Internet of Things

Decoding Security

English - October 17, 2017 07:01 - 18 minutes - 14.8 MB - ★★★★★ - 6 ratings
Technology website security cybersecurity web security online security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Securing Your Website

Next Episode: Endpoint Security Basics

Internet security is becoming more a part of our lives every day. We no longer have to worry about security on just our computers, but our phones, thermostats, and even our refrigerators. Jessica and Michael discuss the future of Internet security: the Internet of Things.

The Future of Internet Security
Summary

News

KRACK, a recently discovered flaw in wifi, allows attackers to be able to trick devices that are accessing a WPA2 access point into using a predictable encryption key. This allows attackers to listen in to any data transferred, and easily decrypt it.

https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/

Equifax took another hit last week. Their advertising company was serving malicious ads, that advertised a fake Adobe update. Equifax has taken down the page, and has confirmed that their systems were not compromised.

http://money.cnn.com/2017/10/12/technology/equifax-website-adware/index.html

Patient Home Monitoring exposed medical records of over 150,000 Americans, due to a misconfigured Amazon S3 storage. At this time, it is unclear if any malicious actors have exfiltrated the data.

https://mackeepersecurity.com/post/patient-home-monitoring-service-leaks-private-medical-data-online

Security of Internet Connected Devices

CloudPets

Internet connected stuffed animal
Account information was stored in an unsecured MongoDB
Allowed one character passwords (and even recommended using just a lowercase “a” as the password)
Recording files were not protected - just need to know the URL

https://en.wikipedia.org/wiki/CloudPets

Baby Monitors

Multiple accounts of hacked monitors already exist
Most allow wifi to be turned off
Prevent access
Turn off wifi on device
Connect to a wifi network that is not connected to the Internet
Password protect the device and router/modem with a strong password

As we start using more and more Internet connected devices, it is imperative that we ensure we are taking every precaution to secure our network, and utilize any security features that may be included with the devices.

https://www.huffingtonpost.com/healthline-/parental-warning-your-babb11668882.html

https://nakedsecurity.sophos.com/2015/04/24/how-to-secure-your-baby-monitor/

Voice Controlled Speakers

Always listening
You are not in direct control of the security - you have to trust Amazon/Google
Change the wake word on Echo
Prevents things like the Burger King ad that was activating Google to pull up the Whopper Wikipedia page or South Park activating Alexa
These devices are inherently insecure, but people often don’t care because they are so convenient
Take steps to secure your data if you use these devices
Use a payment option that is not used anywhere else
Don’t connect sensitive email accounts
Disable the always listening capability

https://gizmodo.com/alexa-is-not-even-remotely-secure-and-really-i-dont-car-1764761117

https://nakedsecurity.sophos.com/2017/01/27/data-privacy-day-know-the-risks-of-amazon-alexa-and-google-home/

https://www.theverge.com/2017/4/12/15259400/burger-king-google-home-ad-wikipedia

Devices need to be simple to set up, but this often comes at the cost of poor security.
Updates are often not completed, leaving devices vulnerable.

As consumers, we need to put pressure on the manufacturers to improve security, and set firmware updates to complete automatically.

Tip of the Day

Don’t reuse passwords! Reusing passwords makes it easier for bad actors to use credential stuffing to access your accounts. The best way to protect against credential stuffing is to ensure that your credentials aren’t being reused, so that if one account is accessed, your other accounts won’t be accessible with the same credentials.

Decoding Security is hosted by Jessica Ortega and Michael Veenstra, and produced by Topher Tebow for Sitelock..
Music:
"Upbeat Forever" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/