Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Future Shock: The Internet of Compromised Things
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
SteveC227
SteveC227,
 User Rank: Apprentice
1/23/2014 | 2:16:48 PM
Dangerous appliances
I have long suspected my toaster of plotting against me. Sometimes it fails to make the toast pop up in the hopes that I will stick a fork in the slot and get electrocuted. These days you have to work hard to keep one step ahead of your electrical appliances. I have never worried about my refrigerator, however. But now I am going to monitor it more carefully. Thank your for alerting us all to these threats.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/23/2014 | 4:30:41 PM
Re: Dangerous appliances
Sounds like an idea for a sequel to Disney's classic, The Brave Little Toaster. 

 

 
Shane M. O'Neill
Shane M. O'Neill,
 User Rank: Apprentice
1/23/2014 | 4:54:35 PM
Re: Dangerous appliances
I don't think the Internet of Things movement will play out for consumers for awhile. Seems more of an enterprise/manufacturing/supply chain technology for the time being. But when it does eventually come to kitchens and living rooms, will we rely on Symantec, McAfee and Kaspersky to provide protection software for our refrigerators like we do for PCs? The use of third-party anti-virus software in IoT home situations didn't come up in the article so I was curious.
cbabcock
cbabcock,
 User Rank: Apprentice
1/23/2014 | 5:27:57 PM
Hacker: Good afernoon, sir, is your house empty now?
In addition to fearing that hackers will learn my milk is out of date, I would hate for intruders to snoop on our local area network to learn, for marketing purposes or worse, what my family's habits were or when the house was empty. If all the home appliances were on a household network, a great deal of information would become available to hackers, the public utility, the appliance dealership. Martin Lee is right. We don't quite realize what we're getting into here.   
seppleyt5j01
seppleyt5j01,
 User Rank: Apprentice
1/23/2014 | 5:47:59 PM
Compimise your services?
Let's suppose for a moment that you live in Phoenix. It's July and  109 degrees outside. As a purveyor of ransomeware, I would shut off your refrigerator and air conditioning. I would only require that you pay me $100 in order to restore their services...
MartinL923
MartinL923,
 User Rank: Apprentice
1/24/2014 | 4:47:48 AM
Re: Dangerous appliances
Quite right! My toaster burnt my toast this morning, probably out of spite. However, my current toaster is entirely mechanical. As the price of computing power keeps dropping computers are finding their way into even the smallest device. Experience tells us that where you have software, you have bugs which can frequently be exploited. Lurking in a cupboard I have a mechanical telephone, its laughable to imagine that this device could contain malware, yet I now have a smart phone on which I can install all sorts of dubious software if I so wish, or if I don't pay attention. With the current pace of technology, I'll be willing to bet that within a few years there will be a smart-toaster in every kitchen.

Martin
MartinL923
MartinL923,
 User Rank: Apprentice
1/24/2014 | 4:58:00 AM
Re: Compimise your services?
seppleyt5j01: Exactly, I see this as the biggest risk. We've already seen attackers seeking to distract security teams within the financial services industry by launching a denial of service attack just before attempting to compromise high value systems. Taking malicious control of environmental control systems would be a very effective mechanism of causing disruption to a security team or business.

I hadn't thought of a ransomware style attack on environmental control, but a lack of heating at this time of year, or the a/c set to full heat in the middle of summer would no doubt lead many people to reach for their credit card to pay off their attackers.
MartinL923
MartinL923,
 User Rank: Apprentice
1/24/2014 | 5:33:39 AM
Re: Hacker: Good afernoon, sir, is your house empty now?
cbabcok: Like most things in security its a trade off. I don't doubt that there will be many advantages to the Internet of Things. Anything that can help us better manage our limited resources, allow us to do more with less, or even just make less demands on my free time has to be a good thing. Nevertheless, there will be risks. If we can prepare for those risks now and think about how we can manage them, then we can maximise our benefits while minimising any downsides.
MartinL923
MartinL923,
 User Rank: Apprentice
1/24/2014 | 5:44:36 AM
Re: Dangerous appliances
Shane: I think a slightly different approach is needed to detect malicious code running within embedded devices. Anti-virus is very good a detecting known bad code, and allowing the vast numbers of 'good' software that you could install on a desktop device to run unimpeeded.

An embedded device should only ever run one programme and contain no other software apart from updates. So we would need to establish that only authorised software can run on the device, and that any instructions received by the processor (or any sensors or actuators) has been generated from legitimate code operating correctly.

Its a subtly different problem that requires a different approach.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/24/2014 | 8:16:35 AM
Re: Dangerous appliances --subtly different problem that requires a different approach.
Martin, I think you hit the nail on the head when you describe the security issues related to the IoT as a "subtly different problem that requires a different approach. I suspect your use of the words "subtly different" is an understatement!   Thanks for raising the issues about the brave new world (let alone toaster) that we are entering, and also your very thoughtful comments.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file