The IoT security bill is a step in the right direction, as it addresses one of the biggest gaps in software security overall -- generating awareness. But, as the use of connected devices continues to exponentially grow over time, we must ask ourselves: is it enough? Let’s explore.
Technologies such as occupancy management, automated visitor management and touchless access control applications are increasing in demand – turning up the dial on interoperability as organizations seek to deploy best of breed solutions. To power these technologies, Artificial Intelligence (AI), cloud storage and the Internet of Things (IoT) are driving new functionalities and new uses from existing technologies to deliver customized applications for pandemic related health, safety and security issues. While this year might bring a number of uncertainties, we remain confident that the industry will continue to see growth and demand for these trends.
As 5G technology continues to be rolled out worldwide—providing latency of a mere 1 millisecond—it is critical that information security professionals become familiar with 5G system architecture and security architecture, as well as the risks that come with implementing new cellular technologies. ISACA’s new white paper, 5G Security: Addressing Risk and Threats of Mobile Network Technologies, explores these topics, and compares 5G technology with 4G and previous generation cellular technologies.
In spite of the fact that mobile apps live on IoT-enabled devices, collect user data, and continuously loop communication between Internet, cloud services and companies (even when not “in use”), there is a limited view that they are different entities altogether. We see this particularly when it comes to security – or lack-there-of – regarding security standards in place to continuously protect users from detrimental application hacks.
Nozomi Networks published research about vulnerabilities found in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras - Reolink. The most critical vulnerability, assigned a CVSS score of 9.1, allows attackers to access sensitive information such as audio/video streams across the internet.
The advancement of interconnectivity and IoT-enabled equipment has brought a variety of new benefits to the enterprise, however, with this enhanced connectivity comes the possibility for risk. Even HVAC systems can be susceptible if they’re not safeguarded. As hackers modify their targets amid IT evolution, the ability to eliminate system vulnerabilities has never been more critical. In this article, we’ll offer guidance on implementing a cybersecurity strategy that encompasses power management for end-to-end solution.
After a successful launch earlier this year, Carnegie Mellon researchers introduced the latest version of the IoT Privacy Assistant, an app and digital infrastructure that enables users to discover IoT devices nearby, learn about the data they collect and any controls they might possibly give, such as opting in or out of their data collection and use practices.
The CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) stacks. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.