Security

Some Thoughts on Securing IoT Devices

Tags: Cryptography, Embedded, Programming, Security

Security in the Internet of Things (IoT) leaves much to be desired. Some of the recent DDoS attacks such as those through Mirai on DNS provider Dyn or on popular security site KrebsonSecurity have been possible due to weak security measures in things like network connected cameras. There are many reasons why the situation is what it is today, but that will not be the topic of this entry. While we have seen some initiatives, notably the security guidelines (PDF) by NIST and some comments made by Bruce Schneier, I feel that this leaves a lot of people wondering what practical measures to take to secure their devices. Many companies in the IoT are start-ups lacking a proper understanding of what security in the embedded field entails, and might lack (or didn't plan for) the budget to hire dedicated security people. The goal of this blog entry are to (hopefully) lift the veil on some of the methodologies that should be employed to create more secure IoT systems from a very practical point of view.

IOT

This Is How We Build It

Tags: Cloud, Electronics, Embedded, GPS, Network, Security, Wireless

The problem with the Internet of Things is that few people truly understand what it is really about. A large percentage of people in the group that does understand it tend to discard it as yet another marketing hype such as “the cloud” with very little real substance. Due to all kinds of news reports on security issues, vendor lock-ins and lack of open standards, cost overruns, etc. these people tend to see their opinions confirmed. We at WRD Systems also tend to agree with this group – to a point. The reason we do is that we see the same mistakes being made as countless numbers of times before, including the critical security issues that WRD Systems has highlighted for years. However, we also see the great potential of internet connected devices. Probably not the refrigerators and such, but closer to the origins of the Internet of Things: Machine to Machine, also known as M2M.

paint city titlegraphic

SuperFish - The Saga Continues

Tags: Security

By now, some (most?) of you will have heard of Lenovo's blunder of shipping its PC's and laptops with a particular nasty bit of malware dubbed SuperFish. A quick recap. Lenovo thought it was a good idea to pre-install some malware on unsuspecting people's new computer which would inject advertisements into the browser. As if this isn't bad enough, researchers found that SuperFish would actually issue its own SSL certificates - effectively setting up a man-in-the-middle attack so that encrypted traffic could be analyzed. You can read a more in-depth article on the BBC website

The story doesn't end here though...

SuperFish!

Web Proxy

Tags: Network, Security

We just launched a free web proxy service: https://www.unblock-everything.com/. Not only will it help you get around firewalls and sites blocked by your ISP, it does so without logging user data. Oh, and we're 'Not Subject to American Law' - in reference to the recent NSA surveillance debacle ;-)

 

Smart Grid Security

Tags: Cryptography, Security

Just recently I had an article of mine published on embedded.com. In the text, I outline some of the security issues currently present in the Smart Grid, from the meter to the SCADA system. It is a brief overview only, and not too technical or in depth. It serves as a basis for a series of future research articles detailing the security aspects of each component of the Smart Grid. Hopefully the article can be a gentle introduction to the topic, and I hope you enjoy reading it!