About Us | Contact Us
View Cart

The Internet of Things

By Vigilize | Sunday, February 15, 2015 - Leave a Comment

An article review.


Vulnerabilities Found in Everything from Coffee Makers to Cars


ServIcons_ITAudit_01

Generally, our article reviews relate to a single article, but we recently found two separate articles that highlight many of the same concerns. These concerns simply apply to different product categories, so we decided to review them together.

The first article examined a recent study by HP’s Fortify security team that explored the security vulnerabilities of networked household appliances. After all, just about anything and everything within our daily lives is becoming connected to the internet. This is where the colloquial name “The Internet of Things” originates.

While the researchers at HP did not identify specific product names, they did take a look at 10 different devices. Within each of those devices, the team “found an average of 20 security flaws within each system.”

Daniel Miessler from HP’s Fortify stated, “It was as if everything we’d learned over the last 25 years had been extracted from memory. We saw credentials being sent over clear text, network ports listening with root shells without a password, private data leakage, and every common Web and mobile vulnerability you’d expect in a web or mobile security lab.”

The alarming part in all this is that humans very rarely learn from the past. Thankfully, “The Internet of Things” has caught the eye of Congress. A recent Senate Commerce, Science and Transportation Committee hearing began to explore and question these security vulnerabilities.


Click Here To Read the Full Article


The second article brings to light the known vulnerabilities within today’s “connected” vehicles. With computers monitoring and controlling virtually every system within the modern car, hackers are proving that dangerous security gaps can easily be exploited with terrifying results.

A study recently sponsored by the office of a US Senator showed that security vulnerabilities were present in nearly every vehicle on the market today. The study included data from 16 automobile manufacturers, and it showed just how dangerous a hacker could be.

It’s proven that a hacker could:

  • Cause sudden acceleration
  • Turn the vehicle
  • Deactivate the brakes
  • Honk the horn
  • Turn the headlights on and off
  • Modify the readings of gauges and speedometer

So how could a hacker and their malware get into a modern vehicle? There are a number of possibilities. A hacker could use a direct Bluetooth connection, a system like GM’s OnStar, an android phone that’s paired with the car infected with malware, or even a CD or DVD placed in the vehicle’s entertainment system.

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report said.

The implications are pretty freighting. There is some good new though. Car makers are beginning to see the need for increased security within their vehicles, including widespread data security standards put in place across the entire automobile industry.

Whether it is with coffee makers or with cars, will humans ever learn from history? After all, if there is vulnerability, it’s only a matter of time before it’s exploited by someone. We can only hope that the new advent of “Awareness in All Directions,” as described in Dan’s trend article, The Magnificent Seven 2015, will cause providers of newer technologies to implement the “security afterthought” faster than in the past!


Click Here To Read the Full Article


The above is what we call an “Article Review.” It is part of our attempt to help our readers find excellent reading materials to back up important technology risk management concepts. We try not to include articles that are merely news or additional news about mainstream issues. Instead, we try to highlight articles that our “typical clients” should be sure to read, or that are about concepts “outside the mainstream media.” infotex does not intend to endorse views represented by the writers of the articles we review, nor do we try to keep our Clients aware of EVERYTHING. For example, if a particular story concept is being reported upon in many different media sources, infotex usually chooses to ignore the story concept altogether, unless we can find a “unique take” on the story concept.


First article by Jeff Stone of International Business Times. Second article originally posted on The Star Online.


same_strip_012513


Latest News
    A Webinar Movie This presentation is intended for those who are planning to participate in an infotex incident response test. Please let us know what questions you have, when we have our Plan Walkthrough and Test Plan Approval meeting!
    What you need to know for compliance coast-to-coast. Back in 2020 we posted an article containing links to data breach laws from each state, and it has proven to be one of our more popular posts.  Because laws surrounding the use (and abuse) of technology are always evolving, we thought it was worth taking another […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! In the spirit of October and Halloween we have put together a gallery of our “spooky” Awareness Posters at halloween.infotex.com. Use them to help decorate for the holiday! Check […]
    With nearly three in four people using third-party payment services tied to their bank accounts, the risk isn’t limited to your own policies and procedures… An article review. When working on cybersecurity awareness messages for your customers you may be inclined to focus on your own systems, but a new study on security in digital […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX infotex is excited to announce that Cody Smith has joined the team as the newest Data Security Analyst. Cody holds several industry certifications (including the most recent: SSCP) as well as a B.S in Cyber Security & Information Assurance from Western Governors University. […]
    It’s all about protecting Customer information . . . In 1999 the Gramm-Leach-Bliley Act (GLBA) directed the Federal Deposit Insurance Corporation (FDIC) and other federal banking agencies to ensure that financial institutions have policies, procedures, and controls in place to prevent the unauthorized disclosure of customer financial information.  The FDIC and other federal banking agencies […]
    A Ghoulish Gallery! Just a few scary-themed Awareness posters from our collection, which you can see at posters.infotex.com! Below you will find both the vertical and horizontal versions of each of the posters, all you need to do is “right-click > “Save link as…” to download! Vertical 8.5″ x 11″ Format   Horizontal 11″ x […]
    What to Expect in an Annual Information Security Report to the Board Webinar-Movie Information security ranks as a top risk to financial institutions, both in terms of likelihood and overall impact. It is important that boards receive annual comprehensive reporting from management about the information security risks and incidents, and the actions taken to address […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    With the potential to break all existing forms of encryption, quantum computing poses a unique challenge… An article review. While quantum computing has been a buzzword for some time now the technology remains largely theoretical, with small scale proofs-of-concept that still suffer from serious limitations.  That hasn’t stopped security researchers from worrying about the technology’s […]