Tag:internet of things

1
Juniper report predicts IoT botnets will be an unmanageable cyber-security issue
2
Mirai Botnet knocks Liberia offline
3
Threat from hackers against Internet of Things grows
4
Nissan shakes like a LEAF and disables app after car hacking potential exposed

Juniper report predicts IoT botnets will be an unmanageable cyber-security issue

By Cameron Abbott

Juniper’s Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 cautions that the scale of connectivity related to consumer IoT will lead to unmanageable cybersecurity risk created by botnets in excess of 1 million units. The research found that botnets that disrupt internet services form part of the near-term threat landscape and will be used for more malicious purposes in the future. Botnets are expected to be used not only to disrupt services, but also to create a distraction in order to enable multi-pronged attacks. While the research calls on IoT manufacturers to implement security-by-design, it also found the market is wide open for challenger security vendors.

Mirai Botnet knocks Liberia offline

By Cameron Abbott and Rebecca Murray

After launching attacks on security expert Brian Krebs and the servers at Dyn, it appears as though the Mirai botnet has knocked the entire country of Liberia offline. Yes the country.  Given the paucity of protections on the Internet of Things with even weaker controls on adequate passwords, Mirai has a powerful base to co-opt and launch from.  That said a country is no mean achievement, albeit only with a population of 4.5 million and fewer than 10% of its citizens having internet access, the target was a small one. However, it is possible this attack is only the beginning for a new display of Mirai botnet’s capabilities. The attack peaked at a 500Gbps, a relatively modest figure when compared with the Dyn and Brian Krebs attacks.

Judging from the quick succession of recent attacks, we won’t be waiting long before we see another target of this highly effective botnet. Forbes has covered this in more detail here.

Threat from hackers against Internet of Things grows

By Cameron Abbott and Rebecca Murray

New research by Akamai Technologies has revealed that cyber criminals have cracked into as many as two million Internet-of-Things (IoT) devices at homes and businesses. IoT devices are products that connect to the internet, which now include refrigerators, sound systems, televisions and home security systems. In the report, researchers state that “Once malicious users access the web administration console of these device they can then compromise the device’s data and in some cases, take over the machine.” This report sheds much needed light on one of the most under-focused on areas of cyber security. Read the report here.

Nissan shakes like a LEAF and disables app after car hacking potential exposed

By Cameron Abbott and Meg Aitken

Lock you doors…oh wait, that won’t protect you. Australian security researchers, Troy Hunt and Scott Helme have exposed a security flaw in Nissan’s Connect app which allows certain features of the manufacturer’s best-selling electric car, the ‘LEAF’, to literally be controlled by someone else on the other side of the world.

Hunt and Helme recently discovered that the app did not require any owner identification information in order to link with and control LEAF cars. All that was required was the Vehicle Identification Number (VIN), which is conveniently displayed on the chassis of the vehicle.

OK, so hackers couldn’t actually steer the car, but they could command the climate control and telematics to access driving data about trip durations, raising privacy concerns. Further, given that the LEAF is an electric powered vehicle, being able to access the climate controls could potentially allow a hacker to drain the battery and leave a driver stranded.

Car companies are racing to embrace the internet of things, and privacy and security seems to be taking a back seat. While there is no doubt that connected car technology boasts exciting functionality for drivers, it is not without road bumps, and we are once again reminded of the dangerous potential presented by interconnected devices. With a bit of luck, Nissan’s scare will see the automotive industry get in the driver’s seat towards developing a better appreciation of the risks associated with these devices and how they can be mitigated.

Nissan has now reportedly disabled the NissanConnect app and plans to release a new version once these security concerns are rectified. According to Hunt’s blog post, it took Nissan more than a month to take the app offline after he reported the security vulnerabilities.

Read Troy Hunt’s blog post on the discovery here.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.