{"id":4330,"date":"2013-12-23T12:30:28","date_gmt":"2013-12-23T17:30:28","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=4330"},"modified":"2013-12-23T12:30:28","modified_gmt":"2013-12-23T17:30:28","slug":"smart-devices-get-smarter-but-are-still-short-on-security","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/12\/23\/smart-devices-get-smarter-but-are-still-short-on-security\/","title":{"rendered":"Smart devices get smarter, but are still short on security"},"content":{"rendered":"

\"\"<\/a><\/p>\n

As you shop for that new \u201csmart\u201d refrigerator that can do everything including figuring out when you\u2019re low on milk, perhaps you should also think about the risk of some mischievous hacker taking control of it and having 5000 gallons of milk delivered to your door.<\/p>\n

Unlikely, yes, but possible. And that\u2019s just inconvenient. What about a hacker who unlocks your doors while you\u2019re away?<\/p>\n

That scenario is real. It has been demonstrated. Security experts have been saying for more than a decade that, in the world of electronic devices, \u201csmart\u201d does not mean secure. They have warned that if security is not made a priority, the convenience provided by those devices will be undermined by cyber criminals.<\/p>\n

And most of them say things have gotten even worse since those warnings began, in part due to the explosive growth of consumer devices with embedded computers.<\/p>\n

Helping ‘things’ compute<\/p>\n

In an interview with PaulDotCom Security Weekly TV last February, Craig Heffner, a vulnerability researcher with Tactical Network Solutions, put it bluntly. \u201cGo back 15 years in computer security, pick every problem we\u2019ve had from then to now, and you\u2019ll find it in embedded systems,\u201d he said.<\/p>\n

That would make it a problem growing by orders of magnitude. At a conference on the Internet of Things (IoT) last month, sponsored by the Federal Trade Commission (FTC), the agency\u2019s chairwoman, Edith Ramirez, said the 3.5 billion sensors now on the network are expected to grow to trillions within the next decade. Indeed, many of today\u2019s new cars already have more than 100 embedded, connected computers.<\/p>\n

\u201dFive years ago, more things than people connected to Internet,\u201d she said. \u201cBy 2020, 90 percent of all cars will have some kind of vehicle platform, up from 10 percent today. By 2015, there will be 25 billion things hooked to the Internet. By 2020, that will grow to 50 billion. In the consumer market, smart devices will track our health, help us remotely monitor an aging family member, reduce our utility bills and tell us we\u2019re out of milk.\u201d<\/p>\n

But all that, she said, will come with \u201cundeniable\u201d privacy and security risks. In response, she said, the stance of the FTC is that, \u201ccompanies need to build security into their products, no exceptions.\u201d<\/p>\n

Perhaps some day. But according to most experts, the opposite is true\u2014the exception is a smart product that actually has security as a key component. Heffner, who appeared on a panel discussing the \u201cconnected home\u201d at the FTC conference, contended that, \u201cconsumer devices typically don\u2019t have any security, at least not by today\u2019s standards.\u201d<\/p>\n

In an interview, Heffner said the biggest reason for that is because \u201cpeople don\u2019t make purchasing decisions based on the security of a product. They do it based on the product\u2019s features, looks and price. Why in the world would a company spend time and money on something that users don\u2019t care about and will never see?\u201d<\/p>\n

Full Story: Smart devices get smarter, but are still short on security | TechHive<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

As you shop for that new \u201csmart\u201d refrigerator that can do everything including figuring out when you\u2019re low on milk, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[3,7,10],"tags":[342,395,452],"class_list":["post-4330","post","type-post","status-publish","format-standard","hentry","category-hardware","category-security","category-technology","tag-exploits","tag-gadgets","tag-hacker"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-17Q","jetpack-related-posts":[{"id":6184,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/13\/hacker-coalition-sets-out-to-improve-critical-device-security-challenges-car-makers\/","url_meta":{"origin":4330,"position":0},"title":"Hacker coalition sets out to improve critical device security, challenges car makers","author":"NCCT","date":"August 13, 2014","format":false,"excerpt":"A collective of security researchers issued a letter Friday from the DefCon hacker conference in Las Vegas urging the automotive industry to adopt five principles for building safer computer systems in vehicles. The group is operating under the name I Am the Cavalary and includes researchers and others concerned about\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6054,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/23\/security-expert-details-multiple-undocumented-services-running-on-all-ios-devices\/","url_meta":{"origin":4330,"position":1},"title":"Security expert details multiple undocumented services running on all iOS devices","author":"NCCT","date":"July 23, 2014","format":false,"excerpt":"During a recent hacker conference, forensic scientist and iPhone jailbreaking expert Jonathan Zdziarski outlined a number of undocumented high-value forensic services running on every iOS device. He also found suspicious design omissions in iOS that make data collection easier according to a report from ZDNet. Zdziarski notes that while Apple\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3175,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/13\/security-team-pries-open-secrets-of-chinese-hacker-gang\/","url_meta":{"origin":4330,"position":2},"title":"Security team pries open secrets of Chinese hacker gang","author":"NCCT","date":"August 13, 2013","format":false,"excerpt":"A Chinese hacker gang whose malware targeted RSA in 2011 infiltrated more than 100 companies and organizations, and was so eager to steal data that it probed a major teleconference developer to find new ways to spy on corporations, according to researchers. The remote-access Trojan, or RAT, tagged as \"Comfoo\"\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/zapt5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/zapt5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/zapt5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":8626,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/09\/16\/report-new-hack-lets-an-attacker-bypass-password-locked-android-home-screens-2\/","url_meta":{"origin":4330,"position":3},"title":"Report: New hack lets an attacker bypass password-locked Android home screens","author":"NCCT","date":"September 16, 2015","format":false,"excerpt":"If no one has been able to convince you to take your device\u2019s security seriously, perhaps this hack will do it. A video uncovered by Ars Technica shows someone able to use the emergency call access to gain entry to a locked phone, even though it\u2019s protected with a password.\u2026","rel":"","context":"In "Hardware"","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/J-pFCXEqB7A\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":8923,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/this-botnet-has-infected-nearly-a-million-devices-since-2014\/","url_meta":{"origin":4330,"position":4},"title":"This botnet has infected nearly a million devices since 2014","author":"NCCT","date":"May 17, 2016","format":false,"excerpt":"By Shawn Knight | TechSpot One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google\u2019s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they're being\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8742,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/09\/microsoft-may-block-sha1-certificates-sooner-than-expected\/","url_meta":{"origin":4330,"position":5},"title":"Microsoft may block SHA1 certificates sooner than expected","author":"NCCT","date":"November 9, 2015","format":false,"excerpt":"Encrypted sites running old certificates will be inaccessible from modern browsers. By Zack Whittaker for Zero Day While about one-in-four encrypted websites are still using weak security certificates, Microsoft is considering taking matters into its own hands. With the possibility of an attack becoming ever more possible, the software giant\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4330","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=4330"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4330\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=4330"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=4330"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=4330"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}