10th May 2017 By Andrew Howard
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
When looking at Internet-enabled products, the following are the top security concerns companies should look at:
- Basic hygiene issues: Default or no password, unnecessary active services, unpatched operating systems, etc.
- Encryption challenges: No encryption or poor use of encryption, home-brewed cryptography, poor key management, exposed secret keys, reuse of secret keys, etc.
- Unprotected software: No protection of software against download or reverse engineering, which can lead to intellectual property or key exposure.
- Unauthenticated message passing: Devices follow any network commands, regardless of sender.
- No secure update mechanism: Device firmware can’t be securely updated to mitigate new security threats.
- No physical security: Open a device, connect directly to main bus, and gain privileged access to system functions.
Powered by WPeMatico