Cyber Security
“user didn’t change the default password” story”. “Modern life depends on properly functioning IoT devices that are available when you need them, have integrity so you can trust them, and are confidential so they aren’t haring critical data with the wrong (nefarious) people. These basic principles of security were overlooked in the development of most IoT devices”. “Elementary security mistakes like allowing brute force attacks, default (sometimes hardcoded) admin credentials, allow operators can to launch an attack that takes out global Internet infrastructure”.
“Concerted Efforts” The complexity of IoT with the sheer number and variety of service providers, devices, firmware and software raises questions: To what extent can security control be shared? If something goes wrong, who’s responsible for the real-world effects? The role of standards, trust labels, regulations play a role in setting out a framework. For examples, the EU Cybersecurity Certification practice needs to be eliminated. Best practice
gain access to movements of these critical public
Scheme, the NIST draft Considerations for
on passwords and other authentication methods
services vehicles.
Managing Internet of Things (IoT) Cybersecurity
should be followed.” F5 Networks, Inc (Justin Shattuck, Principal
“We knew their routes to and from work, could watch as they responded to dispatch calls, and
and Privacy Risks highlight the considerations in establishing cybersecurity and privacy baselines.
Threat Researcher), at the SICW Internet of Things
could learn their patrol patterns. We could use
Security talk, highlighted the extreme vulnerability
sensitive information in the device configuration to
be deployed by 2020, the urgency to implement
of many emergency services vehicles due to use
infiltrate the networks these devices connected to,
security controls cannot be greater. This,
of onboard devices where security weaknesses
and possibly manipulate data. In the wrong hands,
Kaspersky labs said, required “concerted efforts”
– specifically through default login / password -
the information could be deadly.”
from “end device manufacturers; telecom device
expose sensitive details such as GPS coordinates. From tracking vehicles in real-time to identifying
Crucially he said “exploiting these devices is
With estimates of billions of IoT devices to
manufacturers; vendors of the basic hardware for
not done through a typical hardware or software
IoT and telecom devices; telecom service providers;
residential address in precincts where police
vulnerability. There is no weakness in the software to
application service providers in the IoT sphere;
officers took their vehicles home after shift end,
exploit. There’s no hacking of the hardware. This is a
system integrators working in the sphere of IoT and
external parties monitoring the GPS coordinates
weak admin user authentication exploit—the age-old
connected devices.”
28 | Asia Pacific Security Magazine