Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
IoT Botnets by the Numbers
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 7:18:27 PM
Re: Frightening? Gets worse
@REISEN: I wouldn't put implanted medical devices in the same risk category as "smart" home appliances.  You have a couple of layers of added safeguard protection.

Your doctors and the device maker are responsible (in both senses of the word).  It's also probable that your device can't be reprogrammed remotely.  Interception and misuse of your device's sensor data is technically possible; but hard to imagine anyone wanting to.  Contact your doctor, if you need more reasons not to worry about it.  -- Wish you well.  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
2/5/2018 | 2:12:23 PM
Frightening? Gets worse
I am the owner of an internal defibulator (could be a pacemaker for arguments sake) and it has a wireless output to a small box in my kitchen to transmit data and box by phone to hospital.  Now I wonder about that? 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 11:53:57 AM
Re: Why is anybody surprised?
"...computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?"  In some ways IOT is worse - principally, in that compromise is less noticeable, until it's painfully obvious.  Even when attackers make no special effort to remain undetected, IoT device processing is generally not user interactive, and a hack doesn't have to be disruptive: "Ah! The fridge door located at this address hasn't been opened in 3 days; I bet they're out of town."
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
2/5/2018 | 10:40:09 AM
Why is anybody surprised?
The fault lies with the companies who have unleashed an immature technology upon the world in a rush to grub for more money.  Many regular computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
2/5/2018 | 9:23:43 AM
Don't want no IoT
It's hard to find appliances, cars, office equipment without IoT anymore.  And it's frightening.  I have a pretty old kitchen, so I'm not worred about it, but when things break down will anything I choose include IoT comms on it?  Will I have the choice of turning off any communication?  How will this affect self driving cars.  This really is could become very scary.

I agree with the 1st post.  We've reared of a generation of me, dependent, and spoiled.  Far in between there are golden nuggets, but they may not be easy to find.
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
1/31/2018 | 3:36:30 PM
Brought to justice?
"...three creators of Mirai come to justice..."  5 years and $250k fines are a lot for people that didn't kill anyone; but trivial compared to the economic damage they  caused.  I hope we all realize that economic damage can severely damage lives - even fataly. 

"...developed Mirai in their dorm room."  That highlights the culture component of the problem.  Solutions there will be difficult and generational. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-46547
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46548
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46549
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46550
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46553
PUBLISHED: 2022-01-27
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).