IoT devices have evolved and expanded into commercial, and consumer uses. These appear throughout people’s homes with refrigerators, ovens, thermostat, light bulbs, and many other pieces of equipment.
Smart thermostats have become more prevalent in residences
in the last few years. These are a nice addition in that these are trained to
learn your optimal temperature, when you on average are in the house, and other
useful assists.
While these have beneficial aspects with this, let’s not
forget about detriments. When smart thermostats have not included cybersecurity
through their dev cycle and SDLC, you can be answering many questions from
clients, federal agencies, and other interested persons and stakeholders when
something goes wrong (i.e., a significant compromise).
Recently two models for smart thermostats have been noted to
have multiple security vulnerabilities. When successfully exploited, the bad
actors would be executing the code they wanted on the device. The device could
be weaponized with modified or rogue firmware.
The vulnerability allows an unauthenticated connection from a local network. The attack point is the WIFI microcontroller. This acts as a network gateway. This has been corrected, but only after the vulnerability had been known and open. This emphasizes the need for cybersecurity to be applied through the dev cycle, with security being at each gate. This also requires staff being comfortable in working with embedded systems, and all the nuances associated with these. Embedded systems require a different set of skills, different than the traditional IT.
Services
Enterprise and Embedded System Cybersecurity Engineering & Architecture
Red Team Product Pentesting | HW & SW BoMs | CBoM |
Vulnerability Management | Tabletop Exercises (TTX) |
Embedded Systems Architecture | Threat Intelligence |
TARA (Threat Assessment and Remediation Analysis) |
Supply Chain Cybersecurity Review
Reverse Engineering
charles.parker@mielcybersecurity.net 810-701-5511
No comments:
Post a Comment