Internet of Things Security Reaches Tipping Point

It all began more than four years ago with HD Moore's groundbreaking research in embedded device security — VoIP, DSL, SCADA, printers, videoconferencing, and switching equipment — found exposed on the public Internet and sporting diagnostics backdoors put in place by developers.

The holes could allow an attacker access to read and write memory and power-cycle the device in order to steal data, sabotage the firmware, and take control of the device, Moore, chief security officer at Rapid7 and creator of Metasploit, found. “This feature shouldn't be enabled” in production mode but instead deactivated, he told Dark Reading in a 2010 interview on his research on the widespread vulnerability in VxWorks-based devices.

Fast forward to Black Hat USA and DEF CON 22 last week in Las Vegas, where the dominant and overarching theme was the discovery of, yes, intentional backdoors, hardcoded credentials, unencrypted traffic, and critical systems lumped on the same network as noncritical functions, in today's increasingly networked and automated commercial systems. And those embedded hardware weaknesses were on display by researchers who found them in cars, TSA checkpoint systems, satellite ground terminals, cellphones and networks, home automation and security systems — and even baby monitors.

For the full story, see EBN sister site Dark Reading.

— Kelly Jackson Higgins is the Executive Editor of Dark Reading.

4 comments on “Internet of Things Security Reaches Tipping Point

  1. prabhakar_deosthali
    August 19, 2014

    In my opinion, it is high time to bring in somebody like NASA to design  a security system for all things that will be connected to the internet.

  2. ahdand
    August 19, 2014

    @prabhakar: Do you think by getting NASA to do the security development and planning will stop the threats ? I don't think so. We do need threats because by threats only we know that the application has loop holes. If not we will think everything is perfect where as its not

  3. prabhakar_deosthali
    August 20, 2014


    I agree that , it is good to have ethical hackers to find the loopholes into your designs and expose the eaknesses and bugs in the code during beta testing.

    But when a system , a software  a product is released for  use,  the unethical hackers will still find  a way that to break into the system and force it to misbehave, for which a srong security layer is required to be built .

    And who else but a agency like NASA to build a 100% proof security system ?

  4. _hm
    August 20, 2014

    Most Iot are trivial in nature. It should not need much security. It is more fuss for little things?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.