"Connected" magazine reported that security researchers exposed a number of loopholes in the Internet of Things, from wireless Barbie to the two-ton Jeep Grand Cherokee. Security company entrepreneur Chris Rouland said that these displays are no longer comparable to real-world malicious hackers. However, Rouland, who has run the controversial government eavesdropping contractor Endgame, has moved to its new startup, BasTIlle, which focuses on IoT security and focuses on digital objects that are at risk of being hacked. Rouland said these risks are on the rise, "Smart Barbie is part of this killing chain."
Here are some examples of attacks on IoT security in 2015:
Connected car
In July, security researchers Charlie Miller and Chris Valasek forever changed the concept of "vehicle safety" in the automotive industry. They showed that hackers could attack a 2014 Jeep Cherokee and disable its transmission and brakes. This discovery led Fiat Chrysler to recall 1.4 million vehicles as never before.
Then in the hacking defense conference in August this year, Kevin Mahaffey, the lead researcher and lead technical co-founder and chief technology officer of the network security company CloudFlare, announced a set of security vulnerabilities they found on the Tesla Model S. It is understood that they can black into the network system behind the Model S dashboard through the notebook, and then drive the $100,000 car to go - or remotely implant a Trojan virus to turn off the engine while the car is driving. In other cars they also discovered vulnerabilities that could be physically accessed remotely, even if they were not tested. Tesla has now released patches for these vulnerabilities.
Also at the hacker defense conference, security researcher Samy Kamkarshowed developed a device called OwnStar that can remotely plug in a communication software to a general-purpose car so that the hacker can not only locate the car, open the door and unlock it at will. It is also possible to start the engine and steal the car easily. Moreover, Kamkar soon discovered that similar techniques worked equally well on BMW and Mercedes-Benz applications. A few days later, the University of California researcher also demonstrated the ability to use a small electronic dog to feed the car's dashboard to control the speed and acceleration of the car.
All these eye-catching hackers are trying to pass a signal, "If consumers don't realize that this is a problem, they should be blamed on the car manufacturer. This is the most likely software murder." Not only to tell auto companies, but also consumers and regulators.
Medical equipment
Cars are not deadly devices in IoT security. Software and structural vulnerabilities exist in critical medical equipment and equipment, allowing malicious hackers to organically hijack and control them, with fatal consequences. Cardiologist Dick Cheney has been worried that attackers may use a former vice president's pacemaker for a deadly attack -- hackers can use their office's WiFi to disable their devices. A few days ago, students from the University of Alabama in the United States proved the seriousness of this concern. "We can increase the heart rate at will, or reduce the rate." The research team finally killed the robot used as an experiment theoretically.
Although the experiments of these students are based on the study of past cases, they have indeed demonstrated the existence of crisis means in the future.
Drug infusion pumps - devices that deliver morphine, chemotherapy, antibiotics and other drugs to patients are also receiving attention this year. Internet security researcher Billy Rios became curious about these things after an emergency operation, and then discovered the amazing secrets - these devices have serious loopholes that allow hackers to remotely control drug doses.
Today, the Federal Drug Administration, which is responsible for the safety approval of medical devices, has noticed all of these devices and the problems that have been discovered, and has begun to take steps to remedy them. However, many of the problems with medical devices cannot be solved by a fixed, simple software patch—instead, they need to re-architect the system. However, all of this takes time.
Everything else
When Mattel added a WiFi connection to its product, Hello Barbie, it was meant to add artificial intelligence to the doll and be able to talk, but the company left a trick on Hello Barbie's smartphone app to spoof and block all audio recordings. connection. Samsung's "smart refrigerator" is designed to allow users to sync Google Calendar via WiFi, but because the SSL certificate is not verified, the user's Gmail credentials are stolen. Even baby monitors have creepy security risks: hacking is even easier than other devices.
Even guns are inevitably at risk of hacking. Hacker couples, Runa Sandvik and Michael Auger, demonstrated a case in July that they could control the wireless TrackingPoint sniper rifle. Change the rifle's variable system, disable the rifle, miss the target, and even let it hit other targets.
For any given category of consumer products, at least one company can't wait to add WiFi access to them. But in fact, the ability to protect access to WiFi technology is a more important priority research project. The most important security measures are not ready, how to provide protection for consumers?
Heating Eye Mask,Self-warming Eye Mask,Portable Heating Eye Mask,Rechargeable Heating Eye Mask
Ningbo Sinco Industrial & Trading Co., Ltd. , https://www.newsinco.com