Menu

IoT FEATURE NEWS

Security Panel Points to Endpoint Weaknesses, the Benefits of Fuzzing

By Paula Bernier August 18, 2015

Did you hear about the Target point of sale attack? How about the woman who discovered a stranger was using her Foscam baby monitoring system to talk to her young child?

Both of these examples were discussed at the “Protecting and Defending the Edge” session at the IoT Security Summit in Las Vegas. The summit took place at this week’s IoT Evolution Expo, which runs through Thursday at Caesar’s Palace.

The Target PoS hack is one of the larger and higher profile security breaches of late. The Foscam example is among the more bizarre ones. What they have in common is that both point to the frequent and widespread instance of security breaches.

Indeed, the kind of breach Target experienced is common now, noted Kenneth Lowe, director of business development at Gemalto, one of the session panelists. Vince Rico, business developer manager of the technology partner program at Axis Communications, added that Target had outsourced the management of its point of sale system to a service provider, and the hackers used a key to hack that service provider’s network.

So, in that case, the hackers came in through the network and not through the device. But security holes can exist in a lot of places within the network or at the endpoint. That’s why organizations and their suppliers who are implementing IoT solutions should take a holistic approach to addressing security.

There’s no silver bullet when it comes to security, of course, but there are some basic steps IoT companies and their customers can take to allow for more secure solutions, according to the panel. Some of them are as simple as ensuring that manufacturers of endpoints like cameras don’t turn off the security settings on these devices so they are not secure out of the box.

But getting to a more secure IoT isn’t going to be easy. For many companies, security is an after thought – sometimes coming after they make or install a deployment, and sometimes after they are scrambling to address a breach.

And, as noted above, some device manufacturers and retailers seem to have little if any interest in security. In fact, Clay Melugin, senior partner at RMAC Technology Partners and the panel moderator, started the conversation by noting that most Nest devices have already been hacked, especially if they are purchased from Amazon. He also said that many connected devices are powered by chips manufactured offshore, and that there is  now a San Diego company that tests such chips to make sure nothing was added to them in the process.

Melugin also said he’s a fan of crypto, which can be done in software or hardware. If you put a key in crypto, he said, the hacker doesn’t find the private key. With crypto there’s matching encryption on the server side, so every device it talks to it authenticates. Lowe added that crypto does add another layer of protection.

For companies and other organizations with IoT implementations, the appropriate level and type of security depends upon the application and the risk involved should that data or asset be hacked, panel members seemed to agree.

Organizations that want to see how their solutions will stand up against hackers can have companies such as Dell do penetration tests for them. This is essentially an organized hack, also known as fuzzing, in which the tester hits your network with a bunch of packets to see how the network reacts and to reveal holes.




Edited by Stefania Viscusi

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

IoT Evolution World Week in Review: Cisco, GE, Samsung

By: Ken Briodagh    4/29/2017

Welcome to the IoT Evolution Week in Review, my friends. This week, we've been talking about Predictive Maintenance, Satellite for Automotive, Hannove…

Read More

IoT Time Preview: Energy Efficiency

By: Ken Briodagh    4/27/2017

In this weekly series, we'll be previewing chapters of "IoT Time: Evolving Trends in the Internet of Things" for you to read in the hopes that you'll …

Read More

Illinois Sets Out to Build Digital-Ready, IoT-Trained Workforce

By: Ken Briodagh    4/27/2017

State of Illinois to partner with the IoT Talent Consortium to offer data science training to Illinois workers and learners, with cybersecurity traini…

Read More

IAR Systems Acquires Equity Stake in Secure Thingz for IoT Security

By: Ken Briodagh    4/27/2017

IAR Systems, a supplier of software tools and services for embedded development, has announced an alliance with Secure Thingz, a provider of advanced …

Read More

New Globetouch CEO Riccardo Di Blasio Tasked with Next Phase of Expansion

By: Ken Briodagh    4/26/2017

Globetouch, a world-wide provider of global connectivity solutions, has announced the appointment of enterprise expert and Silicon Valley technology i…

Read More