IoT Security | BringYourOwnIT.com

When IoT Attacks – The End of the World as We Know It?

October 20, 2017 Leave a comment

Excerpts of my interview with Phil Muncaster @philmuncaster

InfoSecurity Magazine Q4/2017, 4 October 2017

https://www.infosecurity-magazine.com/digital-editions/digital-edition-q4-2017/

Focus on the Firmware

A cursory look at OWASP’s IoT Security Guidance will highlight just how many elements in the IoT ecosystem could be exploited. Among others, these include the web interface, network, transport encryption layer, mobile app and device firmware. The latter is a key area of focus for the prpl Foundation, a non-profit which is trying to coral the industry into taking a new hardware-based approach to IoT security. Cesare Garlati, chief security strategist, claims that hackers could exploit IoT chip firmware to re-flash the image, allowing them to reboot and execute arbitrary code. “The issue with this kind of attack is that it gives the hackers complete control of the device and it is persistent; it can’t be undone via a system reboot, for example”, he tells Infosecurity. The answer is to ensure IoT systems will only boot up if the first piece of software to execute is cryptographically signed by a trusted entity. “It needs to match on the other side with a public key or certificate which is hard-coded into the device, anchoring the ‘Root of Trust’ into the hardware to make it tamper proof ”, says Garlati.

Read more of this post

Filed under IoT Security, Top Posts Tagged with Cesare Garlati, critical infrastructure, firmware, hypervisor, infosecurity magazine, IoT Security, root of trust, scada, secure boot, virtualization

Danger with drones getting hacked: it will get worse before it gets better

July 7, 2017 4 Comments

With the recent news of a drone causing chaos at Gatwick airport, hacking IoT devices has resurfaced as a topic of discussion especially regarding the security issues should a multitude of devices be hacked.

In the optimal situation, there is no way that anyone should be able to access, much less hijack, the critical functions of an IoT device such as a drone. While the power for destruction from just one drone may seem paltry, directing these drones in large numbers at a target is a very real, and dangerous, possibility – as confirmed by this news.

Read more of this post

Filed under IoT Security Tagged with dronejacking, drones, embedded computing, gatewick, hardware security, IoT Security, prplSecurity Framework, smart home, smarthome security

Embedded World 2017 – IoT coming of age.

March 27, 2017 Leave a comment

Last week I had the pleasure of attending Embedded World 2017 in Germany as I was invited to give a couple of presentations on the pioneering work we have been doing at the prpl Foundation with regards to the prplHypervisor™ and prplPUF™ APIs for securing IoT. As it turns out, IoT was the top line at the conference that drew in more than 30,000 trade visitors – and the event solidified the notion that embedded computing is now synonymous with IoT.

Read more of this post

Filed under IoT Security, Top Posts Tagged with cpu, embedded computing, embedded software, embedded world, firmware, hypervisor, interoperable protocols, IoT, IoT Security, open source, open source software, PUF, root of trust

Dronejacking – a disaster waiting to happen.

March 17, 2017 4 Comments

Don’t let that flying drone out of your sight: you never know where it might turn up next.

Last year, customers of Amazon in Cambridge began signing up for a novel delivery option. A 25kg drone, which is able to fly up to 10 miles gripping a book-sized package underneath, took just 13 minutes to fly from the warehouse nearby, landing briefly to drop the order on a delivery mat marked with the distributor’s single-letter logo in the customer’s rear garden.

Read more of this post

Filed under IoT Security Tagged with attack, dronejacking, drones, gps spoofing, IoT, IoT Security, Xbee

(Not so) Random Musings from RSA Conference 2017

February 21, 2017 Leave a comment

The world’s great and good of the information security industry descended on San Francisco this week for RSA Conference 2017. On the surface, it looked like more of the same this year. There weren’t a huge amount of new companies exhibiting this year and the traditional vendors all seemed to be consolidating and streamlining their product lines in attempt to demystify buyers. It even saw the McAfee brand back this year after a noticeable absence in the previous “Intel Security” era.

