Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/21/2016
10:00 AM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

7 Imminent IoT Threats

Attacks against smart home products, medical devices, SCADA systems, and other newly network-enabled systems signal the beginning of a new wave of attacks against the IoT.
4 of 8

Smart Fridges/Smart Home Products

In January 2014, a researcher at security vendor Proofpoint who was analyzing spam and other e-mail borne threats discovered at least one Internet-connected refrigerator being used to relay spam.

The incident was the first to offer proof of what analysts have for some time been stressing: the startling vulnerability of many network-enabled devices being installed in homes these days such as smart fridges, TVs, digital assistants, and smart heating and lighting systems.

'Refrigerators, personal assistants, and TVs have enough processing power to be used in botnets or to be used as access points to the rest of the network,' says Lamar Bailey, senior director of security research and development at Tripwire, which has broken into many such devices in proof-of-concept attacks.

Such devices pose a threat in the enterprise context as well, says Pedro Abreu, chief of strategy at ForeScout Technologies. For example, a connected fridge in an office break room could provide an unexpected gateway to systems containing corporate data.

'This isn't about hacking the fridge, it's about hacking through it to gain network access,' Abreu says. 'Since the connected fridge is on the corporate network, which also connects to enterprise apps, it can be leveraged and exploited by hackers to gain valuable corporate and customer data,' he says.

'We are most concerned with the 'unusual suspects' - those devices that seemingly pose no security risk on the surface, but when you look closely, are dangerously vulnerable.'

Image Source: Chesky via Shutterstock

Smart Fridges/Smart Home Products

In January 2014, a researcher at security vendor Proofpoint who was analyzing spam and other e-mail borne threats discovered at least one Internet-connected refrigerator being used to relay spam.

The incident was the first to offer proof of what analysts have for some time been stressing: the startling vulnerability of many network-enabled devices being installed in homes these days such as smart fridges, TVs, digital assistants, and smart heating and lighting systems.

"Refrigerators, personal assistants, and TVs have enough processing power to be used in botnets or to be used as access points to the rest of the network," says Lamar Bailey, senior director of security research and development at Tripwire, which has broken into many such devices in proof-of-concept attacks.

Such devices pose a threat in the enterprise context as well, says Pedro Abreu, chief of strategy at ForeScout Technologies. For example, a connected fridge in an office break room could provide an unexpected gateway to systems containing corporate data.

"This isnt about hacking the fridge, it's about hacking through it to gain network access," Abreu says. "Since the connected fridge is on the corporate network, which also connects to enterprise apps, it can be leveraged and exploited by hackers to gain valuable corporate and customer data," he says.

We are most concerned with the unusual suspects those devices that seemingly pose no security risk on the surface, but when you look closely, are dangerously vulnerable.

Image Source: Chesky via Shutterstock

4 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26476
PUBLISHED: 2021-03-01
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
CVE-2021-26702
PUBLISHED: 2021-03-01
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
CVE-2021-26703
PUBLISHED: 2021-03-01
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
CVE-2021-26704
PUBLISHED: 2021-03-01
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.
CVE-2021-27876
PUBLISHED: 2021-03-01
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain ...