by Adam Boone | August 30, 2018
There is an old saying in the IT security space, one that applies really across any type of security: Complexity is the enemy of security.
It’s hard to pin down exactly who coined this phrase. Among the earliest references to it are from IT security guru Bruce Schneier. And Schneier’s discussion of this principle is probably among the clearest: systems get harder to secure as they get more complex. And since our systems are getting more complex all the time, security is becoming more challenging.
Today’s poster child for the Complexity-Security inverse correlation is Internet of Things device security.
(more…)
by Adam Boone | August 16, 2018
Devices connected via IoT technology are spreading across multiple industries at unprecedented rates. But the benefits of enhanced connectivity are accompanied by increased security risks.
IoT technology is used in everything from healthcare devices, to transportation infrastructure, to industrial control systems supporting operationally critical processes.
According to Forbes, some 80 billion devices will be connected to the internet by the year 2025. In terms of customer convenience and effective performance, this trend could be game-changing for people who rely on technology to explore, work, and live.
(more…)
by Adam Boone | August 9, 2018
The US Federal Bureau of Investigation has issued a warning about Internet of Things device security issues, the latest in a continuing string of IoT attack and security vulnerability warnings from the US’s top law enforcement agency.
Attackers are using compromised IoT devices as proxies to mask various illicit activities, the FBI said, citing spamming, click-fraud, illegal trade, botnets for hire, and other crimes being committed using IoT devices.
The Bureau said IoT device vulnerabilities are being exploited by these attackers, naming routers, media streaming devices, Raspberry Pis, IP cameras, network attached storage (NAS) devices as among the types of products covered by the warning.
(more…)
by Adam Boone | August 2, 2018
The traditional IT security architecture has been through a mammoth, global stress test in recent years thanks to the environment of escalating attacks and huge data breaches.
But perhaps the biggest challenge of all to the traditional IT security architecture has been in the IT evolution driven by the Internet of Things (IoT), Cloud Computing, Edge Computing and related innovations.
(more…)
by Adam Boone | July 26, 2018
If you make devices that support enterprise operational tasks, sensor data gathering, or a range of other enterprise processes, then your device’s security posture is a major concern for your customers.
But if you are not in the IT security industry, the security posture for your device may not even be something that is clearly defined in product requirements. Besides the obvious security-oriented features, such as encryption and authentication and compliance-mandated features, security requirements are often embedded in a host of other functions and processes that may be covered by your device requirements.
(more…)
by Adam Boone | July 18, 2018
IT security has never been more of a hot button topic than it is today. Increasingly, the focus is on the security of the Internet of Things (IoT) and the embedded systems that support these devices.
And so far, the traditional enterprise security architectures and procedures are failing to protect these systems from being compromised. The evidence is trumpeted in the headlines documenting successful compromises, emerging breach patterns, and the exploding volume of vulnerability advisories.
(more…)
by Sarah Bender | July 3, 2018
The web of Internet of Things (IoT) devices continues to grow each day. In fact, by the year 2020, Gartner predicts that 95% of new electronic product designs will contain IoT technology; Forbes expects at least 80 billion IoT devices to be available by 2025. But with such a vast number of devices in use across the world, how can you hope to find flaws and address vulnerability concerns in a timely manner within your own IoT products?
(more…)
by Sarah Bender | June 29, 2018
14,000+ CVEs were discovered in 2017. In April of 2018 the CVE list had surpassed 100,000 entries, and that number grows every day. So how do you protect your embedded devices and open source embedded systems in IoT and IIoT deployments from this endless onslaught of security threats?
With unpredictable and fast-paced discoveries, managing endless threats and maintaining the security of your embedded software throughout the product lifecycle can be a significant challenge — and a time-consuming one. If your plan is to weather the vulnerability storm yourself, then you’ll need to ask yourself the following questions:
(more…)
by Theresa Kisha | June 28, 2018
Traditional IT security isn’t protecting embedded open source systems in IoT and IIoT deployments
Here at Timesys, we’ve been noticing some concerning trends when it comes to open source embedded system security and the rise of Internet of Things (IoT) and other intelligent devices. We’ve been hard at work developing a solution that can help ease your burden of carefully developing, monitoring, and maintaining security measures on your devices.
More and more IoT and IIoT products are being built with open source embedded software — which we think is great. But because of the growing number of developers turning to open source components for their products, security processes can’t keep up with the rate at which open source devices are being deployed. Traditional IT security has been built with secure perimeters and trusted environments, and has fewer intelligent devices and smaller attack surfaces. But those parameters have begun to change. And with more products to target, the number of security threats will only increase as well.
(more…)
by Akshay Bhat | March 30, 2017
The Internet of Things (IoT) has quickly led to the deployment of ubiquitous, unattended devices throughout our homes, offices, factories and public spaces. In this continuously expanding connected world of devices and IoT, the need to update/upgrade your product’s software/firmware is a certainty. There is no single software update approach that fits all, but there are key questions you should consider when designing your approach. They are: Why, When, What and How.
(more…)
