Tag Archive for: IoT

Are Your Mobile and IoT Devices Weakening Your Security? | Marcum LLP

/in


With over 14 billion connected mobile devices today, the Internet of Things (IoT) has become mainstream.

Unfortunately, the number of connected devices continues to increase exponentially, and most of these devices run on outdated software. This means they are vulnerable to cyberattacks.

IoT devices include more than just mobile devices, such as smart home appliances, medical equipment, and industrial machinery. Many companies now use them to monitor their employees, track inventory, and even provide remote assistance.

Today, almost every device in our homes and offices runs on some form of operating system. These systems are often insecure, and hackers constantly look for ways to exploit vulnerabilities to gain access to sensitive data.

Mobile devices such as smartphones and tablets are great for productivity, but they also pose a threat to enterprise IT security. Many organizations use these devices to access confidential data from company networks, which could be used against them.

In addition, the rise of IoT has increased the risk of cyberattacks on businesses since hackers can compromise connected devices. So now, let’s check out the common vulnerabilities so you can learn how to better secure your devices.

5 Common Mobile & IoT Device Vulnerabilities

1. Weak Passwords


Today, a common but easily fixed vulnerability in IoT systems stems from weak or unchanged default passwords. Attackers typically exploit weak or hardcoded passwords to gain access to IoT devices.

These credentials are often stored unencrypted in databases, making it easy for hackers to steal them. Once they have compromised a device, attackers can easily move across networks, gaining control of additional devices and systems.

In addition to weak or hardcoded passwords, many IoT devices are configured to accept default usernames and passwords, making them even more accessible for attackers to compromise.

As a result, attackers can connect to the device via Wi-Fi or Ethernet cable and then log in with the username and password associated with the device.

2. Unsecured Network Services

The IoT is a growing trend among businesses and consumers. However, there are risks involved with deploying…

Source…

AWS Announces General Availability of AWS IoT FleetWise

/in


New service makes it easier for automotive companies to collect, transform, and transfer vehicle data to the cloud in near real time, enabling improved vehicle quality and autonomy

Bridgestone, Hyundai Motor Group, LG CNS, and Renesas Electronics Corporation among customers using AWS IoT FleetWise

SEATTLE, September 27, 2022–(BUSINESS WIRE)–Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), today announced the general availability of AWS IoT FleetWise, a new service that makes it easier for automotive companies to collect, transform, and transfer vehicle data to the cloud in near real time. Automakers, suppliers, fleet operators, and technology solution vendors in the automotive industry can use AWS IoT FleetWise to collect and organize vehicle data more easily, and to store the data in a standardized way for data analysis in the cloud. AWS IoT FleetWise helps automotive companies efficiently transfer data to the cloud in near real time using the service’s intelligent data-collection capabilities. These capabilities allow developers to reduce the amount of data transferred to the cloud by defining rules for when to collect and transfer it based on configurable parameters (e.g., vehicle temperature, speed, and type). Once the data is in the cloud, automotive companies can use it for applications that analyze vehicle fleet health to more quickly identify potential recalls or safety issues, make in-vehicle infotainment systems smarter, or improve advanced technologies like autonomous driving and advanced driver-assistance systems with analytics and machine learning. There are no upfront costs to use AWS IoT FleetWise, and customers pay only for the underlying services used. To get started with AWS IoT FleetWise, visit aws.amazon.com/iot-fleetwise.

“Automotive companies want to use the broad portfolio of AWS services to help manage the vast amounts of data coming from connected vehicles, but they have lacked a solution that made it easier to collect, transform, and transfer data to the cloud,” said Mike Tzamaloukas, general manager of IoT automotive at AWS. “Now, with AWS IoT FleetWise, customers can easily pinpoint the exact vehicle data they need and…

Source…

It’s Time to Demand More from IoT Developers

/in


Distributed Denial-of-Service (DDoS) attacks exploit the very foundation of online connectivity. By taking aim at the foundation of your site’s infrastructure, attackers can cause millions in damages, cutting their victim off from their own online presence. Since 2016, Internet of Things (IoT) devices have rapidly bolstered the ranks of DDoS botnets: now, over half a decade later, the number of online devices continues to increase exponentially. The repercussions of this are ricocheting throughout business and governmental organizations, making DDoS protection a vital part of a modern organization’s defenses.

How DDoS Is A Universal Threat

When you attempt to load a webpage, or access an application, your request travels from your browser, via your network, to the hosting server. This server handles the processing of such a request, identifying and returning the precise page you want to see. This cyclical process of request handling is the foundation of the internet: Google alone oversees the processing of 3.5 billion requests per day.

DDoS attacks aim to disrupt the legitimate traffic that a targeted server, organization or network usually relies on by overwhelming its critical infrastructure. Returning a page requires the server to dedicate a small amount of processing power to that task. Each request may only draw small amounts of power, but this directly scales with the number of users requesting a page. When a victim is targeted by the DDoS’ botnet, each bot is individually weaponized to continuously send requests to the victim’s app or site. This sudden influx of requests places incredible strain upon the supporting servers; it’s also impossible to simply block the flood of incoming IP addresses, thanks to the fact that each device looks identical to a legitimate user.

In the days of on-prem server stacks, DDoS attacks could easily wipe out an organization’s online presence: the processing power would exceed the server’s capacity, and simply make the site unavailable for legitimate users. Now, however, cloud computing has unshackled small businesses from local servers. The scalability of cloud-based server providers may mean that your…

Source…

IoT security realities – worse than you think

/in


Juniper Research forecasts that IoT security spending will reach US$6 billion by 2023, with growing business risk and regulatory minimum standards that would serve as key spending drivers.

Commissioned by Armis, The Forrester report, State of Enterprise IoT Security in North America, revealed that 74% of the respondents felt their security controls and practices were inadequate for managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G.

Keith Walsh, OT security and operations director at Armis, says the trouble with many installations within organisations is that each department tends to go solo on management and risk containment.

He cites the example of departments that may have managers over OT/ICS facilities, for instance: air conditioning, sanitation, telecommunications, and other functions. Server rooms and computers of all shapes and sizes may be managed by a separate IT department.

Outside a typical office, a process plant in the oil and gas, petrochemicals, and chemicals industries, or a power plant (nuclear, other renewable, or fossil), will yet have different field operations and maintenance managers managing various safety and other controllers. The expertise demanded by these fields tends to be disparate and so it would be difficult to converge all such manageable assets into a single department or system.

Keith Walsh

“For unmanaged devices, which may include OT and IoT, these may yet be another hurdle for organisations, since they may never have been defined as a security hazard, until recent times when 5G/LTE and broadband have permeated throughout every facet of an organisation.”

Keith Walsh

“So, it is safe to say, we can imagine the typical organisation may not have a complete security profile for all managed and unmanaged devices. Asset visibility is the first step in developing a security framework. You can’t secure what you can’t see,” he added.

As more devices in the homes connect to the internet, security and privacy concerns rise to new levels. The Palo Alto Networks’ The Connected Enterprise: IoT Security Report 2021

Source…