IoT Security News: Attacks, Encryption and WAP3

By Joanne Kelleher | February 12, 2018

The new year kicked off with major security-related news. On January 3, we learned that billions of CPUs are vulnerable to the Meltdown and Spectre side-channel attacks, which can be used to access sensitive data, including passwords, cryptography keys, and files. Since then, chip makers and cloud service providers have been scrambling to develop and deploy patches for the vulnerabilities. Intel and Austria-based Graz University of Technology maintain pages with helpful information about the vulnerabilities and patches. But before you dive deep into the newest whitepapers and blog posts about Meltdown and Spectre, check out the following interesting news items from the past few weeks.

The Unbreakable 7,775

FBI Director Christopher Wray called unbreakable encryption an “urgent public safety issue” during an early January talk at the International Conference on Cybersecurity (ICCS) in New York. According to Wray, the FBI was unable to break into 7,775 devices during the last year. “Warrant-proof” encryption has been debated by tech leaders, politicians, and law enforcement since 2016, when Apple and the FBI fought over the legality of unlocking a terrorist’s iPhone. In October 2017, Deputy Attorney General Rod Rosenstein pushed the debate forward at the Cambridge Cyber Summit, where he stated that modern encryption makes it difficult for law enforcement to prevent terrorism and investigate crimes. “The advent of ‘warrant-proof’ encryption is a serious problem,” he said. “It threatens to destabilize the constitutional balance between privacy and security that has existed for over two centuries.”

WAP3 Is on Its Way

Last fall, WIRED reported that the Key Reinstallation Attack (KRACK) Wi-Fi security exploit would affect wireless devices for decades to come. Fortunately, in early January, the Wi-Fi Alliance—which includes Apple, Microsoft, and Intel—announced WPA3 security protections to replace the flawed WPA2 security protocol. Here are the key points according to the Alliance:

  • The Alliance will maintain WPA2 and will not immediately replace it with WPA3
  • “Robust protections” for users who do not follow password complexity recommendations
  • Simplified configuration for devices with no display or a limited display
  • Compliance with the Commercial National Security Algorithm (CNSA) Suite
  • Individualized data encryption for users using open networks

The Alliance did not provide technical details with its announcement. We will keep you updated as we learn more.

SecureRF in the News

  • In a Microprocessor Report article titled “SecureRF Locks Up the Keys,” Mike Demler highlights SecureRF’s unique quantum-resistant security solutions and explains why they are well suited for securing low-resource processors. More Details
  • In early January, SecureRF’s CEO Louis Parks was quoted in a FORTUNE article: “According to CEO Louis Parks of SecureRF, which is developing quantum-resistant security systems, the number of qubits in a machine has recently soared from 16 to 50.” Read the article: “Breaking Bitcoin with a Quantum Computer”
  • Louis Parks was interviewed by Peggy Smedley (The Peggy Smedley Show IoT Podcast #545) about the history of asymmetric cryptography, the challenges associated with securing low-resource processors, and the threat quantum computers pose to IoT security. It was his second appearance on the podcast. Listen Now

News Briefs

  • Okiru Botnet: A new Mirai botnet is reportedly targeting Argonaut RISC Core (ARC) processors, which are driving billions of devices in the Internet of Things. Okiru, which is Japanese for “wake up,” is a variant of Mirai that can take down ARC-based devices with distributed denial of services (DDoS) attacks. More
  • 49-Qubit Quantum Test Chip: Intel announced at CES 2018 that the it has designed and fabricated a 49-qubit quantum test chip called “Tangle Lake.” The news came just two months after the company had announced a 17-qubit test chip. More
  • Semiconductor Revenue Boost: Worldwide semiconductor revenue totaled $419.7 billion in 2017, up 22.2% percent from 2016, and Samsung became the top semiconductor vendor. More