K
Kathleen Martin
Guest
I have multiple Google Alerts keeping me apprised about announcements regarding radio frequency identification (RFID), Near Field Communication (NFC), Bluetooth Low Energy (BLE), real-time locating systems (RTLS) and other Internet of Things (IoT) technologies. Google Alerts lets people receive emails when new results for user-specified topics show up in Google Search. I receive daily alerts about product releases, pilots, deployments, standards and other developments, allowing me and RFID Journal reporter Claire Swedberg to find interesting angles to write about.
Typically, the articles I see in Google Alerts depict the IoT sector and the innovative technologies it encompasses as enjoying an era of unprecedented growth. Every now and then, though, the alerts cause me to raise an eyebrow. One of my alerts is for the term "Internet of Things" with the word "market" filtered out to avoid my being deluged with a plethora of websites promoting market reports—which can be useful, don't get me wrong, but they seem mass-produced on conveyor belts, considering how many new ones are announced every month. Today's alert was filled with alarming reports regarding a lack of IoT security.
An article from Digital Information World, titled "The Internet of Things Was Attacked Over a Billion Times in 2021," claimed the interconnected nature of common household appliances, smart devices and digital assistants (Alexa, for example) "is something that many experts are warning against," on the grounds that "this is the sort of thing that could potentially end up creating many more vulnerabilities that malicious actors can exploit." The article cites a report from SAM Seamless Network indicating more than a billion cyberattacks occurred last year, 900 million of them focused on the IoT, which the article paints as a very insecure environment.
Google Alerts also pointed me to a ZDNet story, "This Unpatched DNS Bug Could Put 'Well-Known' IoT Devices at Risk," covering a warning from researchers at IoT security firm Nozomi Networks. The warning pertains to a popular library for the C programming language for IoT products that is vulnerable to Domain Name System (DNS) cache-poisoning attacks, due to a 10-year-old bug that cannot be patched. Researcher Andrea Palanca, the article explains, discovered the DNS implementation of uClibc and uClibc-ng C libraries "generates predictable, incremental transaction identifiers (IDs) in DNS response and request network communications," affecting "a range of well-known IoT devices running the latest firmware versions with a high chance of them being deployed throughout all critical infrastructure."
Continue reading: https://www.rfidjournal.com/a-false-sense-of-iot-security
Typically, the articles I see in Google Alerts depict the IoT sector and the innovative technologies it encompasses as enjoying an era of unprecedented growth. Every now and then, though, the alerts cause me to raise an eyebrow. One of my alerts is for the term "Internet of Things" with the word "market" filtered out to avoid my being deluged with a plethora of websites promoting market reports—which can be useful, don't get me wrong, but they seem mass-produced on conveyor belts, considering how many new ones are announced every month. Today's alert was filled with alarming reports regarding a lack of IoT security.
An article from Digital Information World, titled "The Internet of Things Was Attacked Over a Billion Times in 2021," claimed the interconnected nature of common household appliances, smart devices and digital assistants (Alexa, for example) "is something that many experts are warning against," on the grounds that "this is the sort of thing that could potentially end up creating many more vulnerabilities that malicious actors can exploit." The article cites a report from SAM Seamless Network indicating more than a billion cyberattacks occurred last year, 900 million of them focused on the IoT, which the article paints as a very insecure environment.
Google Alerts also pointed me to a ZDNet story, "This Unpatched DNS Bug Could Put 'Well-Known' IoT Devices at Risk," covering a warning from researchers at IoT security firm Nozomi Networks. The warning pertains to a popular library for the C programming language for IoT products that is vulnerable to Domain Name System (DNS) cache-poisoning attacks, due to a 10-year-old bug that cannot be patched. Researcher Andrea Palanca, the article explains, discovered the DNS implementation of uClibc and uClibc-ng C libraries "generates predictable, incremental transaction identifiers (IDs) in DNS response and request network communications," affecting "a range of well-known IoT devices running the latest firmware versions with a high chance of them being deployed throughout all critical infrastructure."
Continue reading: https://www.rfidjournal.com/a-false-sense-of-iot-security
