Security News

A security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial, and medical devices open to attackers. EHS8 modules are built for industrial IoT machines that operate in factories, the energy sector, and medical roles, and are designed to create secure communication channels over 3G and 4G networks.

Security researchers at IBM have discovered a potentially serious vulnerability in a communications module made by Thales for IoT devices. Millions of devices could be impacted, but the vendor released a patch six months ago.

Trend Micro announced its upcoming Mobile Network Security solution, which will accelerate digital innovation at the network edge by offering comprehensive network and endpoint protection for a new era of IoT and 5G private networks. "From shopping malls to airports and smart factories to enterprise campuses, private networks are emerging as an increasingly popular way to deliver business-critical applications at the network edge. However, the sheer complexity involved can create dangerous security gaps," said Akihiko Omikawa, executive vice president of IoT security for Trend Micro.

The ioXt Alliance announced that major technology companies and manufacturers including Google, T-Mobile, Silicon Labs and more, certified a wide range of devices through the ioXt Alliance Certification Program. The ioXt Alliance is backed by the biggest names in tech and is the only organization positioned to handle the rapidly increasing demand for IoT device certifications that meet security requirements across every product category.

The protocols are CS2 Network P2P, used by more than 50 million devices worldwide, and Shenzhen Yunni iLnkP2P, used by more than 3.6 million. "As of August 2020, over 3.7 million vulnerable devices have been found on the internet," reads the site, which lists affected devices and advice on what to do if you have any at-risk gear.

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year. The Kr00k vulnerability, which allows attackers to decrypt wireless communications, only affects Wi-Fi chips from Broadcom and Cypress, but ESET researchers discovered recently that similar vulnerabilities also exist in chips made by MedaTek and Qualcomm.

A team of researchers from the Georgia Institute of Technology has demonstrated how, in theory, a malicious actor could manipulate the energy market using a botnet powered by high-wattage IoT devices. The Georgia Tech researchers say a threat actor could manipulate the electricity market the same way financial markets can be manipulated: generate an event that causes prices to drop or rise, and buy when the price is low and sell when the price is high.

Renesas Electronics Corporation announced sample shipment availability of the new RYZ012 Bluetooth module targeting ultra-low power IoT applications. The RYZ012 also includes a battery monitor to measure battery capacity and detect low power in battery-operated devices.

Instead of relying on customers to protect their vulnerable smart home devices from being used in cyberattacks, Ben-Gurion University of the Negev and National University of Singapore researchers have developed a new method that enables telecommunications and internet service providers to monitor these devices. The researchers developed a method to detect connected, vulnerable IoT models before they are compromised by monitoring the data traffic from each smart home device.

As the IoT data-enabled services continue to expand, the market is approaching the stage of data democratization, where real-time analytics is very sought after. Currently, data integration, real-time stream processing, and analytics services are falling under the umbrella of data management services within the IoT value chain, where each component has also seen economic growth.