itsicherheit_iot_m2m   2

The Sensors That Power Smart Cities Are a Hacker's Dream
Researchers from IBM Security and data security firm Threatcare looked at sensor hubs from three companies—Libelium, Echelon, and Battelle—that sell systems to underpin smart city schemes. Smart city spending worldwide is estimated to reach about $81 billion globally in 2018, and the three companies all have different areas of influence. Echelon, for example, is one of the top suppliers of smart street lighting deployments in the world. An accidental missile alert in January sent Hawaii's residents scrambling, while a hack set off Dallas's tornado sirens last year. In fact, those incidents and others like it inspired Daniel Crowley of IBM X-Force Red and Jennifer Savage of Threatcare to investigate these systems in the first place. What they found dismayed them. In just their initial survey, the researchers found a total of 17 new vulnerabilities in products from the three companies, including eight critical flaws. “The reason we wanted to focus on hubs was that if you control the central authority that runs the whole show then you can manipulate a lot of information that’s being passed around,” Crowley says. Simple checks on IoT crawlers like Shodan and Censys yielded thousands of vulnerable smart city products deployed in the wild. The researchers contacted officials from a major US city that they found using vulnerable devices to monitor traffic, and a European country with at-risk radiation detectors.
wired, 09.08.2018
gesellschaft_stadt_smart_city  überwachung_sensor_netzwerk  überwachung_stadt_smart_city  itsicherheit_exploit_flaw  itsicherheit_strategie  itsicherheit_netzwerk  itsicherheit_implementierung  itsicherheit_iot_m2m  internet_iot_m2m 
6 weeks ago by kraven
Unsafe at any clock speed: Linux kernel security needs a rethink
The Linux kernel today faces an unprecedented safety crisis. Much like when Ralph Nader famously told the American public that their cars were "unsafe at any speed" back in 1965, numerous security developers told the 2016 Linux Security Summit in Toronto that the operating system needs a total rethink to keep it fit for purpose. "Cars were designed to run but not to fail," Kees Cook, head of the Linux Kernel Self Protection Project, and a Google employee working on the future of IoT security, said at the summit. "Very comfortable while you're going down the road, but as soon as you crashed, everybody died." Protecting a world in which critical infrastructure runs Linux—not to mention protecting journalists and political dissidents—begins with protecting the kernel. The way to do that is to focus on squashing entire classes of bugs, so that a single undiscovered bug would not be exploitable, even on a future device running an ancient kernel. Further, since successful attacks today often require chaining multiple exploits together, finding ways to break the exploit chain is a critical goal.
ars technica, 27.09.2016
software_os_linux_kernel_kernelsec_kspp  itsicherheit_audit  itsicherheit_exploit_flaw  itsicherheit_os  itsicherheit_strategie  software_os_linux  itsicherheit_iot_m2m  internet_iot_m2m 
september 2016 by kraven

related tags

gesellschaft_stadt_smart_city  internet_iot_m2m  itsicherheit_audit  itsicherheit_exploit_flaw  itsicherheit_implementierung  itsicherheit_netzwerk  itsicherheit_os  itsicherheit_strategie  software_os_linux  software_os_linux_kernel_kernelsec_kspp  überwachung_sensor_netzwerk  überwachung_stadt_smart_city 

Copy this bookmark:



description:


tags: