Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 9 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cyber security tales of terror that are sure to make your skin crawl

by The Gurus
October 15, 2018
in This Week's Gurus
Share on FacebookShare on Twitter

By Larry Trowell, principal consultant at Synopsys

This Halloween season, in celebration of National Cyber Security Awareness Month, I’d like to introduce you to a few unwelcome trick-or-treaters you may meet. But don’t look out the window for them; they may already be inside your home, hiding in the Internet of Things (IoT).

The IoT is the entire network of devices that have the technology and protocols to collect and share data: smartphones, cars, thermostats, smart appliances, cameras, home assistants, fitness devices, and anything else with a network connection.

Of course, with network connectivity comes potential insecurity. Let’s address some of the more common IoT security concerns (or security monsters, as I like to festively think of them) that you should deal with now—before it’s too late.

Fight zombie botnets with consistent maintenance

Whenever the relationship between IoT and security comes up, the term “botnet” is never far behind. A botnet is a collection of IoT devices under a cyber criminal’s control. With names like Windigo, Kraken, and Reaper, it’s easy to see that the creators of these botnets have some appreciation for the similarity between their craft and the monster stereotypes of old.

Much like the classic horror movie zombies, these scary beasts are the living dead—that is, outdated IoT devices that you’ve set up in your home and then forgotten about. Without regular firmware updates, your devices could be filled to the brim with known software vulnerabilities, which botnet creators use to gain control of them.

In order to rid yourself of these unwanted pests, drop the salt and spend some time updating your network-connected devices. That includes phone updates you’ve been postponing for a while. If your devices haven’t prompted you to update recently, check with online resources like https://cve.mitre.org/ to determine if there are any known risks in running your devices.

Defeat any poltergeists in your home with passwords

The next monster I’d like to tell you about is reminiscent of the 1982 classic film Poltergeist, where a series of physical disturbances at home turn the lives of one family upside down. In our case, we’re focusing on issues of authentication, where your devices and accounts let someone else in after thinking it’s you. Let’s look at how to avoid this misleading phantom.

You’re probably familiar with connected devices that use default passwords during their initial setup, right? This is an authentication issue—if you don’t change the password, anyone can assume your identity by using the default.

In some cases, there are more severe security concerns. In fact, several years ago, after a consumer set up a security camera in their home, only to find that it didn’t meet their needs, they returned it to the store, at which point it was resold to someone else. Sounds like a perfectly standard procedure, right? It turns out that the back-end system that controlled the camera could not remove the original owner from the account. For all purposes, the original owner had full access to the new user’s video feed. The new owner may have felt as if they had a cursed camera watching over their home—which isn’t so far from the truth.

Authorization is a similar concern when it comes to IoT devices. (Authentication refers to confirming the identity of a valid user; authorization refers to granting a user some level of access.) Let’s take CloudPets as an example. CloudPets are stuffed animal toys for children that also conveniently use both cloud and Bluetooth technologies. The issue? If they don’t have a current Bluetooth connection, they allow any Bluetooth device to connect as an authorized user.

If your child has a smart toy, you should actively work to protect it from cyber misuse. The most important step is to change all default passwords. No matter whether a device or account asks for it, use a minimum of nine characters in every password. It’s also important to use uppercase and lowercase letters, numbers, and special characters.

Next, you’ll also want to learn where your data goes and who has access to it. If your devices use Bluetooth or other wireless protocols, see how they connect and whether they have an access code or physical contact with another device to connect with it.

Finally, if you use smart assistant devices such as Amazon Echo or Google Home, place a voice code on your device. You’ll be happy you did the next time your device thinks that it hears the phrases “Alexa” and “buy 20 CloudPets.” Just trust me on that one.

Banish network ghosts by leveraging guest networks

The final fiendish monster with a tale to share with you all today involves something of a ghost. One thing that to remember is that most of your smart devices get their intelligence by being connected to a network—your network. You know, the one with all your other devices on it, like your computer, hard drive, and other devices with sensitive data. If an attacker gains access to your devices, by whatever means they have up their sleeve, they also gain access to your network. It’s pretty much a package deal.

The solution isn’t to call the Ghostbusters (I wish it were the case, however) but to use a feature of many new routers that you’ve probably overlooked. That feature is to create a guest network, one that not just your friends can use but your devices can too. This way, if your devices are compromised, hackers have access only to the smaller network and will be isolated from the data you’ve worked so hard to protect.

Heed my words and follow these simple pieces of advice to keep your home free of unwanted guests during the spookiest time of year.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Cyber Security Summit & Expo set to provide unrivalled content for its 9th edition

Next Post

Alert Logic Extends Security to Cover Any Container Across Multiple Platforms

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information