Comments
IoT Botnets by the Numbers
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 7:18:27 PM
Re: Frightening? Gets worse
@REISEN: I wouldn't put implanted medical devices in the same risk category as "smart" home appliances.  You have a couple of layers of added safeguard protection.

Your doctors and the device maker are responsible (in both senses of the word).  It's also probable that your device can't be reprogrammed remotely.  Interception and misuse of your device's sensor data is technically possible; but hard to imagine anyone wanting to.  Contact your doctor, if you need more reasons not to worry about it.  -- Wish you well.  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
2/5/2018 | 2:12:23 PM
Frightening? Gets worse
I am the owner of an internal defibulator (could be a pacemaker for arguments sake) and it has a wireless output to a small box in my kitchen to transmit data and box by phone to hospital.  Now I wonder about that? 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 11:53:57 AM
Re: Why is anybody surprised?
"...computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?"  In some ways IOT is worse - principally, in that compromise is less noticeable, until it's painfully obvious.  Even when attackers make no special effort to remain undetected, IoT device processing is generally not user interactive, and a hack doesn't have to be disruptive: "Ah! The fridge door located at this address hasn't been opened in 3 days; I bet they're out of town."
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
2/5/2018 | 10:40:09 AM
Why is anybody surprised?
The fault lies with the companies who have unleashed an immature technology upon the world in a rush to grub for more money.  Many regular computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
2/5/2018 | 9:23:43 AM
Don't want no IoT
It's hard to find appliances, cars, office equipment without IoT anymore.  And it's frightening.  I have a pretty old kitchen, so I'm not worred about it, but when things break down will anything I choose include IoT comms on it?  Will I have the choice of turning off any communication?  How will this affect self driving cars.  This really is could become very scary.

I agree with the 1st post.  We've reared of a generation of me, dependent, and spoiled.  Far in between there are golden nuggets, but they may not be easy to find.
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
1/31/2018 | 3:36:30 PM
Brought to justice?
"...three creators of Mirai come to justice..."  5 years and $250k fines are a lot for people that didn't kill anyone; but trivial compared to the economic damage they  caused.  I hope we all realize that economic damage can severely damage lives - even fataly. 

"...developed Mirai in their dorm room."  That highlights the culture component of the problem.  Solutions there will be difficult and generational. 


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9541
PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...
CVE-2018-9542
PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 ...
CVE-2018-9543
PUBLISHED: 2018-11-14
In f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. ...
CVE-2018-9544
PUBLISHED: 2018-11-14
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: A...
CVE-2018-9545
PUBLISHED: 2018-11-14
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Androi...