Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
8/21/2018
09:00 AM
100%
0%

7 Serious IoT Vulnerabilities

A growing number of employees have various IoT devices in their homes - where they're also connecting to an enterprise network to do their work. And that means significant threats loom.
Previous
1 of 8
Next

The security of Internet of Things (IoT) devices, especially those intended for consumer use, tends to fall on a spectrum between "serious concern" and "industry joke." Yet the fact is that a growing number of employees have various IoT devices in their homes — where they also could be connecting to an enterprise network to do their work. And that means significant threats loom, both to and through the IoT.

Some threats attack the unique nature of IoT devices. Others take aim at the application ecosystem surrounding them. Still others are the result of configuration errors that stem from  user inexperience or system limitation. In any case, each threat can lead to loss of privacy, loss of control, or recruitment of the devices into a network controlled by someone other than the owner.

Industrial IoT devices are subject to the same ills. When considered alongside the IoT systems owned by employees, they represent a second major threat surface.

So how do you protect against this dual front of security risks? Each vulnerability has a particular remediation, but there's one overarching them: Treat IoT devices and systems like the computers they are. When the same expectations and discipline are applied to the IoT as to commercial computing systems, vulnerabilities begin to be closed.

Have you built an IoT system for a residence? How did you secure the devices? Are you dealing with IoT systems at your employees' homes? How much responsibility for security do you take? Share your thoughts in the comments, below.

(Image: metamorworks)

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
67%
33%
A96.uk,
User Rank: Apprentice
8/22/2018 | 2:44:30 AM
Securing IoT
We don't build IoT with software security anymore, unless we are stupid.

IoT gateways/hubs are the only part that talk to the Internet via TCP/UDP/IP normally with MQTT over HTTPS.

Not only do we use Internet security poor models but also hardware security in the form of SAML11 & Atmel 508a/608a. These chipsets allow public key cryptography in hardware.

We would IDIOT's design a IoT system with poor software security like LoRaWAN.

This system can be cloned on TTN. It uses fixed symmetric keys for each device that they need to store inb a database. IDIOT's designed it.

For education please read up on FIDO/FIOD2 for U2F security tokens for humans also.

Security has been solved, time to hand the keys to the machine.

 

https://www.switchedonscotland.com/

https://a96.uk/

 

 

WAKE UP SHEEP

 
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21196
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21197
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.