Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.
This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
IoT Security Anti-Patterns
(via 4 Short Links)
I'm coming to Halifax to give the closing keynote on day one of Atlseccon on April 24th: it's only my second-ever visit to the city and the first time I've given a talk there, so I really hope you can make it!
Vasile Savu is accused of walking into a Western Union in Hollywood, Florida and asking the clerk to print out his flight itinerary, a pretense he used to get the clerk to insert a thumb-drive loaded with malicious software into his computers, which allegedly allowed Savu to steal $32k from the business.
Mark Risher adapts his viral Twitter thread about the security advantages of security keys like Ubikey and Google's Titan Security Key, and how they are game-changers for information security.
The digital age is well and truly upon us, but let’s not forget there’s a load of free TV content floating literally over our heads. No, we’re not talking about the internet. Signals from major broadcast networks are still gratis for anyone who can pick them up with an antenna. And before you envision those […]
Who said LEGO® had to be ground bound? With The Force Flyers DIY Building Block Fly ‘n Drive Drone, you can turn LEGO® and other building-block creations into fully-functional flying machines. It’s available now in the Boing Boing Store for $39.99. This kit comes with everything you need for remote-controlled long distance flight, including a […]
When businesses need big cloud projects done right, they need experts in DevOps. For the uninitiated, that’s shorthand for the framework that allows development and operations teams to work together toward the same goal – not as independent departments with their own agendas. There’s an arsenal of software that has cropped up to help in […]