Cybersecurity and IoT devices
IoT devices have evolved and expanded into commercial, and consumer uses. These appear throughout people’s homes with refrigerators, ovens, thermostat, light bulbs, and many other pieces of equipment.
Smart thermostats have become more prevalent in residences in the last few years. These are a nice addition in that these are trained to learn your optimal temperature, when you on average are in the house, and other useful assists.
While these have beneficial aspects with this, let’s not forget about detriments. When smart thermostats have not included cybersecurity through their dev cycle and SDLC, you can be answering many questions from clients, federal agencies, and other interested persons and stakeholders when something goes wrong (i.e., a significant compromise).
Recently two models for smart thermostats have been noted to have multiple security vulnerabilities. When successfully exploited, the bad actors would be executing the code they wanted on the device. The device could be weaponized with modified or rogue firmware. The vulnerability allows an unauthenticated connection from a local network. The attack point is the WIFI microcontroller. This acts as a network gateway. This has been corrected, but only after the vulnerability had been known and open. This emphasizes the need for cybersecurity to be applied through the dev cycle, with security being at each gate. This also requires staff being comfortable in working with embedded systems, and all the nuances associated with these.
Embedded systems require a different set of skills, different than the traditional IT.
About the Author
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Comments