We all know by now that IoT is vulnerable, and after our survey of vulnerable remote configuration services last year, we began to pursue the actual repercussions of those vulnerabilities. After we published Devil’s Ivy and CVE-2017-9466 last summer, we decided to tackle the problem of “then what?” After an attacker compromises a camera or gains control of a router, what happens next? If a company’s valuable data is in a secure location, does it matter if an attacker compromises its Nest thermostat?

As previously noted, attacks that take over a network, device by device, has remained largely within the sphere of pundits and hypothetical discussions. So we have tended to think about lateral attacks as being solely within the realm of sophisticated attackers, but as we explored this project in more depth, we came to realize that this kind of attack requires very little technical knowledge.
While we are not aware of publicly available exploits for the vulnerabilities we discovered, products like Metasploit allow those with a basic knowledge of networking and the Linux command line to do some damage without writing a single line of code. After exploiting a first device, an attacker can use the additional access to take over the rest of the network, exploiting device after device.

Does your team use Slack to collaborate? If so, we've released a thing that you might like ;-) A few days ago, we announced a new feature of our web interface that allows you to chat directly with Senrio support engineers.

But today, we are announcing that in addition to existing integrations with Splunk, RSA, SEIMs, all major firewalls, and familiar dashboards, now you can ask Senrio Insight questions about your network directly from Slack! Any question. Don't know what an asset is, and only have a piece of the story? Ask Senrio with the piece you have, and get back the whole story. It's like the asset "search engine" for your network.

Check out the video below to see what we mean.

Related: "Senrio Integrates with Slack!"

If you follow our blog here, you've periodically seen our "Product Release Notes" blogpost category, but instead of bury this latest update in a list of the other awesome other features we've added , we wanted to share this one on its own...

You can now get support for Senrio live (in real-time) via the chat client. To date, only integration partners and OEM customers have been given dedicated chat channels to communicate, fileshare, and collaborate with our team, but now we can offer this to all Senrio users! 

Watch below to see how a Senrio user gets support directly from the webui...

And of course, if you aren't a current Senrio customer and you want to try it out. Drop us a line: http://iot.security/signup

The ingenuity and audacity of attackers should never be underestimated. In the summer of 2016, hackers used tweets to control malware. This past summer, after Twitter worked to eliminate this capability, hackers switched to posting Instagram comments to send commands to victim systems.

​We decided to see if Senrio Insight could detect this “hiding in plain sight” tactic. Without proper context, it can be difficult to separate malicious traffic from ordinary operations. IoT devices may connect to the Internet, but they shouldn’t browse social media. 

January 30th – Portland, OR – Senrio, Inc., provider of the leading IoT visibility and security solution has announced an interoperability with the RSA NetWitness® Suite to enable users to detect and respond to threats to IoT devices.

The RSA NetWitness and Senrio Insight interoperability helps ensure that critical data about the status and operation of both IoT devices as well as traditional endpoints and assets is sent to the RSA NetWitness Suite from the Senrio platform, which uses predictive analytics and expert input to determine normal behavior, and trigger alerts when abnormal behavior is detected.

Senrio Founder Stephen Ridley said, “IoT is a blind spot in most enterprises. Most aren’t sure what devices they have, much less if they’re compromised or otherwise pose a risk to people or operations. By integrating Senrio Insight data in the RSA NetWitness Suite, organizations will gain unprecedented visibility into the IoT devices in their enterprise and more effectively deal with safety or security concerns.”

This interoperability allows organizations to quickly identify all connected devices in their enterprise, and build profiles of device behavior. This knowledge enables IT administration and security teams the ability to build trust with devices by understanding typical device behavior, and rapidly respond when atypical patterns of behaviors are detected by Senrio’s self-learning technology.

Senrio Insight was designed specifically for the challenges of an IoT-rich enterprise. Designed to be lightweight, it puts no burden on your network, does not impact data privacy, and is up and running in minutes.
 
About Senrio

Senrio is an IoT security company that was founded on the belief that, with the right mindset and proper tools, we can bridge the gap between legacy security approaches and the new reality of the IoT. Our mission is to provide the visibility and actionable insights essential to ensuring the security and safety of all connected devices. We envision a world where our trust in the IoT matches the benefits it brings to our lives. Senrio is a trusted partner of global technology companies and government agencies. To see Senrio Insight in action visit: http://iot.security/.

We've had quite a summer thus far. Here seven quick updates:  
​(cue the Bananarama "Cruel Summer" instrumental)

Be sure to check out our photo gallery of the IoT Hacking Village event!

This last week a debate flared up between a security company Kryptowire, and a cell phone manufacturer BLU, over the possible inclusion of spyware (ADUPS) in BLU phones. Kryptowire initially made their claim in November, then reiterated it last week with more detailed findings.  At one point last week, Amazon halted sales of the BLU phones, then re-listed them after BLU issued a statement saying the ADUPS software was normal and wasn’t capturing any sensitive data.  

We here at Senrio, didn’t reverse engineer any of the firmware, so I can’t say for sure whether the ADUPS software is sending private information to it’s servers.   But, we wanted to show you how you can leverage Senrio Insight to determine if any of the phones in question connected to your network, and if it was communicating to one of the published domains listed in the Kryptowire report.

Imagine for a moment you have a BYOD enterprise, where you allow your employees to bring any device into the office and use that device for corporate emails, texts, etc. How would you know if an employee had a BLU phone? Senrio Insight can help.  

The first step is to see what android devices you have on you network. With Senrio, this is easy. Senrio is a "Device Intelligence" platform that you can ask questions. You can ask it if there are any Android phones on your network or even if there are any Jailbroken phones on your network.... For our case, we can simply log in and search for “Android” to view our identification and behavior tags to see all Android devices ​

Ok - so we do have a BLU phone on the network.  I wonder if it’s making connections out to any of the domains in question.   The Kryptowire report claims several domains are used for both C&C and data exfiltration.  One of the first domains in question is adups.com.  Let's see if we can find it.  

​The first thing we do is select the phone and look at the device details.  One of the best features in the device details is the “Flow” view.  This provides a net-flow like view of all the connections both inbound and outbound for the selected device.