Internet of Things
Decoding Security
English - October 17, 2017 07:01 - 18 minutes - 14.8 MB - ★★★★★ - 6 ratingsTechnology website security cybersecurity web security online security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Internet security is becoming more a part of our lives every day. We no longer have to worry about security on just our computers, but our phones, thermostats, and even our refrigerators. Jessica and Michael discuss the future of Internet security: the Internet of Things.
The Future of Internet Security
Summary
Internet security is becoming more a part of our lives every day. We no longer have to worry about security on just our computers, but our phones, thermostats, and even our refrigerators. Jessica and Michael discuss the future of Internet security: the Internet of Things.
News
KRACK, a recently discovered flaw in wifi, allows attackers to be able to trick devices that are accessing a WPA2 access point into using a predictable encryption key. This allows attackers to listen in to any data transferred, and easily decrypt it.
Related article:
https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/
Equifax took another hit last week. Their advertising company was serving malicious ads, that advertised a fake Adobe update. Equifax has taken down the page, and has confirmed that their systems were not compromised.
Related article:
http://money.cnn.com/2017/10/12/technology/equifax-website-adware/index.html
Patient Home Monitoring exposed medical records of over 150,000 Americans, due to a misconfigured Amazon S3 storage. At this time, it is unclear if any malicious actors have exfiltrated the data.
Related article:
https://mackeepersecurity.com/post/patient-home-monitoring-service-leaks-private-medical-data-online
Security of Internet Connected Devices
CloudPets
Internet connected stuffed animal
Account information was stored in an unsecured MongoDB
Allowed one character passwords (and even recommended using just a lowercase “a” as the password)
Recording files were not protected - just need to know the URL
Related article:
https://en.wikipedia.org/wiki/CloudPets
Baby Monitors
Multiple accounts of hacked monitors already exist
Most allow wifi to be turned off
Prevent access
Turn off wifi on device
Connect to a wifi network that is not connected to the Internet
Password protect the device and router/modem with a strong password
As we start using more and more Internet connected devices, it is imperative that we ensure we are taking every precaution to secure our network, and utilize any security features that may be included with the devices.
Related articles:
https://www.huffingtonpost.com/healthline-/parental-warning-your-babb11668882.html
https://nakedsecurity.sophos.com/2015/04/24/how-to-secure-your-baby-monitor/
Voice Controlled Speakers
Always listening
You are not in direct control of the security - you have to trust Amazon/Google
Change the wake word on Echo
Prevents things like the Burger King ad that was activating Google to pull up the Whopper Wikipedia page or South Park activating Alexa
These devices are inherently insecure, but people often don’t care because they are so convenient
Take steps to secure your data if you use these devices
Use a payment option that is not used anywhere else
Don’t connect sensitive email accounts
Disable the always listening capability
Related articles:
https://gizmodo.com/alexa-is-not-even-remotely-secure-and-really-i-dont-car-1764761117
https://www.theverge.com/2017/4/12/15259400/burger-king-google-home-ad-wikipedia
Devices need to be simple to set up, but this often comes at the cost of poor security.
Updates are often not completed, leaving devices vulnerable.
As consumers, we need to put pressure on the manufacturers to improve security, and set firmware updates to complete automatically.
Tip of the Day
Don’t reuse passwords! Reusing passwords makes it easier for bad actors to use credential stuffing to access your accounts. The best way to protect against credential stuffing is to ensure that your credentials aren’t being reused, so that if one account is accessed, your other accounts won’t be accessible with the same credentials.
Decoding Security is hosted by Jessica Ortega and Michael Veenstra, and produced by Topher Tebow for Sitelock..
Music:
"Upbeat Forever" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
SiteLock is the leader in Business Website Security Services.
Copyright © SiteLock 2017