Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/9/2018
01:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Myths About IoT Security

Here are common misconceptions about securing these devices - and tips for locking them down.
Previous
1 of 7
Next

There's every reason to be concerned about the potential of an IoT system, sensor, or device being hacked in the enterprise or a user's home office.

These devices regularly are exposed for their vulnerabilities, and most are not built with security in mind. An attack via an IoT device can blindside an organization: Take the hotel in Las Vegas last year that lost data when a hacker made his way on to the network through a high-tech fish tank.

Over time, just about every household appliance and piece of office equipment will have an IP address, which means it will be potentially open to hackers.

Forrester's Merritt Maxim says 92% of global technology decision-makers with more than 1,000 employees say they have security policies in place for their firm's use of IoT devices and solutions. However, only 47% consider their security tools sufficient. A full 34% consider their security tools insufficient and another 10% say they do not have security tools to enforce their IoT security policies.

"I think the biggest misconception people have is that these type of hacks could not happen in real life," Maxim says. "People don’t think that their refrigerator, car, or office will be hacked, but the threat is real and the likelihood is that these threats will only increase."

Imposing though the threat has become, Suneil Sastri, director of product and content marketing at SOTI, adds that there are steps IT staffs can take to mitigate the threat.

"People need to understand that there are solutions," Sastri says. "IT people and consumers can change passwords, encrypt devices, and remotely patch devices. What we're concerned about is that people won't move forward with IoT because they are worried about security."

Jeff Wilbur, director of the Online Trust Alliance, says the good news is that some IoT vendors are fixing exposed vulnerabilities in their products, such as Fitbit, LG's Smart ThinQ dishwashers, and Samsung SmartThings. 

Here are some common myths about securing IoT devices and systems.

 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's the latest version of antivirus.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13775
PUBLISHED: 2020-06-02
ZNC before 1.8.1-rc1 allows attackers to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
CVE-2020-12607
PUBLISHED: 2020-06-02
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a us...
CVE-2020-13764
PUBLISHED: 2020-06-02
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.
CVE-2020-13760
PUBLISHED: 2020-06-02
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
CVE-2020-13761
PUBLISHED: 2020-06-02
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.