According to The Beatles, all you need is love. As this is Valentine’s Day, we’ll discuss love and endpoint protection: What they are, how they work, and whether they’re all you need.

This is part 6 of our Fundamentals of Device Security series. The last video looked at encryption's effectiveness.

Poets and philosophers have been working on the answer for centuries, so it’s a bit out of our depth, but we can define endpoint protection. These platforms combine a range of security functions into a single product usually consisting of antivirus, anti-spyware, a firewall, application control, and intrusion prevention. Some also provide patch and configuration management, which helps to prevent vulnerabilities before attack.

​In our fundamentals of security series, we introduce common concepts in security. The last segment looked at DNS security. In this segment, we discuss encryption: What it is, how effective it is, and how to use it.

Encryption is essential, and can be extremely effective, but it’s important to make sure it is used correctly. There are misconceptions with encryption that even experts get wrong sometimes.

In our device security series, we introduce common concepts in security. The last item in our series was a look at the effectiveness of firewalls. In this segment, we discuss DNS: What it is, how secure it is, and what you can do to protect yourself.

DNS is the subject of over a dozen known, common, attacks. Many are straightforward and easy to carry out. Others require prior access to a server or machine. Some prevent a DNS server from doing its job, others use DNS servers to attack specific machines.

What can you do to protect yourself?

It depends on the attack, but there are a number of precautionary steps you can take that will help you avoid problems.

In our security series, we introduce common concepts in device security. The last item in our series was an introduction to SSH. In this segment, we discuss firewall security, setup, and maintenance.

Firewalls are a critical component of keeping machines and networks safe. You’ll find them on everything from your laptop to your router. They require maintenance, like any software program, and unfortunately there are problems that interfere with their ability to keep attackers safe.

​The single software component that contained the vulnerability of the camera, was used by the manufacturer not only in the firmware of the one camera model that we exploited, but also throughout the manufacturer's product line affecting more than just cameras. Furthermore, that same "design" (including the vulnerable component) was repeated by other manufacturers to make devices of all kinds (even desktop software)...all potentially vulnerable to the same bug.

We all know by now that IoT is vulnerable, and after our survey of vulnerable remote configuration services last year, we began to pursue the actual repercussions of those vulnerabilities. After we published Devil’s Ivy and CVE-2017-9466 last summer, we decided to tackle the problem of “then what?” After an attacker compromises a camera or gains control of a router, what happens next? If a company’s valuable data is in a secure location, does it matter if an attacker compromises its Nest thermostat?

As previously noted, attacks that take over a network, device by device, has remained largely within the sphere of pundits and hypothetical discussions. So we have tended to think about lateral attacks as being solely within the realm of sophisticated attackers, but as we explored this project in more depth, we came to realize that this kind of attack requires very little technical knowledge.
While we are not aware of publicly available exploits for the vulnerabilities we discovered, products like Metasploit allow those with a basic knowledge of networking and the Linux command line to do some damage without writing a single line of code. After exploiting a first device, an attacker can use the additional access to take over the rest of the network, exploiting device after device.

At the annual RSA conference this year, on April 19th, our CTO, Stephen Ridley, and our VP of Research, M Carlton, will take the stage to demonstrate the first ever purely IoT-based lateral attack. We intend to show how it’s possible to daisy chain several compromised IoT devices together -- without touching a traditional computer -- to ultimately get to a company’s “crown jewels”.​ ​(Click here to read Wired's coverage of this attack)

Lateral attacks between different types of IoT devices have been referenced but never before publicly demonstrated. Worms that spread from PLC to PLC (programmable logic controller) are a threat to manufacturing, and botnets that spread from camera to camera have had a huge impact in the last few years. However, attacks taking over a network, device by device, has remained largely within the sphere of pundits and hypothetical discussions.​

Lateral attacks are known to take place in traditional IT environments, which include employee workstations, networks, servers, etc., and are typically well secured. In these attacks computers and networks are compromised, which then allows a hacker to gain access elsewhere, like a server.  Unlike those attacks, we hop from IoT device to IoT device -- no workstations touched -- to gain access to a Networked Attached Storage (NAS) device (yet more IoT) that contains sensitive information.

