Securing your IoT

Technical topics whether its hardware or software.
Post Reply
JanesAddiction_{HoF}
Posts: 12
Joined: Fri Sep 29, 2017 2:46 am

Securing your IoT

Post by JanesAddiction_{HoF} » Thu Jan 18, 2018 3:45 am

https://krebsonsecurity.com/2018/01/som ... iot-stuff/

Rule #1: Avoid connecting your devices directly to the Internet
Rule #2: If you can, change the thing’s default credentials
Rule #3: Update the firmware
Rule #4: Check the defaults - like universal plug and play UPnP

Nelsona
Posts: 72
Joined: Sat Sep 30, 2017 5:03 am

Re: Securing your IoT

Post by Nelsona » Thu Jan 18, 2018 6:22 am

For some gadgets aka "devices" that can be connected to Internet you can forget security, they are flawed by default including default Wi-Fi protocol used in common networking - thanks it has a limited range and we are somehow safe as long as expert intruder has to be closer - but there are chances to be hacked from a nearby location if hacker is coming around - no password is required.
Also there are routers vulnerable from factory - have fun with them.
Not the last but the most evil thing is devices and machines messed up by default having whatever debug tools "forgotten" there in final build, like logging as root with a blank password after repeated hitting Enter key. It's the night of the mind how do these geniuses are working.

There is one default rule: When you are connected to the Internet you might forget about security and privacy. Keep in mind that not every specialist is well intended speaking about his finds, some of them are keeping secrets about flaws for using them later if someone is pissing them off.

Nelsona
Posts: 72
Joined: Sat Sep 30, 2017 5:03 am

Re: Securing your IoT

Post by Nelsona » Sat Feb 10, 2018 8:13 pm

Bump here with something - not that new...
In the past old people especially have read about funky CPU bugs - processors more exactly which made M$ mad at doing Kernel systems - All but ALL of those CPU were having bugs.

Some years have passed - supposed with security privacy protection and all these nice words (myths). Some smart IT guys have just figured other bugs used by about 139 malware type apps which are based on newer discovered bugs which are part of nowadays CPUs and which do exist in a wide range of devices PC MAC Smart_Whatever thingy.
These are based on memory corruptions and are heading to control and steal private data from device - draw conclusion. These bugs were here since 1995 only "imported" upgraded to a bigger speed of execution... and unchanged. So to refrain, frankly, you had exploits for 23 years...

As long as equipment has an unpatched kernel, the system cannot be claimed secured regarding to what you think.

If you have an idea which you don't want to be stolen (a new invention) you'd better keep that on PAPER rather than in your computer /tablet/phone/etc. - just saying...

Fixing exploits for an already done machine with bugged hardware is doable by doing major changes to OS's kernel affecting SPEED for applications running based on CPU (not GPU). These exploits can be triggered by common stuff (like Java, FlashPlayers, documents shared, and so on).

Have a nice day, machines users !

Post Reply