Tag Archive for: IoT

IoT Hack Enables Cybercriminals to Steal Cars

/in


In a new fashion for stealing cars, automotive security experts have discovered that cybercriminals can hack into a vehicle’s control system through the headlight. The control system is managed by the controller area network (CAN) bus, an Internet of Things (IoT) protocol that allows devices and microcontrollers to communicate with each other within the car.

By manipulating the electronic control unit (ECU) in a Toyota RAV4’s headlight, attackers could access the CAN bus and gain control of the car. This approach, as described in a blog post by Canis Automotive Labs CTO Ken Tindell, is a unique way of car hacking that had not been seen before. Once connected through the headlight, the attackers could gain access to the CAN bus, responsible for functions like the parking brakes, headlights, and smart key, and then into the powertrain panel where the engine control is located.

Even though car hacking is not a new issue, this method of attack highlights the vulnerability of IoT protocols like the CAN bus and the need for improved security measures in automotive systems.

Diagram showing how ECUs in a RAV4 are wired together with CAN bus

Connecting ECUs in a RAV4 using CAN Bus Wiring (via Canis CTO blog)

Tindell cautions that this form of CAN injection will compel manufacturers to reconsider the security of their vehicle control networks. “As a car engineer, your focus is on addressing a variety of challenges such as minimizing wiring, enhancing reliability, and reducing costs. Cybersecurity may not always be at the forefront of your mind.”

A Case of Stolen Toyota RAV4 in London

Ian Tabor, an automotive security consultant, woke up to discover that his parked Toyota RAV4 had been tampered with in London. The car’s front bumper and left headlight had been disturbed, and the same areas were later found to be tampered with again.

Unfortunately, he didn’t…

Source…

Urging Necessity to Secure Connected Devices and Fortify the IoT Demand

/in


PRESS RELEASE

Published March 3, 2023

“Microsoft (US), AWS (US), Google (US), IBM (US), Intel (US), CISCO (US), Ericsson (Sweden), Thales (France), Allot (Israel), Infineon (Germany), Atos (France), Magiccube (US), Dragos Security (US), Claroty (US), Karamba Security (Israel), Vdoo (JFrog) (US), Forgerock (US), Ordr (US), Newsky (US), Armis (US), Mobileum(US), Trend Micro (Japan), Sophos (UK).”

IoT Security Market by Type (Network Security, Endpoint Security, Application Security, and Cloud Security), Component (Solutions & Services), Application Area, Deployment Mode (On-premises & Cloud), Organization Size, and Region (2022 – 2026)

IoT security encompasses security beyond just the IoT devices, including the IoT components like IoT platforms, applications, data tools, and the connectivity network. Security lapse at any of these components (device, network, API, and data) may compromise the security of the entire IoT system.

Download PDF Brochure: https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=67064836

IoT application security and endpoint security are the biggest concerns, as poorly secured devices and applications make them a potential target of cyberattacks. End-to-end security is required for IoT devices to thwart any vulnerabilities and attacks in the security ecosystem with ever-growing complexity.

Attacks such as denial-of-service (DoS) attacks can jeopardize the purpose of the IoT set-up. The longevity of IoT devices leads to the retrofitting of these devices in the guest networks, causing data leakages and security lapses. They also have built-in functions such as microphones, cameras, and night vision, and can collect petabytes of data without user knowledge.

IoT devices are majorly set with insecure and default access credentials, empowering attackers to hack them swiftly. Malware seeks out IoT devices and tries to attack them using the default username and password, allowing them to participate in coordinated botnet attacks.

Regulations will force manufacturers and vendors to prioritize security, provide guidelines on the expectation from IoT developers and manufacturers, create an adequate legal framework, and develop the underlying technology with security and…

Source…

The dark web’s criminal minds see IoT as the next big hacking prize

/in


Krisanapong Detraphiphat | Moment | Getty Images

John Hultquist, vice president of intelligence analysis at Google-owned cybersecurity firm Mandiant, likens his job to studying criminal minds through a soda straw. He monitors cyberthreat groups in real time on the dark web, watching what amounts to a free market of criminal innovation ebb and flow.

Groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when people realize that it works to do damage or to get people to pay. Last year, it was ransomware, as criminal hacking groups figured out how to shut down servers through what’s called directed denial of service attacks. But 2022, say experts, may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

“What I wish is that the vulnerabilities of cybersecurity could never negatively affect human life and infrastructure,” says Meredith Schnur, cyber brokerage leader for US & Canada at Marsh & McLennan, which insures large companies against cyberattacks. “Everything else is just business.”

For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked. In a conversation Dec. 26 with The Financial Times, Mario Greco, the group CEO of giant insurer Zurich Insurance Group, said cyberattacks could pose a larger threat to insurers than pandemics and climate change, if hackers aim to disrupt lives, rather than merely spying or stealing data.

IoT devices are a key entry point for many attacks, according to Microsoft’s Digital Defense Report 2022. “While the security of IT…

Source…

Microsoft applies coat of Rust to Azure Sphere IoT platform • The Register

/in


Developers can now use the Rust programming language when creating applications on Azure Sphere platform for internet-connected devices.

Programmers can apply the performance and security capabilities within Rust to make software for Internet of Things devices and other embedded systems that can be the target of botnets and other malware.

Want to try a null-pointer dereference? Not gonna happen! For embedded systems this is a lifeline…

“Rust and Azure Sphere are a good match – a programming language that can improve safety of code with strict compile time safety checks alongside Azure Sphere’s secure identity, update, and end-to-end encrypted communication services for internet-connected devices should provide greater security to the customer applications,” Akshatha Udayashankar, an embedded software engineer at Microsoft, wrote in a blog post this week.

The move by Microsoft – which previewed the idea in June 2022 – comes the same week Google said it will support third-party Rust libraries in its open-source Chronium project. Like Microsoft, Google touted the security features in the programming language.

As our sister site DevClass wrote at the time, the attraction is not just safety. “Other factors include a greater likelihood of correctness, as a side-effect of safety guarantees, and more reliable concurrency. Rust’s ‘rich type system’ assists in writing expressive code.”

Azure Sphere already includes built-in security features for internet-connected devices and comprises hardware built atop chips from MediaTek and a Linux-based operating system. In addition, it includes the cloud-based Azure Sphere Security Services (AS3) that creates a secure connection between the devices and the internet or cloud.

AS3 ensures a secure boot, device identity authentication, the trust of the software, and certification the devices are running trusted code. It also enables Microsoft to securely download updates to…

Source…