Our research is an integral part of Senrio culture that informs our approach to addressing IoT security problems. Demonstrating the ability to hopscotch across IoT devices without touching an IT end-point helps us illustrate the very real and persistent risks associated with IoT devices that are in use in a wide range of industries and enterprises today. 

Related Post: Medical Device Integrity 
​
“Breaches of private information in hospital records are serious and expensive security events but remediating them can be deadly. That's the conclusion of a study presented last week at the 4A Security and Compliance Conference.”
   
Breaches at hospitals are not new. Whether it is a hunt for monetizable patient data, or holding medical systems for ransom, hospitals are a target-rich environment. A hacked hospital brings to mind all sorts of worst-case scenarios, because you’re never more vulnerable than when you’re undergoing medical treatment. The more automated medicine becomes, the more likely flaws in medical devices and supporting computer systems pose a threat to life and limb.

The ingenuity and audacity of attackers should never be underestimated. In the summer of 2016, hackers used tweets to control malware. This past summer, after Twitter worked to eliminate this capability, hackers switched to posting Instagram comments to send commands to victim systems.

​We decided to see if Senrio Insight could detect this “hiding in plain sight” tactic. Without proper context, it can be difficult to separate malicious traffic from ordinary operations. IoT devices may connect to the Internet, but they shouldn’t browse social media. 

January 30th – Portland, OR – Senrio, Inc., provider of the leading IoT visibility and security solution has announced an interoperability with the RSA NetWitness® Suite to enable users to detect and respond to threats to IoT devices.

The RSA NetWitness and Senrio Insight interoperability helps ensure that critical data about the status and operation of both IoT devices as well as traditional endpoints and assets is sent to the RSA NetWitness Suite from the Senrio platform, which uses predictive analytics and expert input to determine normal behavior, and trigger alerts when abnormal behavior is detected.

Senrio Founder Stephen Ridley said, “IoT is a blind spot in most enterprises. Most aren’t sure what devices they have, much less if they’re compromised or otherwise pose a risk to people or operations. By integrating Senrio Insight data in the RSA NetWitness Suite, organizations will gain unprecedented visibility into the IoT devices in their enterprise and more effectively deal with safety or security concerns.”

This interoperability allows organizations to quickly identify all connected devices in their enterprise, and build profiles of device behavior. This knowledge enables IT administration and security teams the ability to build trust with devices by understanding typical device behavior, and rapidly respond when atypical patterns of behaviors are detected by Senrio’s self-learning technology.

Senrio Insight was designed specifically for the challenges of an IoT-rich enterprise. Designed to be lightweight, it puts no burden on your network, does not impact data privacy, and is up and running in minutes.
 
About Senrio

Senrio is an IoT security company that was founded on the belief that, with the right mindset and proper tools, we can bridge the gap between legacy security approaches and the new reality of the IoT. Our mission is to provide the visibility and actionable insights essential to ensuring the security and safety of all connected devices. We envision a world where our trust in the IoT matches the benefits it brings to our lives. Senrio is a trusted partner of global technology companies and government agencies. To see Senrio Insight in action visit: http://iot.security/.

First: don’t panic.

KRACK requires a skilled attacker to be in close proximity, targeting you specifically. If you’re concerned about an auxiliary corporate WiFi network, it may be wise to take it off-line and rely on ethernet until patches for affected devices become available. And if you are running a hospital WiFi network, you should ensure that the data you send over that network is end-to-end encrypted, because WPA2 will not prevent a skilled attacker from gaining access to a person’s most sensitive data. Yes, this is a hassle but it’s a good precautionary step to take, since getting within WiFi range (~105ft or 32m) may not be difficult for an intruder unless you have strict access controls in place. Beyond this, it will be important to update every device as soon as patches are available.