X-Force Red, IBM Security’s team of hackers, is hired by a variety of companies to find and help fix vulnerabilities exposing their most important assets to potential attacks. One sector that is increasingly looking into the security of their products is internet of things (IoT) manufacturers that build and sell IoT technologies such as smart home kits, cameras, appliances, televisions, security systems and even smart light bulbs.
Some IoT devices, while “smarter” than their nonconnected brethren, are also known to have more security deficiencies, such as default passwords that cannot be changed, privacy concerns and a lack of encryption. These issues can make IoT devices easier for attackers to access remotely, which is why device manufacturers seek ways to test them for potential risk. In a recent analysis, X-Force Red performed a hardware test on a consumer IoT device, which led to us discovering some interesting issues that could have a detrimental effect on businesses that sell everyday devices and services.
During testing, my team and I often look for vulnerabilities in a device or system that might expose it to an attack from an unknown adversary. The attacker may be a member of a criminal gang, a lone wolf or even a nation-state actor, and can often be well-equipped, experienced and determined to compromise their target. However, what if an attacker does not fit into any of those categories and, instead, is a seemingly legitimate customer? That is a very plausible scenario nowadays.
Vicious Tinkerers in Customer Clothing
Let’s take, for exam ..
Support the originator by clicking the read the rest link below.
