About Us | Contact Us
View Cart

The Internet of Things

By Vigilize | Sunday, February 15, 2015 - Leave a Comment

An article review.


Vulnerabilities Found in Everything from Coffee Makers to Cars


ServIcons_ITAudit_01

Generally, our article reviews relate to a single article, but we recently found two separate articles that highlight many of the same concerns. These concerns simply apply to different product categories, so we decided to review them together.

The first article examined a recent study by HP’s Fortify security team that explored the security vulnerabilities of networked household appliances. After all, just about anything and everything within our daily lives is becoming connected to the internet. This is where the colloquial name “The Internet of Things” originates.

While the researchers at HP did not identify specific product names, they did take a look at 10 different devices. Within each of those devices, the team “found an average of 20 security flaws within each system.”

Daniel Miessler from HP’s Fortify stated, “It was as if everything we’d learned over the last 25 years had been extracted from memory. We saw credentials being sent over clear text, network ports listening with root shells without a password, private data leakage, and every common Web and mobile vulnerability you’d expect in a web or mobile security lab.”

The alarming part in all this is that humans very rarely learn from the past. Thankfully, “The Internet of Things” has caught the eye of Congress. A recent Senate Commerce, Science and Transportation Committee hearing began to explore and question these security vulnerabilities.


Click Here To Read the Full Article


The second article brings to light the known vulnerabilities within today’s “connected” vehicles. With computers monitoring and controlling virtually every system within the modern car, hackers are proving that dangerous security gaps can easily be exploited with terrifying results.

A study recently sponsored by the office of a US Senator showed that security vulnerabilities were present in nearly every vehicle on the market today. The study included data from 16 automobile manufacturers, and it showed just how dangerous a hacker could be.

It’s proven that a hacker could:

  • Cause sudden acceleration
  • Turn the vehicle
  • Deactivate the brakes
  • Honk the horn
  • Turn the headlights on and off
  • Modify the readings of gauges and speedometer

So how could a hacker and their malware get into a modern vehicle? There are a number of possibilities. A hacker could use a direct Bluetooth connection, a system like GM’s OnStar, an android phone that’s paired with the car infected with malware, or even a CD or DVD placed in the vehicle’s entertainment system.

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report said.

The implications are pretty freighting. There is some good new though. Car makers are beginning to see the need for increased security within their vehicles, including widespread data security standards put in place across the entire automobile industry.

Whether it is with coffee makers or with cars, will humans ever learn from history? After all, if there is vulnerability, it’s only a matter of time before it’s exploited by someone. We can only hope that the new advent of “Awareness in All Directions,” as described in Dan’s trend article, The Magnificent Seven 2015, will cause providers of newer technologies to implement the “security afterthought” faster than in the past!


Click Here To Read the Full Article


The above is what we call an “Article Review.” It is part of our attempt to help our readers find excellent reading materials to back up important technology risk management concepts. We try not to include articles that are merely news or additional news about mainstream issues. Instead, we try to highlight articles that our “typical clients” should be sure to read, or that are about concepts “outside the mainstream media.” infotex does not intend to endorse views represented by the writers of the articles we review, nor do we try to keep our Clients aware of EVERYTHING. For example, if a particular story concept is being reported upon in many different media sources, infotex usually chooses to ignore the story concept altogether, unless we can find a “unique take” on the story concept.


First article by Jeff Stone of International Business Times. Second article originally posted on The Star Online.


same_strip_012513


Latest News
    Employees working from home may find it more difficult to follow security policies… An article review. The surge in employees working from home during the pandemic created many headaches for IT departments around the world, many of whom had no telecommuting policies or procedures before the start… but what about the employees who had to […]
    A Webinar-Movie infotex presents the 2021 update of a previously released webinar presented by our Lead Non-Technical Auditor, Adam Reynolds. This movie-short is intended for those who are planning to participate in an infotex Incident Response Test. Not sure about the importance of an Incident Response Test? Check out onetest.infotex.com for more information! Please let […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS INFOTEX PROMOTES BRYAN BONNELL TO DIGITAL MEDIA MANAGER infotex, the Managed Security Service Provider, announced Bryan Bonnell’s promotion from Senior Data Security Analyst to Digital Media Manager.  “He will continue his normal DSA duties on a limited basis, because we want everybody to stay in touch with […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS RYAN HENSLER OF INFOTEX, EARNS CISSP CERTIFICATE Ryan Hensler, Senior NOC Associate of infotex, Inc., recently received the CISSP certification. “Ryan has proven himself to be a seasoned security professional both in his work for infotex and now through achieving this certification.” said Sean Waugh, Information Security Officer. […]
    Dubious app store subscriptions bring in hundreds of millions of dollars in revenue… An article review. When it comes to malicious applications you’re probably familiar with things like malware and ransomware, and you have ways to avoid them.  Modern desktop and smartphone operating systems have built-in malware detection tools, and some web browsers even automatically […]
    Another Manifesto A supply-chain manifesto by the author of Never Say Never: A Password Manifesto! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . [Sssshh.  Turn out the lights.  Let’s lower our inner voices, as I have something to propose that might be a bit […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    While malware and security exploits continue to make headlines, the majority of reported security incidents involve phishing… An article review. With all the attention given recently to security incidents involving software exploits and high-profile malware attacks, it would be easy to believe that they represented the most likely incidents you may encounter in the wild.  […]
    Implementing Protective DNS could help your organization avoid attack… An article review. Noting the risks still associated with the Domain Name System (DNS), the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidance on the selection and use of a Protective DNS service (PDNS). The guidance, released in […]
    A Webinar-Movie In 2018 the NCUA started reviewing credit unions with $1 billion or more in assets using a tool known as the Automated Cybersecurity Examination Tool, or ACET. The expansion to smaller credit unions is inevitable. In the new year, credit unions should now think about how they can come into compliance with the […]