Attacks/Breaches

4/9/2018
01:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Myths About IoT Security

Here are common misconceptions about securing these devices - and tips for locking them down.
Previous
1 of 7
Next

Image Source: tulpahn via Shutterstock

Image Source: tulpahn via Shutterstock

There's every reason to be concerned about the potential of an IoT system, sensor, or device being hacked in the enterprise or a user's home office.

These devices regularly are exposed for their vulnerabilities, and most are not built with security in mind. An attack via an IoT device can blindside an organization: Take the hotel in Las Vegas last year that lost data when a hacker made his way on to the network through a high-tech fish tank.

Over time, just about every household appliance and piece of office equipment will have an IP address, which means it will be potentially open to hackers.

Forrester's Merritt Maxim says 92% of global technology decision-makers with more than 1,000 employees say they have security policies in place for their firm's use of IoT devices and solutions. However, only 47% consider their security tools sufficient. A full 34% consider their security tools insufficient and another 10% say they do not have security tools to enforce their IoT security policies.

"I think the biggest misconception people have is that these type of hacks could not happen in real life," Maxim says. "People don’t think that their refrigerator, car, or office will be hacked, but the threat is real and the likelihood is that these threats will only increase."

Imposing though the threat has become, Suneil Sastri, director of product and content marketing at SOTI, adds that there are steps IT staffs can take to mitigate the threat.

"People need to understand that there are solutions," Sastri says. "IT people and consumers can change passwords, encrypt devices, and remotely patch devices. What we're concerned about is that people won't move forward with IoT because they are worried about security."

Jeff Wilbur, director of the Online Trust Alliance, says the good news is that some IoT vendors are fixing exposed vulnerabilities in their products, such as Fitbit, LG's Smart ThinQ dishwashers, and Samsung SmartThings. 

Here are some common myths about securing IoT devices and systems.

 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11350
PUBLISHED: 2019-04-19
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
CVE-2019-11351
PUBLISHED: 2019-04-19
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
CVE-2019-2039
PUBLISHED: 2019-04-19
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1...
CVE-2019-2040
PUBLISHED: 2019-04-19
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Androi...
CVE-2019-2041
PUBLISHED: 2019-04-19
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Produc...