In August 2016 the Mirai Botnet was unleashed, using millions of poorly secured IoT devices to launch a number of DDoS attacks that resulted in relatively minor impact by taking down the website of security analyst Brian Krebs through to clobbering the Dyn network which, in turn, resulted in some of the world's biggest websites dropping off the Internet. The creators of the Mirai software have been charged and have pleaded guilty in a US court.
Tagged With IoT
The IoT age means that all sorts of devices can be easily connected to the Internet. The Reolink Argus security camera is one such device. Unlike many other cameras, it can operate totally wirelessly - four 3V batteries take care of power needs and it communicates wirelessly. I've been testing it for a week or so and here's what I've found.
Predicting the future is near impossible -- but that doesn‘t stop us all from having a red hot go. Human beings have been predicting the future since the beginning of history and the results range from the hilarious to the downright uncanny.
One thing all future predictions have in common: they‘re rooted in our current understanding of how the world works. It‘s difficult to escape that mindset. We have no idea how technology will evolve, so our ideas are connected to the technology of today.
According to Netlab, a new IoT botnet, that dwarfs last year's Mirai attack, is building. Reaper takes advantage of nine different vulnerabilities and over 100 DNS open resolvers to take over IoT devices and launch attacks. Although the botnet hasn't been deployed in a major attack yet, it is building .
The WPA2-busting KRACK exploit can be patched. The flaw is serious and potentially effects almost every wireless access point and router in the market. It takes advantage of a vulnerability in the handshake between wireless connection points and client devices. But Apple has said they are testing a patch in the current beta releases of their four operating systems and I expect others to follow,
We've all seen reports of pacemakers that can be wirelessly manipulated, insulin pumps that can be remotely mis-programmed and autonomous vehicles that have been taken over and gone rogue. And, while for the most part these incidents have been limited in their scope, we have seen some major IoT-related incidents such as the Mirai botnet. With experts forecasting that there will be as many 10 connected devices for every human on the planet by the end of the decade, if we don't get security right now, we could create a world where the hardware we rely on could be used against us.
The NFL, in the United States, now has RFID tracking in every player's shoulder pads and in the balls used at every match. Delivered by Zebra Technologies, the solution brings data and analysis to players, coaches and fans. The sensor, which is small, light and lasts a year is at the core of the solution.
Over the weekend, yet another list of potentially vulnerable IoT devices was made public. It was viewed by over 20,000 people before Pastebin removed the list of devices that responded to Telnet sessions that were secured either with default credentials such as admin/admin or not secured with any authentication at all. Which begs the question, why do some people continually shoot themselves in the foot when it comes to securing these devices?
Few things instill more fear when I think of network architecture and security than thousands of tiny devices collecting and sending data across a network. The Internet of Things is a rising tide that will mean there will be between five and ten devices connected to the Internet for every many, woman and child on the planet before the decade is out. A recent experiment sought to discover whether a serverless architecture was worth exploring when deploying an IoT solution.
I recently purchased a few smart bulbs and have plans to expand my collection of smart lights. I did notice a small inconvenience during setup, however: It was hard to tell which bulb was which without staring into an app. So I added a visual aid to my bulbs using emoji stickers. It's a lot easier to see the "banana" light is out instead of trying to figure out which bulb is "Hue living room bulb 7" while your ceiling fan is off.
While many people focus on the logical security around their data, physical security gets a lot less attention. Locking down the electronic components of physical security is an area that's forgotten once it's installed. Tony Vizza, from IT security consultant Sententia, says there's a huge gap between what we should be doing with our physical security and what we actually do.
It's said necessity is the mother of invention. About 15 years ago, Dr Gernot Heiser, from Data 61, looked ahead and, despite being fit and healthy, could foresee a day when he might need an implanted, life-supporting device such as a pacemaker. And he didn't like the idea the it might be attacked remotely. So, he set out to build a trustworthy computing platform that could not be hacked.
A new piece of research from Data 61, the digital research arm of CSIRO, has found the energy patterns we generate when we walk can be used to power mobile devices and to authenticate our identity. It turns out we have, in Star Trek parlance, unique energy signatures.
Last September, a bunch of major websites were rendered 404 when the Mirai botnet surfaced. By attacking hundreds of thousands of unsecured IoT devices Mirai was able to attack DNS provider Dyn resulting in hundreds of online services dropping like flies. Persirai borrows some code from Mirai but "improves" upon it.
New research released today by Telsyte says the IoT market is set to soar with more than 300 million connected devices in Australian homes by 2021. That's more than ten devices for every man, woman and child - and excludes commercial devices and applications. While managing and securing those devices will be a massive challenge, keeping them connected and remotely accessible will also see our telcos scrambling as they seek to further embed themselves in our lives