Following the news that, a Chinese manufacturing firm admitted its hacked DVRs and cameras were behind the attack and are now recalling their webcams, IT security experts from Cigital, Xively by LogMeIn and Tripwire commented below.
Jim Ivers, CMO at Cigital:
“This attack is illustrative of the problem with connected devices, specifically the ability to infiltrate, corrupt, and subsequently use these devices for malicious activity. Because computers are hardened and monitored, connected devices provide attackers a much easier path. Given that these devices have sufficient computing power, it is clear that once infiltrated attackers can use them the same way they would use a laptop. The problems are many. There are a lot of devices connected today and that number will increase by orders of magnitude in a short time, providing attackers ample platforms for abuse. Second, these devices are not monitored in the way that a computer on a network is monitored, so detection and remediation will be slow and difficult.”
Ryan Lester, Director of IoT Strategy at Xively by LogMeIn:
“This incident further reinforces the need for rigorous assessment of security implications at the outset of any Internet of Things project. The Internet of Things comes with a whole new set of security challenges and product companies must ensure that security is purpose-built for the IoT and that it is entrenched in every aspect – infrastructure, apps, connections, etc.
Product companies also need to avoid security shortcuts, such as embedded private keys and weak authentication, which can speed up the development phase but can be quite risky and negatively affect consumer confidence in the long term. A thorough evaluation of the security implications will ultimately save time and cost of flaws discovered down the road. The consequences of which can be financially debilitating and long-lasting.”
Craig Young, Cybersecurity Researcher at Tripwire:
“It is fantastic to see a vendor owning up to their responsibility in this event. It is very rare to hear of a vendor doing something like this and I hope that it will be the first of many vendors to react strongly to Friday’s attacks.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…