Following the news that, a Chinese manufacturing firm admitted its hacked DVRs and cameras were behind the attack and are now recalling their webcams, IT security experts from Cigital, Xively by LogMeIn and Tripwire commented below.
Jim Ivers, CMO at Cigital:
“This attack is illustrative of the problem with connected devices, specifically the ability to infiltrate, corrupt, and subsequently use these devices for malicious activity. Because computers are hardened and monitored, connected devices provide attackers a much easier path. Given that these devices have sufficient computing power, it is clear that once infiltrated attackers can use them the same way they would use a laptop. The problems are many. There are a lot of devices connected today and that number will increase by orders of magnitude in a short time, providing attackers ample platforms for abuse. Second, these devices are not monitored in the way that a computer on a network is monitored, so detection and remediation will be slow and difficult.”
Ryan Lester, Director of IoT Strategy at Xively by LogMeIn:
“This incident further reinforces the need for rigorous assessment of security implications at the outset of any Internet of Things project. The Internet of Things comes with a whole new set of security challenges and product companies must ensure that security is purpose-built for the IoT and that it is entrenched in every aspect – infrastructure, apps, connections, etc.
Product companies also need to avoid security shortcuts, such as embedded private keys and weak authentication, which can speed up the development phase but can be quite risky and negatively affect consumer confidence in the long term. A thorough evaluation of the security implications will ultimately save time and cost of flaws discovered down the road. The consequences of which can be financially debilitating and long-lasting.”
Craig Young, Cybersecurity Researcher at Tripwire:
“It is fantastic to see a vendor owning up to their responsibility in this event. It is very rare to hear of a vendor doing something like this and I hope that it will be the first of many vendors to react strongly to Friday’s attacks.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.