How to Fix the Internet of Broken Things

iot-securityThe Internet of Things is already permeating every part of our lives – from healthcare to aviation, automobiles to telecoms. But its security is fundamentally broken. In my previous blog I’ve shown how vulnerabilities found by security researchers could have catastrophic consequences for end users. This isn’t just about data breaches and reputational damage anymore – lives are quite literally on the line. The challenges are many: most vendors operate under the misapprehension that security-by-obscurity will do – and lobby for laws preventing the disclosure of vulnerabilities; a lack of security subject matter expertise creates major vulnerabilities; firmware can too easily be modified; and a lack of separation on the device opens up further avenues for attackers.

But there is something we as an industry can do about it – if we take a new hardware-led approach. This is all about creating an open security framework built on interoperable standards; one which will enable a “root of trust” thanks to secure boot capabilities, and restrict lateral movement with hardware-based virtualization.

Read more of this post

The Security Challenges Threatening to Tear the Internet of Things Apart

IoT SecurityThe Internet of Things (IoT) has the power to transform our lives, making us more productive at work, and happier and safer at home. But it’s also developing at such a rate that it threatens to outstrip our ability to adequately secure it. A piece of software hasn’t been written yet that didn’t contain mistakes – after all, we’re only human. But with non-security experts designing and building connected systems the risks grow ever greater. So what can be done?

Read more of this post

Cesare Garlati Joins prpl Foundation as Chief Security Strategist

prpl FoundationSANTA CLARA, CA–(Marketwired – April 07, 2015) – Well-known information security expert Cesare Garlati today joins the prpl Foundation as Chief Security Strategist. Garlati will assist the Foundation with security strategy in the newly formed Security PEG (prpl Engineering Group), a working group dedicated to creating an open standard framework that addresses next-generation security requirements for connected devices.

“Cesare Garlati is an internationally renowned leader in the mobile security space,” said prpl Foundation president Art Swift. “We all look forward to his contributions in security strategy and his participation in the ground-breaking Security PEG.”

Read more of this post