Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/21/2016
10:00 AM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

7 Imminent IoT Threats

Attacks against smart home products, medical devices, SCADA systems, and other newly network-enabled systems signal the beginning of a new wave of attacks against the IoT.
Previous
1 of 8
Next

Image Source: chombosan via Shutterstock

Image Source: chombosan via Shutterstock

Recent distributed denial-of-service (DDoS) attacks involving the use of thousands of compromised digital video recorders and IP cameras have highlighted the looming security threat posed by the Internet of Things (IoT).

Analyst firm Juniper Research estimates that between now and the end of 2020, the number of "things" connected to the Internet will grow from 13.5 billion to 38.5 billion units, an increase of over 285%.

Home appliances such as smart fridges, TVs, entertainment systems, security cameras, and smart heating and lighting systems will account for a lot of the growth. But a majority of it will come from the industrial and public sector in the form of network-enabled devices embedded in smart buildings, farm equipment, the utility grid, and other areas, according to Jupiter.

Security researchers worry that as more things get connected to the Internet, adversaries will have an almost infinitely larger surface from which to launch new types of attacks.

That’s because devices that are becoming part of the IoT have few security protections against network-borne threats and are often easy to exploit. For the moment at least, there are no standards prescribing security requirements for IoT devices, especially in the consumer space.

"Internet-connected devices are being churned out of factories and infected by malware or malicious code at an alarming rate,” says Jose Nazario, director of security research at content distribution network, Fastly.

IoT devices offer bandwidth and CPU resources at virtually no cost to the attacker. Over the next few years, "as non-secure IoT devices amass, cybercriminals will have much greater resources available to launch new attacks more rapidly and at larger scale," he predicts.

In the past few years, researchers have demonstrated various proof-of-concept attacks against everything from network-connected baby monitors to connected cars. The demonstrations have shown how attackers can exploit poorly protected IoT devices to cause physical damage, to spy on people, and to launch massive denial of service attacks.

The following is a list of IoT devices in no particular order that have either already been exploited by attackers, have been demonstrated to be vulnerable, or are the most likely candidates for future attacks.

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32716
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-U...
CVE-2021-32717
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibilit...
CVE-2021-32712
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
CVE-2021-32713
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
CVE-2021-32710
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions o...