In the first of what will undoubtedly be a large number of battles between companies that make IoT devices and the police, Amazon is refusing to comply with a warrant demanding data on what its Echo device heard at a crime scene. The particulars of the case are weird. Amazon’s Echo does not constantly record; … Read More “Law Enforcement Access to IoT Data” »
Category: internetofthings
Auto Added by WPeMatico
The FDA has issued a report giving medical devices guidance on computer and network security. There’s nothing particularly new or interesting; it reads like standard security advice: write secure software, patch bugs, and so on. Note that these are “non-binding recommendations,” so I’m really not sure why they bothered. Powered by WPeMatico
There’s a concept from computer security known as a class break. It’s a particular security vulnerability that breaks not just one system, but an entire class of systems. Examples might be a vulnerability in a particular operating system that allows an attacker to take remote control of every computer that runs on that system’s software. … Read More “Class Breaks” »
You can rent a 400,000-computer Murai botnet and DDoS anyone you like. BoingBoing post. Slashdot thread. Powered by WPeMatico
PoisonTap is an impressive hacking tool that can compromise computers via the USB port, even when they are password-protected. What’s interesting is the chain of vulnerabilities the tool exploits. No individual vulnerability is a problem, but together they create a big problem. Kamkar’s trick works by chaining together a long, complex series of seemingly innocuous … Read More “Hacking Password-Protected Computers via the USB Port” »
Late last month, popular websites like Twitter, Pinterest, Reddit and PayPal went down for most of a day. The distributed denial-of-service attack that caused the outages, and the vulnerabilities that made the attack possible, was as much a failure of market and policy as it was of technology. If we want to secure our increasingly … Read More “Regulation of the Internet of Things” »
This is exactly the sort of Internet-of-Things attack that has me worried: “IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten. Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat … Read More “Self-Propagating Smart Light Bulb Worm” »
For years, the DMCA has been used to stifle legitimate research into the security of embedded systems. Finally, the research exemption to the DMCA is in effect (for two years, but we can hope it’ll be extended forever). Powered by WPeMatico
Yesterday’s DDoS attacks against Dyn are being reported everywhere. I have received a gazillion press requests, but I am traveling in Australia and Asia and have had to decline most of them. That’s okay, really, because we don’t know anything much of anything about the attacks. If I had to guess, though, I don’t think … Read More “DDoS Attacks against Dyn” »
Lance Spitzner looks at the safety features of a power saw and tries to apply them to Internet security: By the way, here are some of the key safety features that are built into the DeWalt Mitre Saw. Notice in all three of these the human does not have to do anything special, just use … Read More “Security Lessons from a Power Saw” »