Six Degrees of IoT: Lateral Attacks Between Networked Devices
This talk explores the lateral attacks between networked embedded devices using real-world examples in popular devices. We live in a world heavily reliant on the devices that power our homes, hospitals, and critical infrastructure. These devices are connected in ways we never imagined. We know that IoT is ubiquitous and often insecure, but we haven't yet grasped the full scope of how connected we really are, and how vulnerable that makes us. By changing how we view these essential devices, we can secure the future of our infrastructure and hospitals.
Click here for more details of the event...
Defcon 2017 has come and gone, but Senrio was honored to support the fantastic IoT Village event this year. this year over 86 teams participated in the competition with hundreds of people watching lectures and participating in Q&A sessions. Our hat is off to ISE for yet another fantastic run of this event. In addition to our usual sponsorship support, Senrio also donated its flagship product Senrio Insight for use by the conference organizers to help them:
Update: The full gallery of our photos from IoT Village 2017 is viewable here. Enjoy!
If you want to learn how to reverse engineer or exploit embedded systems and mobile devices, we can show you!
The problem wasn’t specific to Axis, which seems to have reacted far more quickly than competitors to quash the bug. Rather, the vulnerability resides in open-source, third-party computer code that has been used in countless products and technologies (including a great many security cameras), meaning it may be some time before most vulnerable vendors ship out a fix — and even longer before users install it.
Still, there are almost certainly dozens of other companies that use the vulnerable gSOAP code library and haven’t (or won’t) issue updates to fix this flaw, says Stephen Ridley, chief technology officer and founder of Senrio — the security company that discovered and reported the bug. What’s more, because the vulnerable code is embedded within device firmware (the built-in software that powers hardware), there is no easy way for end users to tell if the firmware is affected without word one way or the other from the device maker.
Read the full article
CEO venerable of the DuoSecurity, Dug Song wrote a poignant blogpost honoring Black History Month. If you are unfamiliar with DuoSecurity, they are a information security startup rocketship providing Two-Factor Authentication and unprecedented security tools to enterprises worldwide. It was quite nice to have our CTO listed alongside some incredible security icons. Thanks for including us. You can read that blogpost here:
On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter for a discussion on the finer points of Internet of Things (IoT) security ... or complete lack thereof. If you own gadgets that are 'connected' or you are ever around them (hint: you're surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017.