Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/21/2016
10:00 AM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

7 Imminent IoT Threats

Attacks against smart home products, medical devices, SCADA systems, and other newly network-enabled systems signal the beginning of a new wave of attacks against the IoT.
8 of 8

Connected Cars

Like SCADA systems, not many people are likely to think of cars as being part of the IoT. But the reality is that modern cars feature numerous components that are network-accessible and exposed to network-borne threats.

Like many other IoT threats, there have been no publicly known instances where attackers have managed to exploit a poorly protected electronic component in a connected car to wreak damage. But security researchers have demonstrated multiple times just how real the threat is.

The most dramatic examples continue to be from security researchers Chris Valasek and Charlie Miller from Uber's Advanced Technology Center. Over the past two years the researchers have shown how they could exploit weaknesses in the controller area network of a Jeep Cherokee to gain remote control of the vehicle's accelerator, braking, and steering systems. The researchers have demonstrated proof-of-concept attacks on Toyota and Ford models as well.

Image Source: Syda Productions via Shutterstock

Connected Cars

Like SCADA systems, not many people are likely to think of cars as being part of the IoT. But the reality is that modern cars feature numerous components that are network-accessible and exposed to network-borne threats.

Like many other IoT threats, there have been no publicly known instances where attackers have managed to exploit a poorly protected electronic component in a connected car to wreak damage. But security researchers have demonstrated multiple times just how real the threat is.

The most dramatic examples continue to be from security researchers Chris Valasek and Charlie Miller from Ubers Advanced Technology Center. Over the past two years the researchers have shown how they could exploit weaknesses in the controller area network of a Jeep Cherokee to gain remote control of the vehicles accelerator, braking, and steering systems. The researchers have demonstrated proof-of-concept attacks on Toyota and Ford models as well.

Image Source: Syda Productions via Shutterstock

8 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27886
PUBLISHED: 2021-03-02
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
CVE-2016-8153
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8154
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8155
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8156
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.