This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now. Powered by WPeMatico
Category: internetofthings
Auto Added by WPeMatico
This one is from NIST: “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.” It’s still in draft. Remember, there are many others. Powered by WPeMatico
A security vulnerability in Belkin’s Wemo Insight “smartplugs” allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register: The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on … Read More “Security Vulnerability in Smart Electric Outlets” »
This is really interesting research: “BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid“: Abstract: We demonstrate that an Internet of Things (IoT) botnet of high wattage devices — such as air conditioners and heaters — gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In … Read More “Using Hacked IoT Devices to Disrupt the Power Grid” »
Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats … Read More “Department of Commerce Report on the Botnet Threat” »
Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside … Read More “Sending Inaudible Commands to Voice Assistants” »
Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They’ve already used the tool to study a bunch of different IoT devices. From their blog post: Finding #3: Many IoT Devices Contact a Large and Diverse … Read More “IoT Inspector Tool from Princeton” »
The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they’re backdoored. … Read More “Two NSA Algorithms Rejected by the ISO” »
The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used … Read More “Public Hearing on IoT Risks” »
In “The House that Spied on Me,” Kashmir Hill outfits her home to be as “smart” as possible and writes about the results. Powered by WPeMatico