By B.N. Frank
Privacy and security experts have warned for many years that Internet of Things (IoT) technology is extremely vulnerable to cyber attacks. The examples seem endless. Last summer IBM warned about vulnerabilities with medical implants and utility “Smart” Meters.
Last December, then President Trump signed the IoT Cybersecurity Improvement Act of 2020 to create standards and guidelines on the use and management of these devices by federal agencies.
Another warning about IoT devices was just published by Wired:
100 million more IoT devices are exposed—and they won’t be the last
Name:Wreck flaws in TCP/IP have global implications.
Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the Internet. Now, a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of Internet-of-things products and IT management servers. The larger question researchers are scrambling to answer, though, is how to spur substantive changes—and implement effective defenses—as more and more of these types of vulnerabilities pile up.
Dubbed Name:Wreck, the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the Internet. The vulnerabilities, present in operating systems like the open source project FreeBSD, as well as Nucleus NET from the industrial control firm Siemens, all relate to how these stacks implement the “Domain Name System” Internet phone book. They all would allow an attacker to either crash a device and take it offline or gain control of it remotely. Both of these attacks could potentially wreak havoc in a network, especially in critical infrastructure, health care, or manufacturing settings where infiltrating a connected device or IT server can disrupt a whole system or serve as a valuable jumping-off point for burrowing deeper into a victim’s network.
All of the vulnerabilities, discovered by researchers at the security firms Forescout and JSOF, now have patches available, but that doesn’t necessarily translate to fixes in actual devices, which often run older software versions. Sometimes manufacturers haven’t created mechanisms to update this code, but in other situations they don’t manufacture the component it’s running on and simply don’t have control of the mechanism.
“With all these findings, I know it can seem like we’re just bringing problems to the table, but we’re really trying to raise awareness, work with the community, and figure out ways to address it,” says Elisa Costante, vice president of research at Forescout, which has done other, similar research through an effort it calls Project Memoria.
Of course experts have also been warning for many years that ALL wireless and/or “Smart” technology is vulnerable to hacking (see 1, 2, 3, 4, 5, 6), inaccuracies and other problems (see 1, 2, 3, 4) including fires (see 1, 2).
Other disadvantages associated with IoT, “Smart” and wireless technology include:
- Environmental and humanitarian devastation caused by mining for conflict minerals to make the technology
- Broken and/or obsolete devices and infrastructure adding to already dangerously high levels of unrecyclable E-Waste
- Biologically and environmentally harmful electromagnetic radiation emissions from IoT, wireless, and “Smart” devices and infrastructure (see 1, 2, 3, 4, 5, 6)
IoT has been jokingly referred to as “The Internet of Dangerous Things”, “The Internet of Vulnerable Things” and “The Internet of Shitty Things”. Seems fitting.
Activist Post reports regularly about unsafe technology. For more information, visit our archives.
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.