Menu

IoT FEATURE NEWS

Security Panel Points to Endpoint Weaknesses, the Benefits of Fuzzing

By

Did you hear about the Target point of sale attack? How about the woman who discovered a stranger was using her Foscam baby monitoring system to talk to her young child?

Both of these examples were discussed at the “Protecting and Defending the Edge” session at the IoT Security Summit in Las Vegas. The summit took place at this week’s IoT Evolution Expo, which runs through Thursday at Caesar’s Palace.

The Target PoS hack is one of the larger and higher profile security breaches of late. The Foscam example is among the more bizarre ones. What they have in common is that both point to the frequent and widespread instance of security breaches.

Indeed, the kind of breach Target experienced is common now, noted Kenneth Lowe, director of business development at Gemalto, one of the session panelists. Vince Rico, business developer manager of the technology partner program at Axis Communications, added that Target had outsourced the management of its point of sale system to a service provider, and the hackers used a key to hack that service provider’s network.

So, in that case, the hackers came in through the network and not through the device. But security holes can exist in a lot of places within the network or at the endpoint. That’s why organizations and their suppliers who are implementing IoT solutions should take a holistic approach to addressing security.

There’s no silver bullet when it comes to security, of course, but there are some basic steps IoT companies and their customers can take to allow for more secure solutions, according to the panel. Some of them are as simple as ensuring that manufacturers of endpoints like cameras don’t turn off the security settings on these devices so they are not secure out of the box.

But getting to a more secure IoT isn’t going to be easy. For many companies, security is an after thought – sometimes coming after they make or install a deployment, and sometimes after they are scrambling to address a breach.

And, as noted above, some device manufacturers and retailers seem to have little if any interest in security. In fact, Clay Melugin, senior partner at RMAC Technology Partners and the panel moderator, started the conversation by noting that most Nest devices have already been hacked, especially if they are purchased from Amazon. He also said that many connected devices are powered by chips manufactured offshore, and that there is  now a San Diego company that tests such chips to make sure nothing was added to them in the process.

Melugin also said he’s a fan of crypto, which can be done in software or hardware. If you put a key in crypto, he said, the hacker doesn’t find the private key. With crypto there’s matching encryption on the server side, so every device it talks to it authenticates. Lowe added that crypto does add another layer of protection.

For companies and other organizations with IoT implementations, the appropriate level and type of security depends upon the application and the risk involved should that data or asset be hacked, panel members seemed to agree.

Organizations that want to see how their solutions will stand up against hackers can have companies such as Dell do penetration tests for them. This is essentially an organized hack, also known as fuzzing, in which the tester hits your network with a bunch of packets to see how the network reacts and to reveal holes.




Edited by Stefania Viscusi

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

iSIM Collaboration Fuels Accelerated IoT Deployment

By: Maurice Nagle    9/23/2021

Truphone announced a collaboration with Sony Semiconductor Israel Ltd. (Sony) and Kigen to enable mass IoT deployments.

Read More

From Startups to School Buses, Kajeet Delivers More Than Just Internet

By: Maurice Nagle    9/22/2021

Not to sound cliche, but the IoT takes a village. Much like raising a child, it requires planning, nurturing and the efforts of many to bring the IoT …

Read More

Senet and Helium Partnership Expands LoRaWAN Network Access Across the US

By: Matthew Vulpis    9/22/2021

Senet, Inc., a leading provider of cloud-based software and services platforms that enable global connectivity and on-demand network build-outs for th…

Read More

Sierra Wireless Opening Door to 5G World One Use Case at a Time

By: Maurice Nagle    9/21/2021

Sierra Wireless is looking to dive headfirst into 5G, underscored by the announcement of AVIWEST selecting Sierra's EM9191 5G New Radio (NR) module fo…

Read More

A Move Toward Pervasive LoRaWAN Network Coverage

By: Arti Loftus    9/15/2021

Earlier this year, ABI Research found that the LoRaWAN protocol is the leading license-exempt low-power wide-area (LPWA) network technology addressing…

Read More