REGISTER | LOGIN
Breaking News
News & Analysis

Security Experts Cite IoT Risks

Fingerprints found on critical infrastructure
2/14/2017 06:01 PM EST
4 comments
NO RATINGS
Page 1 / 2 Next >
More Related Links
View Comments: Newest First | Oldest First | Threaded View
mosspp
User Rank
Author
Re: Bad IoT Design Practice Leads to Security Issues
mosspp   2/17/2017 3:08:17 PM
NO RATINGS
The "S" in the IoT acronym stands for "Security."

jnissen
User Rank
Author
Not all IOT devices leave out security
jnissen   2/16/2017 5:55:29 PM
NO RATINGS
One of the most popular IOT chips seems to be the ESP8266. The ESP8266 is a self-contained, FCC certified, IEEE 802.11b/g/n WiFi device. It features a low-power 32-bit CPU, 64 KBytes of instruction RAM, 96 KBytes of data RAM, 4 MB of flash, and 16 general purpose input/output (GPIO) pins. The bare chip costs about $2 and modules are in the $5 range.

What I found in playing with this thing is it supports a reasonable set of WiFi security options. It's capable of WPA2 with AES, but HTTPS libraries are freely available. Works with the Arduino IDE. The result is a $5 board that boots up and can connect to a WiFi access point using WPA2 with a pre-shared key (PSK) or even act as an access point. I was very  impressed overall.  

rick merritt
User Rank
Author
Re: Bad IoT Design Practice Leads to Security Issues
rick merritt   2/15/2017 2:31:21 PM
NO RATINGS
@Selvakumar Manickam  Good point. That attack was a real eye opener for IoT.

This might be a good place to list other vulnerabilities that need to be addressed if that would help the white hats more than the black hats ;-)

Selvakumar Manickam
User Rank
Rookie
Bad IoT Design Practice Leads to Security Issues
Selvakumar Manickam   2/15/2017 9:57:43 AM
NO RATINGS
Most IoT device manufacturers, in the hundreds if not thousands, use common firmware, e.g. embedded Linux, to build their device. The access credentials are never changed leaving it something like admin:admin. An attacker can easily build a tool to scan the Internet and look for open ports especially ports 22 and 80 and try to brute force login using the common credentials. In recent incident, CCTV cameras were infected with Mirai botnet using SSH logins with common credentials leading to the biggest DDoS attack in recent times.

Most Recent Comments

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed