details
What furor there has been about IoT security has mostly been couched in terms of the disasters that await us when all the “things” attack our networks because all those devices are so easily compromised and are often ideal platforms for distributed denial-of-service and other attacks. This particular theory of the apocalypse was bolstered almost entirely by reference to last fall’s Mirai botnet, which centered on webcams that were pwned in large part because they were on the open internet with default administrator passwords.
If you can build your own botnet by running a scan for open Linux telnet servers, you are clearly still in the era of rookie mistakes. Throw in IoT gateways that close down port 23 and it might seem like the network is a happy place again. But beyond idiot-proofing webcams and stopping attack traffic emanating from lightbulbs and toasters, there is a fundamental security concern: How do IoT vendors stop malicious alteration of the software — and, thus, the behavior — of what could well be highly sensitive devices?
The microcontrollers running IoT devices need sufficient smarts to recognize rogue data or instructions before they execute. And depending on how widely the device is connected — to a virtual LAN? To a physically isolated network? To the web? — and on the severity of risk, that device requires on-device, embedded security that can verify software authenticity and integrity (read: from the source we think it is and unchanged by others).
Commenting is limited to those invited by others in the community
Login to continue or learn more.
related products
No comments yet.