About Us | Contact Us
View Cart

The Internet of Things

By Vigilize | Sunday, February 15, 2015 - Leave a Comment

An article review.


Vulnerabilities Found in Everything from Coffee Makers to Cars


ServIcons_ITAudit_01

Generally, our article reviews relate to a single article, but we recently found two separate articles that highlight many of the same concerns. These concerns simply apply to different product categories, so we decided to review them together.

The first article examined a recent study by HP’s Fortify security team that explored the security vulnerabilities of networked household appliances. After all, just about anything and everything within our daily lives is becoming connected to the internet. This is where the colloquial name “The Internet of Things” originates.

While the researchers at HP did not identify specific product names, they did take a look at 10 different devices. Within each of those devices, the team “found an average of 20 security flaws within each system.”

Daniel Miessler from HP’s Fortify stated, “It was as if everything we’d learned over the last 25 years had been extracted from memory. We saw credentials being sent over clear text, network ports listening with root shells without a password, private data leakage, and every common Web and mobile vulnerability you’d expect in a web or mobile security lab.”

The alarming part in all this is that humans very rarely learn from the past. Thankfully, “The Internet of Things” has caught the eye of Congress. A recent Senate Commerce, Science and Transportation Committee hearing began to explore and question these security vulnerabilities.


Click Here To Read the Full Article


The second article brings to light the known vulnerabilities within today’s “connected” vehicles. With computers monitoring and controlling virtually every system within the modern car, hackers are proving that dangerous security gaps can easily be exploited with terrifying results.

A study recently sponsored by the office of a US Senator showed that security vulnerabilities were present in nearly every vehicle on the market today. The study included data from 16 automobile manufacturers, and it showed just how dangerous a hacker could be.

It’s proven that a hacker could:

  • Cause sudden acceleration
  • Turn the vehicle
  • Deactivate the brakes
  • Honk the horn
  • Turn the headlights on and off
  • Modify the readings of gauges and speedometer

So how could a hacker and their malware get into a modern vehicle? There are a number of possibilities. A hacker could use a direct Bluetooth connection, a system like GM’s OnStar, an android phone that’s paired with the car infected with malware, or even a CD or DVD placed in the vehicle’s entertainment system.

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the report said.

The implications are pretty freighting. There is some good new though. Car makers are beginning to see the need for increased security within their vehicles, including widespread data security standards put in place across the entire automobile industry.

Whether it is with coffee makers or with cars, will humans ever learn from history? After all, if there is vulnerability, it’s only a matter of time before it’s exploited by someone. We can only hope that the new advent of “Awareness in All Directions,” as described in Dan’s trend article, The Magnificent Seven 2015, will cause providers of newer technologies to implement the “security afterthought” faster than in the past!


Click Here To Read the Full Article


The above is what we call an “Article Review.” It is part of our attempt to help our readers find excellent reading materials to back up important technology risk management concepts. We try not to include articles that are merely news or additional news about mainstream issues. Instead, we try to highlight articles that our “typical clients” should be sure to read, or that are about concepts “outside the mainstream media.” infotex does not intend to endorse views represented by the writers of the articles we review, nor do we try to keep our Clients aware of EVERYTHING. For example, if a particular story concept is being reported upon in many different media sources, infotex usually chooses to ignore the story concept altogether, unless we can find a “unique take” on the story concept.


First article by Jeff Stone of International Business Times. Second article originally posted on The Star Online.


same_strip_012513


Latest News
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    The joint cybersecurity advisory includes the 15 most exploited vulnerabilities reported in 2021… An article review.  While a lot of attention is focused on previously undisclosed or “zero day” attacks, some of the most likely attack vectors are vulnerabilities that have been widely known for weeks or even months.  That’s according to a new joint […]
    Threats are changing, EDR can help us adapt . . . Today’s advanced persistent threat (APT) understands that the IT landscape has changed. In the post-COVID age, more and more organizations have adopted some form of work from home.  While WFH offers many conveniences, it also imparts increased risks. BitSight conducted a 2021 study of […]
    The Five Precepts of IT Vendor Management Webinar-Movie We’re going back to basics on Vendor Management. This webinar will give you a training tool to help out that new person that is starting to take on the gargantuan task that is Vendor Management.
    A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]
    You think you’ve finally found stability in your to-do list. Your goals are set, and you’re even making great progress on them all. Audit findings: all addressed. Management requests: Under control. Heck, you might even be able to leave the office five minutes early at least once this year. Then BAM! A press release from […]
    Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates.  New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    According to a new survey, more organizations than ever are reporting problems with cybersecurity staffing… An article review. While pandemic related mandates and restrictions are gradually being lifted across the country, many organizations are still feeling the effects in one important area: staffing.  That’s according to ISACA’s annual State of Cybersecurity survey, which asked over […]
    Understanding Banking Trojans… Another Technical Article by Tanvee Dhir! What are Banking Trojans? A trojan is a malicious program that masquerades as a genuine one. They are often designed to steal sensitive information from users (login passwords, account numbers, financial information, credit card information, etc.). A banking trojan is a malicious computer program designed to […]