Here at VDOO, it is our long-term mission to continuously assess and improve the security of the connected-devices that are rapidly surrounding us. The only real way to succeed in these missions is by utilizing a critical and methodical approach and technologies to inspect all the different layers of a modern embedded and connected device – its application layer, protocols, operating system, hardware, controllers, gateways and backend connectivity.
Since founding VDOO, we have been working to analyze a great many IoT devices, in the broadest way possible. The more we look into these devices and find their vulnerabilities, the further we validate a basic hypothesis: security for the IoT must start with the most basic security building blocks.
The major botnet variants seen over the last few years have been enabled primarily by a lack of basic security engineering practices applied to consumer IoT devices. BASHLITE, Mirai, Remaiten and Linux.Darlloz all relied at least partially on dictionary attacks that took advantage of well-known default username/password combinations to compromise devices.
This article is part two of the IoT Security Foundations series. In this post we will introduce authentication, its pitfalls, and what makes it interesting in the Internet of Things. This article focuses on password authentication mechanisms, the most common ways they get broken, and the right measures that IoT makers can take to achieve a high level of security. There are other advanced authentication methods, that can be more secure or more efficient than password authentication under specific scenarios, but we will leave the details of those for a later article in this series.
It may be just a few short months since we founded VDOO, but it has been over a decade since we started innovating in cyber security, back in the days when it was simply ‘information security’. We started with compliance automation and network-node security certification, through computer forensics and incident response, and in the last few years we have been dealing with endpoint security against targeted attacks and integration of gateway solutions. Our goal has always been to stay one step ahead of the attackers, and ahead of the market. Sometimes we managed, sometimes we didn’t.
In this blog post, we will discuss what makes up the foundations of security in IoT, and begin a series of articles that will provide focused overviews on select topics within this field. We will focus on the client or device side of IoT, rather than the server or service side, since that is where some of the most unique challenges lie.
When you purchase an electronic device, how do you know it will work? How can you be sure that it will not harm your environment or even your safety? How can you know that the device will not be used as means of espionage?
Over the last few decades, technological revolutions have completely changed the way we live. The personal computing revolution began in the early eighties – businesses began transitioning to a technology that allowed them to process data automatically, store it digitally and find it quickly and efficiently.
The Internet of Things (IoT) ecosystem is somewhat infamous for its lack of security. In this article, part of our series on IoT security foundations, we will analyze the IoT supply chain, and examine how some of its elements affect IoT security, focusing on devices. We will then use this analysis as a basis to propose some industry and regulatory solutions.
The world we live in rapidly becoming more and more connected, on every thinkable level. From home devices, through wearables and all the way to medical solutions. This, of course, is the Digital Revolution, enabling consumers, businesses and industries to make better, more informed, real-time decisions to provide the best experience to the end user. This goes hand in hand with the growing ease of doing business and seamless engagement.