internetofthings – SSL and internet security news

Smart Lock Vulnerability

August 10, 2020 infossl

hacking, internetofthings, locks, physicalsecurity, Security technology, vulnerabilities

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec’s $139.99 UltraLoq is marketed as a “secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code.” Users can share temporary codes and ‘Ekeys’ to friends and guests for scheduled access, but according to … Read More “Smart Lock Vulnerability” »

Traffic Analysis of Home Security Cameras

July 9, 2020 infossl

cameras, cloudcomputing, internetofthings, Security technology, securitymonitoring, trafficanalysis

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what’s going on in front of the camera, and infer when there is someone home. News article. Slashdot thread. Powered by WPeMatico

Half a Million IoT Passwords Leaked

July 8, 2020 infossl

dataloss, internetofthings, leaks, passwords, Security technology

It is amazing that this sort of thing can still happen: …the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long … Read More “Half a Million IoT Passwords Leaked” »

IoT Security Principles

July 7, 2020 infossl

cybersecurity, internetofthings, Security technology, securityengineering

The BSA — also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) — is an industry lobbying group. They just published “Policy Principles for Building a Secure and Trustworthy Internet of Things.” They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and … Read More “IoT Security Principles” »

Securing the International IoT Supply Chain

July 1, 2020 infossl

academicpapers, cybersecurity, hardware, internetofthings, Security technology, securitypolicies, supplychain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the … Read More “Securing the International IoT Supply Chain” »

Analyzing IoT Security Best Practices

June 25, 2020 infossl

academicpapers, internetofthings, nationalsecuritypolicy, Security technology, securityengineering

New research: “Best Practices for IoT Security: What Does That Even Mean?” by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. … Read More “Analyzing IoT Security Best Practices” »

Used Tesla Components Contain Personal Information

May 8, 2020 infossl

cars, dataloss, dataretention, hardware, identification, internetofthings, leaks, Security technology

Used Tesla components, sold on eBay, still contain personal information, even after a factory reset. This is a decades-old problem. It’s a problem with used hard drives. It’s a problem with used photocopiers and printers. It will be a problem with IoT devices. It’ll be a problem with everything, until we decide that data deletion … Read More “Used Tesla Components Contain Personal Information” »

Securing the Internet of Things through Class-Action Lawsuits

February 27, 2020 infossl

courts, internetofthings, laws, publicinterest, Security technology

This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that (1) market realities will produce insecure IoT devices, and (2) political failures will leave that industry unregulated. Result: insecure IoT. It proposes proactive class action litigation against manufacturers of unsafe and unsecured IoT devices … Read More “Securing the Internet of Things through Class-Action Lawsuits” »

Internet of Things Candle

February 20, 2020 infossl

internetofthings, Security technology

There’s a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong? Powered by WPeMatico

Security in 2020: Revisited

February 7, 2020 infossl

cloudcomputing, consumerization, historyofsecurity, internetofthings, Security technology

Ten years ago, I wrote an essay: “Security in 2020.” Well, it’s finally 2020. I think I did pretty well. Here’s what I said back then: There’s really no such thing as security in the abstract. Security can only be defined in relation to something else. You’re secure from something or against something. In the … Read More “Security in 2020: Revisited” »