The use of Internet of Things (IoT) technology is growing rapidly as more consumers and businesses recognise the benefits offered by smart devices. The range of IoT hardware available is huge, including everything from smart doorbells and connected kettles to children’s toys. What’s more, this is not only limited to smart home tech for consumers. IoT sensors are being increasingly used by businesses of all sizes across numerous industries including healthcare and manufacturing. However, despite its life-enhancing and cost-saving benefits, the IoT is a security minefield. So, is it even possible to secure the IoT?

Source: Is the Internet of Things impossible to secure? | ITProPortal

The Internet is not something new. And today, it can be used as the main link between two devices through the Internet of Things, including how it can be successfully applied in education.

Source: How Internet of Things Could Change Education | IoT Evolution World

Beware the latest security threat: Shadow IoT.

So says Silicon Valley security firm 802 Secure in a new report about what it describes as a threat to “infiltrate” corporate networks through Internet of Things-enabled devices and their wireless connections.

“While most organizations prepare for IOT enablement, our threat intelligence shows that most companies are still vulnerable to 10 year old wireless vulnerabilities,” said Mike Raggo, Chief Security and Threat Research Officer at 802 Secure.

Source: Beware the Shadow IoT: Security threats through Internet of Things | WRAL TechWire

Hackers have infected at least 500,000 routers and storage devices in dozens of countries in a campaign that Ukraine said was preparation for a future Russian cyber attack.

The US Department of Homeland Security said it was investigating the malware, which targets devices from Linksys, MikroTik, Netgear, TP-Link and QNAP, advising users to install security updates.

Ukraine’s SBU state security service said the activity showed Russia was readying a large-scale cyber attack ahead of the Champions League soccer final, due to be held in Kiev on Saturday.

“Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilising the situation during the Champions League final,” it said in a statement.

Source: Hackers infect 500,000 routers and storage devices – Security | iTnews

Sensing is a major component of the IoT and an essential part of most Industrial IoT (IIoT) applications. By adding wireless connectivity and a microcontroller or other processor to a sensor node, one can create a smart sensor. These sensors can be widely distributed without need for a sensor hub. However, they then become extremely vulnerable targets for attackers. Without security, they can become a weak link in the system. Fortunately, the Trusted Computing Group (TCG) techniques that have been developed for other computing, network, wireless, and IoT applications are applicable to these sensor nodes as well. This topic will be explored at a TCG workshop at Sensors Expo in June.

Source: Secure your Industrial IoT sensors, or else! | Embedded Computing Design

Here’s the brutal truth: It doesn’t matter how much your organization spends on the latest cybersecurity hardware, software, training, and staff or whether it has segregated its most essential systems from the rest. If your mission-critical systems are digital and connected in some form or fashion to the internet (even if you think they aren’t, it’s highly likely they are), they can never be made fully safe. Period.

This matters because digital, connected systems now permeate virtually every sector of the U.S. economy, and the sophistication and activity of adversaries — most notably nation-states, criminal syndicates, and terrorist groups — have increased enormously in recent years. Witness the attacks in the United States on Atlanta’s municipal government and on a data network shared by four operators of natural-gas pipelines, the theft of data from Equifax, and the global WannaCry and NotPetya malware attacks. In many of the most notorious incidents of recent years, the breached companies thought they had strong cyber defenses.

Source: Internet Insecurity | Harvard Business Review

The Internet of Things (IoT) is increasingly becoming an integral feature of our daily business environment. More organisations are using devices in a distributed network to support the day-to-day running of the business in order to improve productivity, enhance customer service and reduce maintenance overheads.

With the number of IoT devices expected to reach 125 billion by 2030, it is clear that many industries have already begun using them for critical business processes. It is therefore important that businesses understand as early as possible, the radically differing requirements of IoT devices, their criticality to the business and the implications for businesses that don’t get it right.

Source: A real-time connection is key to IoT development | ITProPortal

Tenable, the Cyber Exposure company, recently discovered a critical remote code execution vulnerability in two Schneider Electric applications heavily used in manufacturing, oil and gas, water, automation, wind and solar power facilities in the U.S. If exploited, the vulnerability could give cybercriminals complete control of the underlying system. Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.

Source: Tenable discovers 0-day vulnerabilities in Schneider Electric software affecting critical infrastructure | CSO

When EM Forster exhorted his readers to “Only connect!” at the end of his novel Howards End, he couldn’t have imagined how connected we would all become barely a century later. Not only does ubiquitous internet mean that we are plugged into media services constantly, but it is becoming increasingly difficult to buy technology that is not ‘smart’ in some way. For most of these devices, that smartness derives from connectivity to the Internet and to other devices and systems.

The average UK house already contains around 15 connected devices, some obvious such as phones, laptops, tablets, televisions and smart meters, and some much less so, such as kettles, coffee makers, thermostats and switches. This number will only grow in the coming years.

Source: Safer connections: reducing the security risks of the internet of things | The Engineer

In 2016, hackers were able to use 100,000 internet-connected devices to bring down Twitter, Spotify and PayPal. They recruited and infected simple household appliances, such as digital video recorders and fridges, to attack a large network infrastructure provider and create chaos. Consumers were not aware that their own appliances were being used in this way.

Source: Hacking the internet of things just got easier – it’s time to look at your security | Computer Weekly