About Us | Contact Us
View Cart

The Internet of Things

By Vigilize | Sunday, February 15, 2015 - Leave a Comment

An article review.

Vulnerabilities Found in Everything from Coffee Makers to Cars

ServIcons_ITAudit_01

Generally, our article reviews relate to a single article, but we recently found two separate articles that highlight many of the same concerns. These concerns simply apply to different product categories, so we decided to review them together.

The first article examined a recent study by HP’s Fortify security team that explored the security vulnerabilities of networked household appliances. After all, just about anything and everything within our daily lives is becoming connected to the internet. This is where the colloquial name “The Internet of Things” originates.

While the researchers at HP did not identify specific product names, they did take a look at 10 different devices. Within each of those devices, the team “found an average of 20 security flaws within each system.”

Daniel Miessler from HP’s Fortify stated, “It was as if everything we’d learned over the last 25 years had been extracted from memory. We saw credentials being sent over clear text, network ports listening with root shells without a password, private data leakage, and every common Web and mobile vulnerability you’d expect in a web or mobile security lab.”

The alarming part in all this is that humans very rarely learn from the past. Thankfully, “The Internet of Things” has caught the eye of Congress. A recent Senate Commerce, Science and Transportation Committee hearing began to explore and question these security vulnerabilities.

Click Here To Read the Full Article

The second article brings to light the known vulnerabilities within today’s “connected” vehicles. With computers monitoring and controlling virtually every system within the modern car, hackers are proving that dangerous security gaps can easily be exploited with terrifying results.

A study recently sponsored by the office of a US Senator showed that security vulnerabilities were present in nearly every vehicle on the market today. The study included data from 16 automobile manufacturers, and it showed just how dangerous a hacker could be.

It’s proven that a hacker could:

  • Cause sudden acceleration
  • Turn the vehicle
  • Deactivate the brakes
  • Honk the horn
  • Turn the headlights on and off
  • Modify the readings of gauges and speedometer

So how could a hacker and their malware get into a modern vehicle? There are a number of possibilities. A hacker could use a direct Bluetooth connection, a system like GM’s OnStar, an android phone that’s paired with the car infected with malware, or even a CD or DVD placed in the vehicle’s entertainment system.

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report said.

The implications are pretty freighting. There is some good new though. Car makers are beginning to see the need for increased security within their vehicles, including widespread data security standards put in place across the entire automobile industry.

Whether it is with coffee makers or with cars, will humans ever learn from history? After all, if there is vulnerability, it’s only a matter of time before it’s exploited by someone. We can only hope that the new advent of “Awareness in All Directions,” as described in Dan’s trend article, The Magnificent Seven 2015, will cause providers of newer technologies to implement the “security afterthought” faster than in the past!

Click Here To Read the Full Article

The above is what we call an “Article Review.” It is part of our attempt to help our readers find excellent reading materials to back up important technology risk management concepts. We try not to include articles that are merely news or additional news about mainstream issues. Instead, we try to highlight articles that our “typical clients” should be sure to read, or that are about concepts “outside the mainstream media.” infotex does not intend to endorse views represented by the writers of the articles we review, nor do we try to keep our Clients aware of EVERYTHING. For example, if a particular story concept is being reported upon in many different media sources, infotex usually chooses to ignore the story concept altogether, unless we can find a “unique take” on the story concept.

First article by Jeff Stone of International Business Times. Second article originally posted on The Star Online.

same_strip_012513

Posted in Article Reviews, Asset Management, Business Continuity, Customer Awareness, Risk Management, Vigilize, Vulnerability News

Related Articles
Latest News
    The Consequence of Unintended Consequences
    Artificial intelligence carries risk, but so does organic ignorance … Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . At a recent conference, I noticed two camps emerging in the debate over artificial intelligence. Some people embrace AI as a tool, while others support Elon […]
    Introducing Nathan Taylor
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX We are pleased to announce the appointment of Nathan Taylor as our new Network Administrator at infotex.  “We are very excited to have Nathan join our team as a Network Administrator and look forward to his contributions to maintaining and improving our infrastructure!” […]
    I saw the news today, oh boy
    about artificial intelligence . . . And who will protect us from it . . .  Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Just watched some press on the the Senate hearings over regulating AI. The normal senator faces, Sam Altman of OpenAI, […]
    Slammed Again
    The Evolution of an Inside Term Used in our Vendor Risk Report Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Those who audit infotex know that our vendor risk report refers to a couple of our providers as “ransomware companies.” This reference started evolving […]
    “Inbox Zero” – Awareness Poster
    Another awareness poster for YOUR customers (and users). Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    Experts Warn of AI Cybersecurity Risk
    New tools could allow unskilled attackers to launch increasingly sophisticated attacks… An article review. Imagine a world where you receive a call from your boss asking you to assist them with something… only it’s not your boss, but an AI being used by an attacker.  This isn’t science fiction, it’s an actual attack that has […]
    Paradise Wanes
    Unavailability Strikes Where it doesn’t matter anyway Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So, I’m writing today’s article from a resort in the middle of Wisconsin.  I want to make sure I’m staying on top of my New Leaf, which is to […]
    Keys to the Kingdom
    . . . and the importance of segregated response. The latest edition of Executive Vice President, Michael Hartke’s article series! In 2007 when I first joined infotex, coming from small to medium sized business general IT support into the world of cybersecurity, the one thing that was very hard for me to internally rectify was […]
    The Pits and APTs
    How concerts can help us understand APTs . . . Especially if you use your imagination! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . My daughter reminded me of a concert Stacey and I attended way back in 2013, in Chicago.  It was one […]
    Mutiny! The Malicious Insider Threat Webinar Registration
    Mutiny! The Malicious Insider Threat Webinar Registration A Webinar-Video It is often awkward to bring up the one attack vector most of us have not addressed. The malicious insider threat. Even if we can flaunt all statistics and claim that the likelihood of an insider attack is low in our bank, the impact is still […]
To the Blog