Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Everybody loves a good Web user interface. For IoT applications, they make controlling features and functions, setting up devices, and integrating devices into systems faster and easier tasks than they might otherwise be. The trouble is, they often bring to criminals the same ease of use.
The problems that vex IoT Web interfaces are, in most ways, the same problems that have plagued enterprise Web applications. While SQL injection is somewhat less of an issue in IoT applications, command injection, cross-site scripting, and cross-site request forgery are all programming flaws that can hand criminals ready access to devices and complete systems for controlling, monitoring, and accessing real-world operations.
Fortunately, the remedies for most of the Web UI security issues are the same as what has been preached to Web developers for years: Validate input, require strong passwords (and don't allow the default password to be used beyond the first stages of initial setup), don't expose credentials, limit password retry attempts, and make sure that password and user name recovery routines are robust. As Sam sang in Casablanca, "The fundamental things apply … "
(Image: Breitformat VIA SHUTTERSTOCK)
Latest Comment: This comment is waiting for review by our moderators.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