Read more of this post

Filed under Information Security Tagged with IoT, IoT Security, RSA, RSA Conference

Interview: Cesare Garlati, Chief Security Strategist, Prpl Foundation

January 12, 2017 2 Comments

by Dan Raywood Contributing Editor, Infosecurity Magazine

3 Jan 2017

http://www.infosecurity-magazine.com/interviews/interview-cesare-garlati-security/

In 2016, the danger posed by the Internet of Things (IoT) became a reality. Add in factors such as the Mirai botnet and industrial control systems, and the problem becomes more than just Fitbits being connected to the network.

The problem was countered with the first industry guidance in November 2016, when both the Department of Homeland Security and NIST issued documents on IoT: with the DHS advising manufacturers, services providers, developers and business-level consumers; while NIST went for more detail for manufacturers/developers with guidance on how to engineer safer products.

Read more of this post

Filed under IoT Security, Top Posts Tagged with Cesare Garlati, Dan Raywood, infosecurity, interview, IoT Security

RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

November 8, 2016 2 Comments

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2

Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

Read more of this post

Filed under IoT Security, Top Posts Tagged with Cesare Garlati, IoT Security, prpl Foundation, RSA Conference

Automotive security: pen-testing is no replacement for sound product development

October 20, 2016 Leave a comment

Reposting from Automotive Testing Technology International

http://www.automotivetestingtechnologyinternational.com/industry-blogs.php?BlogID=1863

By Cesare Garlati

When it comes to testing the components of modern connected cars, of course pen-testing (penetration testing) has its place; however, it is no substitute for solid product development.

In testing, companies often operate under the notion that an identified problem can be fixed or patched. This may be true for some areas of testing, but for security, it is not sufficient. Security needs to be built-in, from the ground up. And that means starting at the hardware layer, which is seldom done today, but which is completely viable given the advancements in silicon and other connected vehicle technologies.

Read more of this post

Filed under IoT Security Tagged with Automotive Security, IoT Security

prpl Foundation Unveils the First Open Source Hypervisor for the Internet of Things

July 11, 2016 Leave a comment

Debut of the prplHypervisor™ to Occur at the IoT Evolution Expo in Las Vegas

SANTA CLARA, CA–(Marketwired – Jul 11, 2016) – The prpl Foundation today announced the upcoming debut of the prplHypervisor^™ at the IoT Evolution Expo in Las Vegas. The prplHypervisor^™ is an industry-first light-weight open source hypervisor specifically designed to provide security through separation for the billions of embedded connected devices that power the Internet of Things.

Read more of this post

Filed under IoT Security Tagged with hypervisor, IoT, IoT Evolution Expo, IoT Security, prpl Foundation, prpl SecurityGuidance

← Older posts

About Cesare Garlati

This is my personal blog about disruptive technology trends such as cyber security, open source processors, and the Internet of Things. It's full of my reasoned opinions, some of which will turn out to be absolutely wrong. You should not rely on anything in this blog for any reason other than for amusement.

This blog occasionally quotes excerpts from other publications, in which case it is done under Fair Use. I despise copyright trolls and think the EFF is due for sainthood any day now.

I am the founder of Hex Five Security and an active member of the RISC-V Foundation: some of my writing will appear here too if it's relevant. The opinions here are mine and mine alone, and are not representative of any professional organizations I belong to.

Comments are unmoderated. Say what's on your mind, be direct, speak the truth, etc., I'll try to keep all your comments ...

Happy reading!

BringYourOwnIT.com

When IoT Attacks – The End of the World as We Know It?

Danger with drones getting hacked: it will get worse before it gets better

Embedded World 2017 – IoT coming of age.

Dronejacking – a disaster waiting to happen.

Drones wide open to hijack threats

Don’t let that flying drone out of your sight: you never know where it might turn up next.

(Not so) Random Musings from RSA Conference 2017

Interview: Cesare Garlati, Chief Security Strategist, Prpl Foundation

by Dan Raywood Contributing Editor, Infosecurity Magazine

RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

Automotive security: pen-testing is no replacement for sound product development

Reposting from Automotive Testing Technology International

http://www.automotivetestingtechnologyinternational.com/industry-blogs.php?BlogID=1863

prpl Foundation Unveils the First Open Source Hypervisor for the Internet of Things

Debut of the prplHypervisor™ to Occur at the IoT Evolution Expo in Las Vegas

About Cesare Garlati

Twitter @CesareGarlati

Recent Posts