PRC's DJI Drone Android App Stealing Sensitive Information: Storing Data On Mainland China Servers →

July 27, 2020 by Marc Handelman in PRC, CCP, Data Stolen By China, PRC Espionage, Information Security, Data Security, PII, IoT

via the eponymous Dan Goodin, Security Editor at Ars Technica, comes this disturbing revelation of US persons that are owners of DJI drones and most importantly users of the company's DJI Go 4 for Android personal data undergoing trasnmittal to servers resident in the People's Republic of China. And, to add insult to injury, the application can apparently execute arbitrary bits without the behest of the hapless users. Read Dan's original superb reportage and try not to weep for your stolen identity (and data, thereof) ensconced so comfortably on PRC CCP controlled servers.

"People who have DJI Go 4 for Android installed may want to remove it at least until Google announces the results of its investigation (the reported automatic restart behavior means it's not sufficient to simply curtail use of the app for the time being). Ultimately, users of the app find themselves in a similar position as that of TikTok, which has also )aroused suspicions, both because of some behavior considered sketchy by some and because of its ownership by China-based ByteDance." - via the inimitable Dan Goodin, Security Editor at Ars Technica

OWASP Appsec Tel Aviv 2019, Aaron Guzman's 'Vehicle Security Trends & Implications For Automotive Suppliers' →

July 31, 2019 by Marc Handelman in OWASP Appsec Tel Aviv, OWASP, Information Security, Education, IoT Security, IoT, Cybersecurity, Conferences

Aaron Guzman is a Director with Aon’s Cyber Solutions Group, also serving as Head of Automotive & IoT Testing.

Credit: M. Bigham/Huntington Ingalls Industries, N. Hanacek/NIST

New NIST IOT Document Published

June 28, 2019 by Marc Handelman in NIST, IoT, Information Security

After a single draft in September 2018, the United States Department of Commerce's National Institute of Standards and Technology Computer Security Resource Center published (yesterday, 2019/06/27) the NIST CSRC Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NOST 8228) (also available at https://doi.org/10.6028/NIST.IR.8228.

Congratulations to the authors of this document: Kaitlin Boeckl (NIST), Michael Fagan (NIST), William Fisher (NIST), Naomi Lefkovitz (NIST), Katerina Megas (NIST), Ellen Nadeau (NIST), Ben Piccarreta (NIST), Danna Gabel O'Rourke (Deloitte & Touche), Karen Scarfone (Scarfone Cybersecurity). Enjoy!

Japan Government Set To Hack Citizen Owned IoT Devices

January 29, 2019 by Marc Handelman in Information Insecurity, IoT, IoT Security

In preparation for the country's 2020 Olympics (and - ostensibly - in order to avoid catastophic numbers of IoT vectored attacks during the Olympic events)... Probably about 5 years too late, though, as the enormity of fixing the problems may be insurmountable even for the Japanese Governmental Security Groups, who are well-known for attention to detail. Regardless there will certainly be an enormous number of surprises and what-not in their targeted bailiwick of connected devices. H/T

The iOT Radio Attack Primer →

December 12, 2017 by Marc Handelman in Information Security, Electromagnetic Waves, Radio, iOS Data Leakage, IoT, IoT Security

Nitesh Malviya, writing at Infosec Institute performs knowledge transfer within the radio science arena, with an exemplary iOT - related radio primer. This is a first in a series regarding iOT radio vectored attack research. Enjoy.

Serfdom of IoT →

November 07, 2017 by Marc Handelman in IoT, Serf, Must Read, Feudal

Welcome to the new (old) world of Serfdom (essentially, a base rung of the societal ladder under Feudalism); in this case, an existence under the utility of IoT... Through the legal lens of Joshua A.T. Fairfield, Professor of Law, Washington and Lee University, comes this tremendous piece published at The Conversation. Today's Must Read, Indeed.

BSides Cleveland 2017, Erik Daguerre's 'IoT Device Pentesting' →

July 17, 2017 by Marc Handelman in BSides, Conferences, IoT Security, IoT, Information Security, Penetration Testing

CSIAC: Certified Security by Design for the Internet of Things →

July 01, 2017 by Marc Handelman in All is Information, Education, IoT Security, IoT

Marine IoT, The Rolls Royce Concept: But, Where's The Security? →

May 15, 2017 by Marc Handelman in IoT, IoT Security, Physical Security, Information Security

While extraordinarily phenomenal - a conceptual marine-based IoT infrastructure via Rolls Royce - is superbly painted as the future portrait of intelligent shipping; but, there is a nagging question my fellow travelers: Where's the security? Hat Tip

IoT Security Fail, The Collaborative Fix →

May 02, 2017 by Marc Handelman in IoT, IoT Security, ISOC, Information Security, Network Security, Hardware Security

Andrei Robachevsky, a Technology Program Manager at The Internet Society (ISOC), writes of a contemplated security engineering initiative targeting security flaws in the Internet of Things environ. Today's Must Read.

