Security News
Laws have been passed to prevent truckers from driving long distances without enough sleep, keeping us all safer on the road. In 2015, the Federal Motor Carrier Safety Administration issued requirements for trucking companies to attach electronic logging devices to trucks. They left open the safety and security of the IoT devices that businesses were purchasing and using.
A vulnerability in Thales' Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday by IBM's X-Force Red. The bug, disclosed to Thales and addressed in a patch made available to IoT vendors in February, makes it possible for an attacker to extract the code and other resources from a vulnerable device.
More than 50% of organizations say that security is a main reason they have not taken advantage of IoT. Fortunately, with new technology and new networks, enterprises don't have to choose between valuable business insights and organizational security anymore. If IoT devices are reporting critical information frequently - say, four or five times every hour - that poses a larger security risk than devices that only need to communicate information two or three times a day.
Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things devices. "Some of these will be the vulnerable module, and an attacker will then have an assortment of phone numbers and associated code retrieved from the device at that number. By inserting backdoors into the code and writing them back, the attacker would be in control of various IoT devices around the world."
A security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial, and medical devices open to attackers. EHS8 modules are built for industrial IoT machines that operate in factories, the energy sector, and medical roles, and are designed to create secure communication channels over 3G and 4G networks.
Security researchers at IBM have discovered a potentially serious vulnerability in a communications module made by Thales for IoT devices. Millions of devices could be impacted, but the vendor released a patch six months ago.
Trend Micro announced its upcoming Mobile Network Security solution, which will accelerate digital innovation at the network edge by offering comprehensive network and endpoint protection for a new era of IoT and 5G private networks. "From shopping malls to airports and smart factories to enterprise campuses, private networks are emerging as an increasingly popular way to deliver business-critical applications at the network edge. However, the sheer complexity involved can create dangerous security gaps," said Akihiko Omikawa, executive vice president of IoT security for Trend Micro.
The ioXt Alliance announced that major technology companies and manufacturers including Google, T-Mobile, Silicon Labs and more, certified a wide range of devices through the ioXt Alliance Certification Program. The ioXt Alliance is backed by the biggest names in tech and is the only organization positioned to handle the rapidly increasing demand for IoT device certifications that meet security requirements across every product category.
The protocols are CS2 Network P2P, used by more than 50 million devices worldwide, and Shenzhen Yunni iLnkP2P, used by more than 3.6 million. "As of August 2020, over 3.7 million vulnerable devices have been found on the internet," reads the site, which lists affected devices and advice on what to do if you have any at-risk gear.
The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year. The Kr00k vulnerability, which allows attackers to decrypt wireless communications, only affects Wi-Fi chips from Broadcom and Cypress, but ESET researchers discovered recently that similar vulnerabilities also exist in chips made by MedaTek and Qualcomm.