iot


Over the last few months or years I have reported vulnerabilities on several IoT devices. None have been patched so far, and I think it is time to discuss the situation openly. One of the issues I have faced several times is the zero-security-culture phenomenon. Some of those IoT companies were typically very small and young, with sadly neither the skills nor the resources to fix security issues. For example, I remember sending several vulnerabilities to a given company. I got an automated response for the first email (ok),... [Read More]
by RSS Axelle Apvrille  |  May 17, 2017  |  Filed in: Security Research
Welcome back to our monthly review of some of the most interesting security research publications. Previous edition: March 2017 What happened to your home? IoT Hacking and Forensic with 0-day from TROOPERS 17, by Park and Jin Figure 1: Hacking a vacuum cleaner The authors hacked a vacuum cleaner, which, besides cleaning, also includes an embedded camera and microphone. The hack wasn’t easy because the vacuum wasn’t too badly secured. The authors however found 2 vectors: 1. They connected on the... [Read More]
by RSS Axelle Apvrille  |  May 10, 2017  |  Filed in: Security Research
In a 2015 article posted by Forbes, it was reported that 87 percent of people hadn’t heard of the term “Internet of Things” (IoT). At that time, Gartner Inc. estimated that there were 4.9 billion connected devices in use. Fast forward to 2017, and Gartner now reports that number has grown  to 8.4 billion, with a look ahead to 2020 predicting that 20.4 billion connected devices will be in use. The IoT has gained traction in day-to-day life by adding new applications and capabilities at a rapid rate, and as this technology begins... [Read More]
by RSS Amy Thompson  |  May 08, 2017  |  Filed in: Industry Trends & News
As is the case across most of today’s industries, the latest IT technological advances like the cloud, Internet of Things (IoT), and mobility have all blurred the lines between traditional network boundaries, making them harder to secure by the day. Security challenges are escalating in part because there are an increasing number of network access points that can open doors to sensitive financial data. For example, many devices inside of today’s financial networks, such as routers and switches, are not security aware. Once these devices... [Read More]
by RSS Bill Hogan  |  May 05, 2017  |  Filed in: Industry Trends & News
The Bricker bot made the news a couple of weeks ago as being responsible for knocking unsecured IoT devices offline, rather than hijacking them into other botnets and using them for a DDoS attack like the massive event we saw last year against DYN. This is the third botnet that targets insecure IoT devices, but the only one that is destructive. The second, dubbed Hajime, breaks the into IoT devices, but instead of bricking them, it makes them more secure by disabling remote access to the device from the internet. Of course, Mirai was the first,... [Read More]
by RSS Douglas Jose Pereira dos Santos  |  May 02, 2017  |  Filed in: Security Research
Cybersecurity is at a critical tipping point.  With massive volumes of data being generated and analyzed across the globe every day from a variety of sources and devices, an entirely new approach to network security is required. From both a business and technology perspective, traditional security paradigms are struggling to be agile and fast enough to move at the speed required in this new world.  The linchpin to success going forward will be a business’ ability to flexibly secure its sensitive data and create digital trust with its customers. [Read More]
by RSS Drew Del Matto  |  Apr 28, 2017  |  Filed in: Industry Trends & News
For us at FortiGuard, it always sounds like a bad idea for people to share malware source code, even if it is for academic or educational purposes. For example, on GitHub we can currently find more than 300 distinct repositories of ransomware, which gives you some idea about the attention that this form of malware receives. Although ransomware has the highest profile in the threat landscape at the moment, that does not mean that other threats have disappeared. Android is the most wide spread OS on mobile devices, covering around 80% of the... [Read More]
by RSS Dario Durando & David Maciejak  |  Apr 26, 2017  |  Filed in: Security Research
Q&A with Carolyn Crandall, CMO at Attivo Networks Fortinet sits down with Fabric-Ready Partner, Attivo Networks, to learn what’s top of mind for its customers, the key IT challenges they are facing, and how Attivo Networks’ approach to integrated security is helping drive business and customer success. Tell us a bit about Attivo Networks business and the types of customers that you serve. Attivo Networks® is the leader in deception for cyber security defense. Founded on the premise that even the best security systems... [Read More]
by RSS Darlene Gannon  |  Apr 20, 2017  |  Filed in: Industry Trends & News
IoT is a sexy topic these days. It’s hard to open a magazine or blog without seeing statistics that project there will soon be more IoT devices online than there are teenagers on ClickChat. Like the growth of mobility and smartphones before it, IoT is a phenomenon that merits attention. But this time it’s different. IoT networks and devices play a crucial role in our global transition to a digital economy, and organizations that fail to adopt a digital business model may not survive. Which is why we also need to give credit to those... [Read More]
by RSS Phil Quade  |  Apr 19, 2017  |  Filed in: Industry Trends & News
According to a recent prediction detailed in the Deloitte Global TMT Predictions 2017 report, incidents of DDoS are expected to rise to 10 million attacks during the year. The escalation of DDoS, according to them, is primarily due to the growing base of insecure IoT devices, readily available online instructions for unskilled attackers, and rising uplink data speeds. One of the solutions Deloitte Global has recommended is certification marks for connected devices. They propose that device vendors should obtain security certification for their... [Read More]
by RSS Hemant Jain  |  Apr 13, 2017  |  Filed in: Industry Trends & News