Call Issued to White Hat Hackers: Find the Flaws in New Automotive Software Updater | Yahoo Tech

A consortium of researchers today announced the development of a universal, free, and open-source framework to protect wireless software updates in vehicles. The team issued a challenge to security experts everywhere to try to find vulnerabilities before it is adopted by the automotive industry.

The new solution, called Uptane, evolves the widely used TUF (The Update Framework), developed by NYU Tandon School of Engineering Assistant Professor of Computer Science and Engineering Justin Cappos to secure software updates. Uptane is a collaboration of NYU Tandon, the University of Michigan Transport Research Institute (UMTRI), and the Southwest Research Institute (SwRI), and is supported by contracts from the U.S. Department of Homeland Security, Science and Technology Directorate.

Source: Call Issued to White Hat Hackers: Find the Flaws in New Automotive Software Updater | Yahoo Tech

Share

Federal lawmakers introduce bipartisan bill to study cyber security in connected cars | GeekWire

Connected cars are the future for the automotive industry, with more than 90 percent of vehicles expected to have built-in connectivity by 2020. But, as more vehicles link up to the internet, lawmakers are worried about their security.On Wednesday, lawmakers introduced a bipartisan bill in the U.S. House of Representatives that would direct the National Highway Traffic Safety Administration (NHTSA) to study cyber security in vehicles. Rep. Joe Wilson, R-SC, and Rep. Ted Lieu, D-Calif., co-sponsored The Security and Privacy in Your Car Study Act, which hopes to create a standard for safety in connected cars.

Source: Federal lawmakers introduce bipartisan bill to study cyber security in connected cars | GeekWire

Share

New Reaper malware infects 2 million-plus “internet of things” devices | SiliconANGLE

reaperiot

A recently discovered form of botnet malware has been found rapidly spreading, with more than 2 million “internet of things” devices believed to have already been infected.

Dubbed IoT_Reaper by security researchersat Chinese security company Qihoo 360, the malware is based on the infamous Mirai internet of things worm that first compromised millions of devices in 2016 — but with some noticeable differences.

Source: New Reaper malware infects 2 million-plus “internet of things” devices | SiliconANGLE

Share

We can fix the broken and vulnerable Internet of Things | Mashable

Your coffee pot, refrigerator, thermostat, and in-home security system are all connected to the internet. Or, if they’re not now, they will be one day. Sadly, as the forgotten stepchildren of internet security, these Internet of Things devices are likely doomed to a future teeming with botnets and hackersBut that doesn’t mean there isn’t hope for the ever-expanding IoT universe — even if it just so happens to be a thin one. While default passwords and poor update policies all contribute to vulnerable internet-connected devices, there are steps that both companies and consumers can take to make sure their security cameras don’t end up crashing Twitter (or worse).

Source: We can fix the broken and vulnerable Internet of Things | Mashable

Share

To Secure the Internet of Things, We Must Build It Out of “Patchable” Hardware | IEEE Spectrum

Photo: Jamie Chung

On 21 October of last year, a variety of major websites—including those of TwitterPayPalSpotifyNetflixThe New York Times, and The Wall Street Journal—stopped working. The cause was a distributed denial-of-service attack, not on these websites themselves but on the provider they and many others used to support the Domain Name System, or DNS, which translates the name of the site into its numerical address on the Internet. The DNS provider in this case was a company called Dyn, whose servers were barraged by so many fake requests for DNS lookups that they couldn’t answer the real ones.

Source: To Secure the Internet of Things, We Must Build It Out of “Patchable” Hardware | IEEE Spectrum

Share

Cloud Based Software Aids Risk Management | Safety IoT

Whether your organization is a large global conglomerate or a mid-sized company, mitigating risk associated with EHS and sustainability – while preserving your financial health – is challenging.

When we learned Valvoline, named one of America’s Safest Companies for 2017 by EHS Today, was a customer of ProcessMAP and had deployed several of the company’s cloud-based solutions, we wanted to hear more.

With the goal of using technology to optimize safety performance, Valvoline deployed ProcessMAP’s Incident Management, Audit Management, Permits Management, Activity Management, Event Management and Sustainability Performance Management solutions in its manufacturing and retail locations in 2016. Since then, the company has seen improved safety performance, increased employee engagement and risk reduction as it works toward building a zero-incident workplace.

Source: Cloud Based Software Aids Risk Management | Safety IoT

Share

IoT can learn from smartphone security | Network World

IoT can learn from smartphone security

The massive growth of Internet of Things (IoT) devices over the next one to three years should give us pause. As companies rush to get to market first, are we seeing a “dumbing down” of basic device principals that we have been working with for years, particularly enhanced security and privacy. With so many distinct applications, device scope and diversity represent a unique security challenge that so far has not been met.I estimate that 85 percent or more of current IoT devices deployed in the real world do not have adequate security installed, and it’s likely that the vast majority of those will never be upgraded (or are not even capable of being upgraded). That means not only do current devices being installed pose a risk, but over the next one to two years, the vast majority of devices that will be deployed also pose a risk.

Source: IoT can learn from smartphone security | Network World

Share

Will the Internet of Things rewrite the rules on cyber security? | The Local

There’s been lots of hype about the benefits of the Internet of Things (IoT), but ignoring the risks that come with it could have disastrous consequences.

Not too long ago, the idea of communicating with your kitchen appliances or hopping in a self-driving car may have seemed like science fiction.

But the promise and potential that comes with connecting more gadgets online means that just about anything with an on/off switch can be connected to the internet and a remote controlling device over the same network.

By 2020, more than 50 billion devices are expected to be connected to the internet, meaning our world will become increasingly ‘smart’ as the Internet of Things (IoT) permeates into more parts of more people’s lives.

Source: Will the Internet of Things rewrite the rules on cyber security? | The Local

Share

5 IoT trends that will define 2018 | Network World

5 IoT trends that will define 2018

The Internet of Things (IoT) wasted no time spreading across the world and connecting millions of individuals. In just a few short years, billions of sensors redefined how businesses operated and how people interacted with one another, and that was only the start; one IHS forecast predicts the IoT will grow to reach a staggering 75 billion devices by 2025.

Source: 5 IoT trends that will define 2018 | Network World

Share

Can U.S. lawmakers fix IoT security for good? | Network World

iot internet of things strategy briefcase

While the Internet of Things (IoT) has carved out a comfortable place for itself in today’s society and markets, many still fear that the interconnectivity-driven phenomenon is extraordinarily vulnerable to outside attacks. A number of U.S. Senators believe they may have a solution to the problem, and have put forward the Internet of Things Cybersecurity Improvement Act of 2017.

What are the exact details of the text of the bill, and how does it intend to secure one of the most diverse and unregulated assets of the economy? What potential pitfalls stand in the bills way, and how much of a chance does it have of becoming law? An analysis of the IoT Act reveals that it’s a healthy step in the right direction, but it may not be enough.

Source: Can U.S. lawmakers fix IoT security for good? | Network World

Share