Attacks/Breaches

4/9/2018
01:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Myths About IoT Security

Here are common misconceptions about securing these devices - and tips for locking them down.
Previous
1 of 7
Next

Image Source: tulpahn via Shutterstock

Image Source: tulpahn via Shutterstock

There's every reason to be concerned about the potential of an IoT system, sensor, or device being hacked in the enterprise or a user's home office.

These devices regularly are exposed for their vulnerabilities, and most are not built with security in mind. An attack via an IoT device can blindside an organization: Take the hotel in Las Vegas last year that lost data when a hacker made his way on to the network through a high-tech fish tank.

Over time, just about every household appliance and piece of office equipment will have an IP address, which means it will be potentially open to hackers.

Forrester's Merritt Maxim says 92% of global technology decision-makers with more than 1,000 employees say they have security policies in place for their firm's use of IoT devices and solutions. However, only 47% consider their security tools sufficient. A full 34% consider their security tools insufficient and another 10% say they do not have security tools to enforce their IoT security policies.

"I think the biggest misconception people have is that these type of hacks could not happen in real life," Maxim says. "People don’t think that their refrigerator, car, or office will be hacked, but the threat is real and the likelihood is that these threats will only increase."

Imposing though the threat has become, Suneil Sastri, director of product and content marketing at SOTI, adds that there are steps IT staffs can take to mitigate the threat.

"People need to understand that there are solutions," Sastri says. "IT people and consumers can change passwords, encrypt devices, and remotely patch devices. What we're concerned about is that people won't move forward with IoT because they are worried about security."

Jeff Wilbur, director of the Online Trust Alliance, says the good news is that some IoT vendors are fixing exposed vulnerabilities in their products, such as Fitbit, LG's Smart ThinQ dishwashers, and Samsung SmartThings. 

Here are some common myths about securing IoT devices and systems.

 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.