Menu

IoT FEATURE NEWS

Security Panel Points to Endpoint Weaknesses, the Benefits of Fuzzing

By Paula Bernier August 18, 2015

Did you hear about the Target point of sale attack? How about the woman who discovered a stranger was using her Foscam baby monitoring system to talk to her young child?

Both of these examples were discussed at the “Protecting and Defending the Edge” session at the IoT Security Summit in Las Vegas. The summit took place at this week’s IoT Evolution Expo, which runs through Thursday at Caesar’s Palace.

The Target PoS hack is one of the larger and higher profile security breaches of late. The Foscam example is among the more bizarre ones. What they have in common is that both point to the frequent and widespread instance of security breaches.

Indeed, the kind of breach Target experienced is common now, noted Kenneth Lowe, director of business development at Gemalto, one of the session panelists. Vince Rico, business developer manager of the technology partner program at Axis Communications, added that Target had outsourced the management of its point of sale system to a service provider, and the hackers used a key to hack that service provider’s network.

So, in that case, the hackers came in through the network and not through the device. But security holes can exist in a lot of places within the network or at the endpoint. That’s why organizations and their suppliers who are implementing IoT solutions should take a holistic approach to addressing security.

There’s no silver bullet when it comes to security, of course, but there are some basic steps IoT companies and their customers can take to allow for more secure solutions, according to the panel. Some of them are as simple as ensuring that manufacturers of endpoints like cameras don’t turn off the security settings on these devices so they are not secure out of the box.

But getting to a more secure IoT isn’t going to be easy. For many companies, security is an after thought – sometimes coming after they make or install a deployment, and sometimes after they are scrambling to address a breach.

And, as noted above, some device manufacturers and retailers seem to have little if any interest in security. In fact, Clay Melugin, senior partner at RMAC Technology Partners and the panel moderator, started the conversation by noting that most Nest devices have already been hacked, especially if they are purchased from Amazon. He also said that many connected devices are powered by chips manufactured offshore, and that there is  now a San Diego company that tests such chips to make sure nothing was added to them in the process.

Melugin also said he’s a fan of crypto, which can be done in software or hardware. If you put a key in crypto, he said, the hacker doesn’t find the private key. With crypto there’s matching encryption on the server side, so every device it talks to it authenticates. Lowe added that crypto does add another layer of protection.

For companies and other organizations with IoT implementations, the appropriate level and type of security depends upon the application and the risk involved should that data or asset be hacked, panel members seemed to agree.

Organizations that want to see how their solutions will stand up against hackers can have companies such as Dell do penetration tests for them. This is essentially an organized hack, also known as fuzzing, in which the tester hits your network with a bunch of packets to see how the network reacts and to reveal holes.




Edited by Stefania Viscusi

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

IoT Evolution World Week in Review: AT&T, Honeywell, Nokia

By: Ken Briodagh    8/19/2017

It's about Smarter Science, Smarter Cities, Smarter Buildings and more in this IoT Evolution Week in Review

Read More

TiTANplatform Forms Strategic Partnership with China Unicom

By: Ken Briodagh    8/18/2017

TiTANplatform, a global smart content and device company, has announced a strategic partnership with China Unicom to provide smart content and device …

Read More

Automobility LA Announces Theme for 2017 Design & Developer Challenge Presented By Microsoft

By: Ken Briodagh    8/17/2017

The Competition Requires Participants to Think About the Future and Develop a Transport/Mobility Concept for the City of Los Angeles' Bid to Host the …

Read More

Centerbridge Completes $1.26 Billion Acquisition of Syncsort and Vision Solutions

By: Ken Briodagh    8/17/2017

Syncsort and Vision Solutions Combining to Create a Powerhouse 'Big Iron to Big Data' Platform; Syncsort CEO Josh Rogers to Lead Company Operating Und…

Read More

Deloitte Selects Miami Based Unified Technologies for Caribbean Cyber Security Alliance

By: Ken Briodagh    8/16/2017

Unified Technologies, an IT solutions provider with operations in the Caribbean and North America, has announced a newly established Cyber Security Al…

Read More