"Unfortunately, as is often the case with fast-pace developments, security of IoT components and the system as a whole is lagging. Price and functionality features take higher priority. We need to make security and privacy the most important features. Never before has the virtual world penetrated so deep into our physical lives, and if the gap isn't shortened there is a high risk of long-term damage to user confidence in the IoT." - Andrei Robachevsky, Technology Program Manager at The Internet Society (ISOC)

The IoT Chain →

April 26, 2017 by Marc Handelman in All is Information, Anti-Patterns, Computer Science, Information Security, IoT, IoT Security, Hardware Security

Meanwhile, in troubling IoT news, a paper (published by the IACR) entitled "IoT Goes Nuclear: Creating a ZigBee Chain Reaction" & authored by Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten (a Weizmann MSc student); we find - perhaps - the ultimate ZigBee nightmare... Today's Must Read (and while your're at it, check out the video to round out your day). Thanks and Tip O' The Hat

33c3, Ray's 'Lockpicking in the IoT' →

January 24, 2017 by Marc Handelman in All is Information, Conferences, Physical Security, Lock Picking, IoT Security, IoT

Retailers Begin Physical Customer Tracking →

January 18, 2017 by Marc Handelman in All is Information, Tracking, Dubious Methodology, Questionable Tracking, User Tracking, Surveillance, Must Read, Demise of Privacy, Information Security, Information Sharing, Intelligence Sharing, Intelligence, IoT, IoT Security

Tracking, that is, with the assistance of Intel Corporation (NASDAQ: INTC), that benevolent arbiter of all things computational... El Reg has conveniently provided a FAQ (direct from the chip fabricator) in their superlatively reported post. Today's Must Read.

FTC IoT, The Contest →

January 05, 2017 by Marc Handelman in All is Information, USFTC, IoT, IoT Security, Information Security

The FTC is now running contests... What's next - Casual Friday?

Deutsche Telekom, Drone Hunter →

December 08, 2016 by Marc Handelman in All is Information, IoT, IoT Security, Drones, Information Technology, Information Security

Apparently, Deutsche Telekom is now in the anti-drone business, utilizing a partner toolkit - monikered 'DroneTracker', and branded - interestingly - the 'Magenta Drone Protection Shield'...

'DroneTracker, developed by Dedrone in Kassel, is the key system that detects drones automatically by means of various sensors – such as video cameras, radio frequency scanners, and microphones – and repels them if necessary. At its core is smart software that is able to distinguish drones from birds, helicopters, and other flying objects safely, and even to recognize specific drone models.' - via HelpNet Security

IoT Security in the Cloud, Best Practices →

November 09, 2016 by Marc Handelman in All is Information, Cloud Security, Data Security, Information Security, Network Security, IoT, IoT Security

IoT'd →

November 03, 2016 by Marc Handelman in All is Information, Optimism, Network Security, Information Security, IoT

New, oddly optimistic screed - detailing the belief that ISP's should mitigate/remediate bad IoTbehaviors - has surfaced at Wired. You be the judge.

IoT'd →

October 03, 2016 by Marc Handelman in All is Information, Networks, Network Security, Network Protocols, Information Security, IoT

News, via the inimitable Dan Goodin, writing at Ars Technica, of newly released DDoS source code leveraging IoT devices. Beware that new Bluetooth cuddly stuffed bear, it's a killer (and let's ignore the rabbit for now)...

IoT, Not Your BFF

February 26, 2016 by Marc Handelman in All is Information, Internetwork Security, Information Security, IoT

In which, IoT is apparently not your best friend forever... Today's Must Read.

San Francisco ISOC Hosts IoT Conference →

February 16, 2016 by Marc Handelman in Internetwork Security, IoT, ISOC

The San Francisco Chapter of the Internet Society has slated February 18th, 2015 as the date for the first INET/IoT Conference.

"The Internet of Things (IoT) is an idea that has been around for a long time but is now starting to come to fruition. The idea is that anything and everything can have a sensor and can provide information to a remote collector somewhere else on The Internet. Our cars, our homes, farm animals, farmer’s fields, light bulbs, roads, just about anything can be fitted with a data collection device and the information used to make smarter decisions. The need to collect and analyze the huge amount of data collected is driving advances in Big Data computing. Such data collection also raises serious privacy and security concerns. More event information is on our website here, including speaker bios: http://www.sfbayisoc.org/iot-conference/ ." via the SF Bay ISOC Chapter