Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 28 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Internet of Things test reveals major flaws

by The Gurus
May 16, 2014
in Editor's News
Share on FacebookShare on Twitter

A penetration test on common Internet of Things (IoT) has revealed basic flaws, as well as how many of the devices were open and connected to the internet.
 
In a demonstration at the Context Oasis event in London, Alex Chapman, senior consultant did tests on network attached storage, a printer, an internet enabled rabbit toy, IP camera and light bulbs, and found exploits in most that would allow them to be remotely accessed and controlled.
 
Chapman said that all but the Karotz smart rabbit had exploits that allowed him to control and access them. He said: “I didn’t pick out 100 devices and find vulnerabilities in five of them, there were vulnerabilities in five devices. This shows that you need to go through and secure them as this can lead to real issues on the network,” he said. “We are not there with vendors pushing firmware updates, but we are getting there.”
 
Chapman said that his research found 14,000 internet-connected and open network attached storage systems and around 200 IP cameras and one printer could be accessed through the internet. “There are parallels in the corporate environment, for the underlying technology and operating systems and processes,” he said. “The light bulb shows data failure, the IP camera affects physical security systems, NAS internal file stores while wifi-connected printers also affects network-connected printers. Karotz has the same functionality as video and voice communication software.”
 
He said that the IoT by any other name “may just be vulnerable embedded devices” that are not sexy, but in your networks. He also said that traditional penetration testing will not touch these devices, typically.
 
He said: “These run a cut down operating system that most IoT devices run on, but it is not the same as a server system; it is a small enough image to work on a small enough server and the controls do not exist so the cost expectation is lower.”
 
Chapman told IT Security Guru that he identified the vulnerabilities very quickly, but getting a payload took time.

FacebookTweetLinkedIn
Tags: IoTThings
ShareTweetShare
Previous Post

Privacy International Launches Legal Bid to Stop GCHQ’s ‘Intrusive’ Malware

Next Post

Context: Threat intelligence the key to survival

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information