OWASP Appsec Tel Aviv 2019, Aaron Guzman's 'Vehicle Security Trends & Implications For Automotive Suppliers' →
Aaron Guzman is a Director with Aon’s Cyber Solutions Group, also serving as Head of Automotive & IoT Testing.
Aaron Guzman is a Director with Aon’s Cyber Solutions Group, also serving as Head of Automotive & IoT Testing.
In preparation for the country's 2020 Olympics (and - ostensibly - in order to avoid catastophic numbers of IoT vectored attacks during the Olympic events)... Probably about 5 years too late, though, as the enormity of fixing the problems may be insurmountable even for the Japanese Governmental Security Groups, who are well-known for attention to detail. Regardless there will certainly be an enormous number of surprises and what-not in their targeted bailiwick of connected devices. H/T
> Image Credit> , > Israeli Defense Forces> , The > IDF**> Desert Rreconnaissance Battalion**> Training Exercises
Terrific blog post by Gerhard Jacobs, writing at the Imperva Cybersecurity blog, and discussing IoT and ML with Gilad Yehudai (Gilad is a Security Research Engineer at Imperva), this time, where connected devices and machine learning interact in concert with and inform warfighting and warrior, and machine capabilities. Today's Must Read.
via Gidget Fuentes - writing at the United States Naval Institute (USNI), of the United States Marine Corps decision to ground all COTS (Common Off The Shelf) UAVs (Unmanned Aerial Vehicles) from use by Marines. The decision was precipated by the security flaws in consumer-grade drone platforms.
Nitesh Malviya, writing at Infosec Institute performs knowledge transfer within the radio science arena, with an exemplary iOT - related radio primer. This is a first in a series regarding iOT radio vectored attack research. Enjoy.
465,000. The number of Abbott manufactured pacemakers that require software updates due to life-threatening vulnerabilities resident within installed software packages. Coupled with easy accessibility via the interwebs, another example of incompetent software engineering in the manufacturing process? No, just a jarring welcome to the Internet of Shite. The United States Food and Drug Administration's announcement ordering a recall and detailing the flaws came as no real surprise:
via the FDA Announcement: Abbott's (formerly St. Jude Medical's) implantable cardiac pacemakers, including cardiac resynchronization therapy pacemaker (CRT-P) devices, provide pacing for slow or irregular heart rhythms. These devices are implanted under the skin in the upper chest area and have connecting insulated wires called "leads" that go into the heart. A patient may need an implantable cardiac pacemaker if their heartbeat is too slow (bradycardia) or needs resynchronization to treat heart failure. The devices addressed in this communication are the following St. Jude Medical pacemaker and CRT-P devices:
- Accent
- Anthem
- Accent MRI
- Accent ST
- Assurity
- Allure
Andrei Robachevsky, a Technology Program Manager at The Internet Society (ISOC), writes of a contemplated security engineering initiative targeting security flaws in the Internet of Things environ. Today's Must Read.
"Unfortunately, as is often the case with fast-pace developments, security of IoT components and the system as a whole is lagging. Price and functionality features take higher priority. We need to make security and privacy the most important features. Never before has the virtual world penetrated so deep into our physical lives, and if the gap isn't shortened there is a high risk of long-term damage to user confidence in the IoT." - Andrei Robachevsky, Technology Program Manager at The Internet Society (ISOC)
Meanwhile, in troubling IoT news, a paper (published by the IACR) entitled "IoT Goes Nuclear: Creating a ZigBee Chain Reaction" & authored by Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten (a Weizmann MSc student); we find - perhaps - the ultimate ZigBee nightmare... Today's Must Read (and while your're at it, check out the video to round out your day). Thanks and Tip O' The Hat
Tracking, that is, with the assistance of Intel Corporation (NASDAQ: INTC), that benevolent arbiter of all things computational... El Reg has conveniently provided a FAQ (direct from the chip fabricator) in their superlatively reported post. Today's Must Read.
or 'No Need to Worry, Nothing to See Here, Move Along' view of IoT DDoS attacks in serverless modalities.
Apparently, Deutsche Telekom is now in the anti-drone business, utilizing a partner toolkit - monikered 'DroneTracker', and branded - interestingly - the 'Magenta Drone Protection Shield'...
'DroneTracker, developed by Dedrone in Kassel, is the key system that detects drones automatically by means of various sensors – such as video cameras, radio frequency scanners, and microphones – and repels them if necessary. At its core is smart software that is able to distinguish drones from birds, helicopters, and other flying objects safely, and even to recognize specific drone models.' - via HelpNet Security