Attacks/Breaches

4/9/2018
01:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Myths About IoT Security

Here are common misconceptions about securing these devices - and tips for locking them down.
Previous
1 of 7
Next

Image Source: tulpahn via Shutterstock

Image Source: tulpahn via Shutterstock

There's every reason to be concerned about the potential of an IoT system, sensor, or device being hacked in the enterprise or a user's home office.

These devices regularly are exposed for their vulnerabilities, and most are not built with security in mind. An attack via an IoT device can blindside an organization: Take the hotel in Las Vegas last year that lost data when a hacker made his way on to the network through a high-tech fish tank.

Over time, just about every household appliance and piece of office equipment will have an IP address, which means it will be potentially open to hackers.

Forrester's Merritt Maxim says 92% of global technology decision-makers with more than 1,000 employees say they have security policies in place for their firm's use of IoT devices and solutions. However, only 47% consider their security tools sufficient. A full 34% consider their security tools insufficient and another 10% say they do not have security tools to enforce their IoT security policies.

"I think the biggest misconception people have is that these type of hacks could not happen in real life," Maxim says. "People don’t think that their refrigerator, car, or office will be hacked, but the threat is real and the likelihood is that these threats will only increase."

Imposing though the threat has become, Suneil Sastri, director of product and content marketing at SOTI, adds that there are steps IT staffs can take to mitigate the threat.

"People need to understand that there are solutions," Sastri says. "IT people and consumers can change passwords, encrypt devices, and remotely patch devices. What we're concerned about is that people won't move forward with IoT because they are worried about security."

Jeff Wilbur, director of the Online Trust Alliance, says the good news is that some IoT vendors are fixing exposed vulnerabilities in their products, such as Fitbit, LG's Smart ThinQ dishwashers, and Samsung SmartThings. 

Here are some common myths about securing IoT devices and systems.

 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff 3/12/2019
How the Best DevSecOps Teams Make Risk Visible to Developers
Ericka Chickowski, Contributing Writer, Dark Reading,  3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.