Vulnerability Chains

Are you sure you own your devices? Or do you just have a temporary ability to use them that could vanish any second?

Smart home enthusiasts taken by Insteon marketing found out the hard way that their devices function at the suffering of the Insteon servers. When the company abruptly shut down, users found none of their devices worked because everything depended on a connection to servers that were no longer there.

This is an example of a vulnerability chain where the Insteaon servers proved the weakest link. Every networked device has a vulnerability chain from the client endpoint through multiple network devices until it reaches the server. Are you aware of the vulnerability chain from the card readers that control access to your building? Don’t be blindsided by a risk you hadn’t even considered.

Beware of Un-updatable Devices

A hundred million IoT devices are open to hacking. It turns out there is a whole slew of flaws in four different basic TCP/IP implementations. Since many IoT devices don’t have auto-update capabililty, and many don’t have updatable firmware at all, all of these devices are simply waiting to be subverted by hackers.

In order news, a startup has produced an autonomous robot that drives around the farmer’s field all by itself, zapping what it considers weeds with lasers. What could possibly go wrong?

If you are deploying any IoT technology, consider carefully how the devices will be updated with new software. Parts of the IoT industry have a sell-and-forget mindset, and that will embed ticking timebombs in your infrastructure.