Symantec recently released its report on IoT device attacks, IT security experts from profit prpl Foundation and NSFOCUS commented below.
Cesare Garlati, Chief Security Strategist at prpl Foundation:
“The nature of many IoT devices is that they are always on and always connected, making them prime targets for attackers to exploit. If we look at the humble light bulb, while it might not seem like a big deal if a single light bulb in a home is breached, what if a hacker could control every one of those light bulbs within a set area to create a power surge that cause a massive black out?
For this reason, the prpl Foundation advocates for standards in for manufacturers and developers of IoT – in even the smallest of devices. Three basic principles to these standards are using open source – rather than proprietary software, forging a root of trust at the hardware level in embedded systems and exercising security by separation using hardware virtualisation, so all of your “security eggs” are not in one basket – making it more difficult for criminals to get control.”
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS:
The primary reason why IoT devices are being hacked and most often added to existing botnets is primarily because there are accessible from the Internet directly. Often, people who deploy an IoT device, for example a CCTV camera, thermostat, security system, baby monitor, personal electronic assistant, etc., are simple not deploying them behind firewalls. Instead, they are deploying them in a fashion whereby the devices are completely accessible from anywhere on the Internet. Also, many people are not changing default passwords on these devices. Vendors who develop these technologies try to make them as easy as possible to install to help reduce customer support calls; which can be very costly for the vendor. If people are having difficulty deploying an IoT device, what’s the natural response? Call support! Therefore, many of the IoT devices are plug-and-play and very easy to install. Easy to install doesn’t mean they’re actually secure.
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.