Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
4 Hurdles To Securing The Internet Of Things
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/10/2014 | 6:14:15 PM
Re: Add # 5: IoT rarely reboot so miss boot checks
Good ones. Thanks for providing the examples. 
Some Guy
50%
50%
Some Guy,
User Rank: Moderator
9/6/2014 | 1:01:48 AM
Re: Add # 5: IoT rarely reboot so miss boot checks
e.g., when was the last time you rebooted your settop box? WiFi router? NEST? iPhone?
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/5/2014 | 4:36:16 PM
Re: Add # 5: IoT rarely reboot so miss boot checks
I hadn't thought of that one, @SomeGuy. Thanks! Any particular devices you'd use as an example here that illustrate this? 
Some Guy
100%
0%
Some Guy,
User Rank: Moderator
9/5/2014 | 4:26:43 PM
Add # 5: IoT rarely reboot so miss boot checks
To your list I'd add a 5th one. Embedded real-time systems rarely reboot, so a lot of the fundamental underpinnings of cybersecurity that are checked at boot time (e.g., measured boot) don't happen often enough (if at all). If you solve 1-4 without solving this, you are building on quicksand. Maybe it should be # 0.
Sara Peters
100%
0%
Sara Peters,
User Rank: Author
9/5/2014 | 11:41:58 AM
Re: all as bad as the rest
@Kelly  Well I suppose they have to start with taking some responsibility before any of the other challenges are overcome. I wonder if the manufacturers of IoT products will start using more off-the-shelf software. Maybe that would start to make a dent in the patch management problem. 

Sigh. We're going to be talking abnout this for a long time.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/5/2014 | 11:05:03 AM
Re: all as bad as the rest
There are other issues, too, but these were the top of mind ones security experts flagged.

I think the overarching one is the taking responsibility/ownership.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
9/5/2014 | 11:00:22 AM
all as bad as the rest
Wow. I'm sitting here trying to decide which of these problems is the worst, and I can't decide because they're all dreadful. The next question I guess is which one is most likely to be overcome soonest... and I'm not sure about that either. Anyone else?


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.