Friday, December 12, 2014

The Internet of Things: a clear target in 2015

The connected world, this technological transformation that breaks geological and temporary barriers, and quantifies the real world, providing us of measurable variables. It is an ecosystem of wearable devices, mobile devices and home automation devices. The era of the Internet of Things is coming. But like any other paradigm shift, it brings associated risks.

The Internet of Things is made up of billions of devices running over different protocols in a fervent struggle to get the leadership of the sector. The implementation of several protocols with different vulnerabilities without a standardized control could affect even your life when an attacker takes advantage of such vulnerabilities to compromise medical technology.

The smartwatch seems to be the star for 2015. So far these devices are paired with mobile phones by bluetooth communication encrypted using 6 digits pin codes, but information is broadcasted in plain text. A security expert could intervene communications brute forcing the pin code and easily read any message sent by the phone to the watch.

The first iPhone was launched almost eight years ago, and still suffers serious exploits that would allow you to bypass its lock screen. Raul Siles from Dinosec has grouped all these vulnerabilities.

Android is not free from risks either, but it had a good corollary in this case. For the first time in history, a company has been fined for subscribing the users of its app to paid premium services without warning. But the app not only did so, it also took care to eliminate the mandatory text notification reached by a user when subscribing to one of these services, making clear its dishonest objective.

We will keep publishing end-of-the-year recaps. Now it's time for Kaspersky’s one. The company made 9 security predictions for 2015. Of course, it appears the internet of things among other such as the evolution of APTs towards more sophisticated ones, malware as a service and the spread of mobile botnets.

To close, we made you a question: Do you know how a targeted attack against your company’s network could be developed? It is necessary just a patient cybercriminal posted at the cafe next door. Your corporate WIFI is one of the most classic attack vectors, following by resilience of the network architecture and the employees’ connected devices. Any of these vectors could be used to compromise the integrity of all your corporate data traffic.


Post a Comment