Clouds and external access.

Read More

Internet of Things (IoT): The Need for Vendors to Address Security

Article | March 23, 2020

By the end of this year there will be 5.8 billion Internet of Things (IoT) endpoints, according to Gartner. And depending on how IoT devices are counted the number is even higher. Statista, for example, estimates the device count for 2020 to be more than 30 billion. Security remains a big challenge for IoT as a strategy to be successful. IoT devices are still not being designed with security as a top priority.Mary O’Neill, VP of security at Nokia, noted in a press conference at MWC Los Angeles 2019 and reported by SDXCentral, that “if an IoT device today is plugged into the network and it doesn’t have protection on it, it’s infected in three minutes or less.”Jake Williams, founder of the security firm Rendition Infosec, said that “IoT vendors emphasize, often rightly, that their products improve quality of life, but they often neglect to disclose the risk of these devices to consumers. The onus of understanding how an IoT device might impact security should not be purely on the consumer. The vendor shares this responsibility.

Read More

Microsoft acquires ReFirm Labs to enhance IoT security

Article | March 23, 2020

Modern computing devices can be thought of as a collection of discrete microprocessors each with a dedicated function like high-speed networking, graphics, Disk I/O, AI, and everything in between. The emergence of the intelligent edge has accelerated the number of these cloud-connected devices that contain multiple specialized sub-processors each with its own firmware layer and often a custom operating system. Many vulnerability analysis and endpoint detection and response (EDR) tools find it challenging to monitor and protect devices at the firmware level, leading to an attractive security gap for attackers to exploit. At the same time, we have also seen growth in the number of attacks against firmware where sensitive information like credentials and encryption keys are stored in memory. A recent survey commissioned by Microsoft of 1,000 security decision-makers found that 83 percent had experienced some level of firmware security incident, but only 29 percent are allocating resources to protect that critical layer. And according to March 2021 data from the National Vulnerability Database included in a presentation from the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) at the 2021 RSA, difficult-to-patch firmware attacks are continuing to rise. Microsoft’s Azure Defender for IoT team (formerly CyberX) recently announced alongside the Department of Homeland Security a series of more than 25 critical severity vulnerabilities in IoT and OT devices

Read More

The IoT Smarthome Battlefield: A Jointly Endorsed IoT Standard for the Home Area Network

Article | March 23, 2020

Google announced that together with Amazon and Apple (the big 3 smart home players) they will work on the adoption of a joint wireless IoT standard for the smart home. This new connectivity standard is designed to make it easier for smart home products to work with each other.In the statement, Google said they were “joining Amazon, Apple and others to create Connected Home over IP, a new independent working group managed by the Zigbee Alliance (separate from the existing Zigbee 3.0/Pro protocol). We’re contributing two of our market-tested and open-source smart home technologies, Weave and Thread. Both are built on IP and have been integrated into millions of homes around the world.”

Read More

Spotlight

Kickstarter

Kickstarter aims to let creative people of all kinds — journalists, artists, musicians, game developers, entrepreneurs, bloggers — raise money for their projects by connecting directly with fans, who receive exclusive access and rewards in exchange for their patronage. More than just a fundraising app, Kickstarter's a publishing platform where project creators can communicate with the people that are supporting them.

Events