Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.
This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
IoT Security Anti-Patterns
(via 4 Short Links)
This video was made a group of security researchers based at the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel. The Lamphone, as they call it, is intended as an alternative method of eavesdropping on private conversations without having to compromise a device with malware. In their tests, the researchers […]
Journalist’s Resource published this great comic by Josh Neufeld, explaining the basic concepts behind differential privacy, the data collection method used to prevent bad actors from de-anonymizing the information gleaned from the 2020 Census. The original source includes some other great resources on differential privacy, but since the comic itself is made available under a […]
Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city's systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs […]
As the summer surges forward, grilling and evenings in the backyard may be the only serious outdoor excursions many of us take this season. Yet even with all of our current problems, there’s one group who doesn’t care a bit about COVID-19 and will still look to make any trip you make outside into an […]
With all due respect to our vegetarian friends, there might be nothing more intrinsically linked to the 4th of July holiday than a big ole cookout. Sure, fireworks and celebrating the birth of a constitutional republic are great too, but showing off your cooking prowess with a brilliantly seared, mouth-watering slab of grade-A American beef […]
We’re at the midway point of 2020. So…how’s the year going for you so far? Yeah…we can guess. But while there’s a lot about 2020 we can’t directly control, maybe a little retail therapy can help make you feel better. Sure, the 39 items we gathered together can absolutely bring a smile to your face. […]