Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.
This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
IoT Security Anti-Patterns
(via 4 Short Links)
This video was made a group of security researchers based at the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel. The Lamphone, as they call it, is intended as an alternative method of eavesdropping on private conversations without having to compromise a device with malware. In their tests, the researchers […]
Journalist’s Resource published this great comic by Josh Neufeld, explaining the basic concepts behind differential privacy, the data collection method used to prevent bad actors from de-anonymizing the information gleaned from the 2020 Census. The original source includes some other great resources on differential privacy, but since the comic itself is made available under a […]
Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city's systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs […]
It’s easy to be instantly dismissive about most Bluetooth speakers, especially small travel-sized units. Over the past few years, makers of every shape, size, and variety have started pounding out Bluetooth speakers, many barely able to sound much better than your smartphone speaker, let alone provide the bass and volume heft of legitimate portable speakers […]
Did you know that you are free to change your auto insurance at any time? Maybe you do know that, but don’t want to deal with the inconvenience of changing providers. Or maybe you simply already think you have a great deal. The fact is that your car insurance is one of those expenses that […]
According to researchers, stay-at-home orders in the US and around the globe are helping those working from home grab an extra 15 minutes of sleep per night. For college students, it’s even up to 30 extra minutes each night. Meeting your quality sleep threshold is actually one of the greatest indicators of your overall health. […]