IoT security

Chuxing · ‎11-15-2019

The residential IoT devices are appearing in greater numbers, and a lot commercials are popping up on TV, like doorbell ring etc. While the usefulness is there, I tend to cringe a bit, worrying about the security.

Maybe I am a bit paranoid because I know a piece or two of the vulnerabilities that these devices may be exposed. To exaggerate the potential risks, I am posting this cartoon (and it is Friday, I got nothing better to do anyway):

____________________________________
Chuxing Chen, Ph.D., CISSP, PMP

rslade · ‎11-16-2019

> Chuxing (Community Champion) posted a new topic in Tech Talk on 11-15-2019 05:10

> The residential IoT devices are appearing in greater numbers, and a lot
> commercials are popping up on TV, like doorbell ring etc. While the usefulness
> is there, I tend to cringe a bit, worrying about the security.

The only IoT device we have in the house is a smart TV, which the kids gave us
(and then wondered why I wasn't overjoyed). (I still have never told it the
password to the wifi ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Can we blame global warming on Flash? - MW, 20110326
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Caute_cautim · ‎11-17-2019

@ChuxingIt is totally relevant, but its as though everyone buries their heads in the sand and simply waits for it to happen.

Regards

Caute_cautim

Shannon · ‎11-17-2019

Yes, the IoT has us all exposed more than ever, though not everyone will think about the risks. I forwarded that cartoon to some friends on WhatsApp, and interestingly, once of them actually reverted, stating that this can be taken as funny and scary at the same time.

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz

Caute_cautim · ‎12-12-2019

I believe we need to do a lot more across the board raising security awareness for not only electronics manufacturers, retailers and also the consumers plus add the Privacy Commissioners of the various countries who take privacy seriously.

The Government of the day, needs to take responsibility of what is imported and have good expectations of electronic's manufacturers and their behaviour.

We should also claim down on whitelisting companies, if you are not IEEE registered, then dump, no matter how cheap it looks - it simply is not worth it.

In otherwords, consumers do your home work well, research who the manufacturer is and question the Retailers - make them feel uncomfortable, so you can cut through the fluffy sales talks to the nuts and bolts.

Regards

Caute_cautim

Chuxing · ‎12-13-2019

As I was saying...

Cases of example, recently reported Ring been hacked:

https://www.washingtonpost.com/nation/2019/12/12/she-installed-ring-camera-her-childrens-room-peace-...

https://www.nbc-2.com/story/41428183/stranger-spews-racial-slurs-over-familys-hacked-ring-camera

God only knows how many Rings have been hacked, but users were simply not aware, while the intruders are watching (and maybe recording) in silent, and stealing information along the way......

Of course Ring's response was - it's users' fault:

"Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts."

____________________________________
Chuxing Chen, Ph.D., CISSP, PMP