Comments
Majority of Consumers Believe IoT Needs Security Built In
Newest First  |  Oldest First  |  Threaded View
rwsmarine
50%
50%
rwsmarine,
User Rank: Apprentice
8/15/2017 | 3:23:54 PM
nomenclature
wht couldn't the nomenclature of the device be its temp password?  As soon as it comes online or booted the first time a mandatory password change is required.  Quick easy not great but at least its something.  Every device has a sn# to it and their all different
mikeroch
50%
50%
mikeroch,
User Rank: Apprentice
7/27/2017 | 11:40:39 AM
Re: Consumer vs manufacturers 192.168.1.1?
Absolutely agree with Dr. T, the responsibility should majorly be upon the manufacturer, it's simple, I buy some product of some brand, I trust them but due to their mistake I suffer the loss. So, even, knowing that it was good company, they failed to stand on it as they did wrong with the product. So, the 56% should be on the manufacturer side. So, IoT should be much cared by the manufacturer.
Nry2137
100%
0%
Nry2137,
User Rank: Apprentice
7/26/2017 | 12:29:05 PM
Re: Consumer vs manufacturer?
I believe the responsibility resides with both parties. However, in order to understand the responsibilities involved with security, I also believe that both parties, users specifically, need to be educated on their expected responsibilities. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/26/2017 | 10:40:54 AM
Consumer vs manufacturer?
 

"Overall, however, 56% believe it is the responsibility of both the consumer and manufacturer."

I think it should be manufacturer responsibility to secure the device, most customers would not even know how to use the device forget about the security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/26/2017 | 10:38:42 AM
IoT Security
If the device is doing more than one thing and connected to other devices security should be mandatory. If not and simply ringing the door bell and not connected to other things, why go so much trouble and make it expenses, basic security should be ok.


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.