IoT Security Update: April 2019
This month we feature an exciting announcement that highlights the continued expansion of our involvement in industry associations as well as several news stories about security issues plaguing small IoT devices. Smart doorbells, routers and even ultrasound devices can all be vulnerable to attackers since security is often an afterthought even when it comes to designing such small, “innocent” devices. See the consequences of these insecure devices in this month’s news roundup.
News
SecureRF Joins Global Semiconductor Alliance IoT Security Working Group
SecureRF Corporation announced that it has been invited to join the Global Semiconductor Alliance (GSA) IoT Security Working Group. The working group’s purpose is to promote best practices in IoT security, share information on threats and attacks, define security requirements and inform standards bodies. Read the full press release here.
IoT Devices, Ultrasound Machines Pose Risk to Health IT Networks
Many healthcare IoT devices are easy to hack due to open source systems and legacy operating systems, according to Check Point Research. The researchers say they were able to leverage a security gap in an ultrasound machine, which allows hackers to download, edit and replace data, as well as infect the data with ransomware. Read the full story here.
Major Vulnerability in Small IoT Devices Running Windows OS Discovered
A security researcher with SafeBreach discovered that small IoT devices running a particular Windows OS are vulnerable to a flaw that could allow attackers to seize full control. The Windows 10 IoT Core OS, designed to run on smaller devices like the Raspberry Pi, has a flaw with its built-in Sirep Test Service. The vulnerability exposes a remote control interface that can be exploited to seize full operational control of IoT devices. Read more here.
Cisco WiFi Routers Attacked After Code Hack Posted
Bad Packets Report detected an increase in internet scans by attackers the day after a security research firm published a blog post containing sample code on how to exploit Cisco routers. According to Cisco, the vulnerability impacted about 12,000 devices in the U.S., Canada, India, Argentina, Poland and Romania. When the firm, Pen Test Partners, initially announced the vulnerability in October, Cisco thanked them for their help with the discovery. Read the full story from SDxCentral here.
Amazon’s Doorbell Vulnerability Compromises Home Security
Cybersecurity expert Yossi Atias demonstrated a live hack of Amazon’s Ring video doorbell at this year’s Mobile World Congress, exposing a previously unknown vulnerability in the IoT device. During the hack, Atias was able to change the video feed in the two-way communication app so that the end user saw footage of someone they knew. “Letting someone you ‘think’ you know into your home could potentially have dire consequences, particularly if your kids are at home,” said Atias. Learn how the vulnerability was discovered in the full story here.
Partner Spotlight: STMicroelectronics
Our fast, small-footprint, ultra-low-energy, security solutions ideally are suited for 8-, 16- and 32-bit devices such as the STMicroelectronics STM8, STM32 and SPC58 Chorus MCUs. Check out our ST partner page here.
GSA European Executive Forum, April 15-16, Munich, Germany: The GSA European Executive Forum brings together more than 250 leading semiconductor executives from across the industry for two days of thought exchange and discussion. This year, the event will focus on how to best take advantage of unprecedented opportunities that are available to us today — AI, Automotive, IoT, 5G, High Performance Computing, Cloud, AR/VR, etc. — while darker clouds seem to be appearing on the horizon: trade wars & tariffs, signs of industry inventory buildups and of a slowing Chinese economy. Louis Parks, who has recently been appointed to the GSA’s IoT Security Working Group, will be on hand and available for discussions. To arrange a meeting with Louis, please click here.