Menu

IoT FEATURE NEWS

Security Panel Points to Endpoint Weaknesses, the Benefits of Fuzzing

By

Did you hear about the Target point of sale attack? How about the woman who discovered a stranger was using her Foscam baby monitoring system to talk to her young child?

Both of these examples were discussed at the “Protecting and Defending the Edge” session at the IoT Security Summit in Las Vegas. The summit took place at this week’s IoT Evolution Expo, which runs through Thursday at Caesar’s Palace.

The Target PoS hack is one of the larger and higher profile security breaches of late. The Foscam example is among the more bizarre ones. What they have in common is that both point to the frequent and widespread instance of security breaches.

Indeed, the kind of breach Target experienced is common now, noted Kenneth Lowe, director of business development at Gemalto, one of the session panelists. Vince Rico, business developer manager of the technology partner program at Axis Communications, added that Target had outsourced the management of its point of sale system to a service provider, and the hackers used a key to hack that service provider’s network.

So, in that case, the hackers came in through the network and not through the device. But security holes can exist in a lot of places within the network or at the endpoint. That’s why organizations and their suppliers who are implementing IoT solutions should take a holistic approach to addressing security.

There’s no silver bullet when it comes to security, of course, but there are some basic steps IoT companies and their customers can take to allow for more secure solutions, according to the panel. Some of them are as simple as ensuring that manufacturers of endpoints like cameras don’t turn off the security settings on these devices so they are not secure out of the box.

But getting to a more secure IoT isn’t going to be easy. For many companies, security is an after thought – sometimes coming after they make or install a deployment, and sometimes after they are scrambling to address a breach.

And, as noted above, some device manufacturers and retailers seem to have little if any interest in security. In fact, Clay Melugin, senior partner at RMAC Technology Partners and the panel moderator, started the conversation by noting that most Nest devices have already been hacked, especially if they are purchased from Amazon. He also said that many connected devices are powered by chips manufactured offshore, and that there is  now a San Diego company that tests such chips to make sure nothing was added to them in the process.

Melugin also said he’s a fan of crypto, which can be done in software or hardware. If you put a key in crypto, he said, the hacker doesn’t find the private key. With crypto there’s matching encryption on the server side, so every device it talks to it authenticates. Lowe added that crypto does add another layer of protection.

For companies and other organizations with IoT implementations, the appropriate level and type of security depends upon the application and the risk involved should that data or asset be hacked, panel members seemed to agree.

Organizations that want to see how their solutions will stand up against hackers can have companies such as Dell do penetration tests for them. This is essentially an organized hack, also known as fuzzing, in which the tester hits your network with a bunch of packets to see how the network reacts and to reveal holes.




Edited by Stefania Viscusi
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

Soracom Expands North American Partner Ecosystem with Bridgepointe Technologies Alliance

By: Carl Ford    7/16/2026

Soracom's alliance with Bridgepointe Technologies expands its North American IoT partner ecosystem, giving enterprises a faster path to secure, scalab…

Read More

Your Secret Weapon for Enhanced Liability Defense

By: Contributing Writer    6/23/2026

Running a business has its benefits. It can free you from a traditional 9-5 structure. However, it also introduces new layers of risk-especially in a …

Read More

The Digital Supply Chain: Resilience, Visibility, and the End of Flying Blind

By: Carl Ford    5/26/2026

Digital supply chain transformation is helping enterprises replace fragile, efficiency-only models with resilient, real-time operations powered by end…

Read More

The CIO Reimagined: From IT Keeper to Digital Business Leader

By: Carl Ford    5/26/2026

The modern CIO is evolving from an IT operations leader into a strategic digital business executive, responsible for driving AI governance, cloud stra…

Read More

Industrial IoT and the Rise of Smart Level Monitoring

By: Contributing Writer    5/18/2026

Industrial operations are becoming increasingly data-driven. From manufacturing plants and oil terminals to water treatment facilities and agricultura…

Read More