Bearing the blame: Who’s responsible when IoT gets hacked?
An invasion of privacy, an insecure channel for exploiting the individual, an unnecessary form of automation, a super gateway for powering botnets; all of these accusations have been levelled at the Internet of Things (IoT), and with some justification, argues Ken Munro, Partner, Pen Test Partners
An invasion of privacy, an insecure channel for exploiting the individual, an unnecessary form of automation, a super gateway for powering botnets… All of these accusations have been levelled at the Internet of Things (IoT) and with some justification. The ludicrously poor security of these devices has laid them wide open to attack.
We have seen data sent in the clear, rather than via SSL, allowing an attacker to intercept communications sent from the device to the cloud-based service. We’ve seen easily hackable online user accounts, allowing the attacker to enumerate passwords using the forgotten password feature.