Author Archives: peterderrico

How to Secure Your IoT Devices – Tom’s Guide | Tom’s Guide

Have a fitness band, smart thermostat or other smart IoT device? Here’s how to make sure it’s secure.

“As connected consumer devices become more powerful and gain more capabilities, they will become more attractive targets for malicious actors looking to exploit these capabilities,” said Rob Sadowski, director of technology solutions at RSA in Bedford, Massachusetts. “For example, we have already seen attacks exploit vulnerabilities in consumer routers for use in DDoS attacks and consumer NAS [network-attached storage] devices for illicit cryptocurrency mining.”

“Many vendors in the IoT space seem to have little or no concern regarding the safety and security of their customers,” said Craig Young, a security researcher with Tripwire in Alpharetta, Georgia.

Take smart home hubs, for example, which let homeowners automate their electronics and their overall security. Young warned that these hubs tend to come with a lot of risks. For example, one of the top-selling home-automation hubs — Young wouldn’t say which one — currently ships with a deprecated version of firmware that contains numerous publicly known vulnerabilities, as well as a handful of new vulnerabilities.

“Despite these serious security problems,” Young said, “the vendor has not updated the firmware in this device for over a year, even though they have since developed a somewhat less vulnerable firmware. Even worse, the vendor has stated they have no intention of encouraging their users to upgrade.”

House passes bipartisan IoT security bill to fix ‘glaring gap’ in cyber infrastructure | Federal News Network

A bipartisan bill setting minimum security standards for Internet of Things devices connected to federal networks passed the House Monday [September 14, 2020]. The bill now awaits a Senate floor vote before heading to the president’s desk.

The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology to set best practices for device security. 

“The challenge has been a lot of these IOT-connected devices are extraordinarily cheap sensor devices … that’s where there’s been some of the pushback that some of the low-end vendors have not wanted to take the responsibility to actually remediate known vulnerabilities,” [Senator] Warner said.