Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday November 13 2019, @04:09PM   Printer-friendly
from the Internet-of-Leaks dept.

Submitted via IRC for soylent_lavender

Ring Flaw Underscores Impact of IoT Vulnerabilities

A vulnerability in Amazon’s Ring Video Doorbell Pro IoT device could have allowed a nearby attacker to imitate a disconnected device and then sniff the credentials of the wireless networks when the owner reconfigured the device, according to a report issued by security firm Bitdefender.

The issue, which was fixed by Amazon in September, underscores the impact of a single insecure Internet-of-Things device on the organization in which it is deployed. While the vulnerability may only occur in a single network device, the result of the flaw could be leaked information — the wireless network password, for example — which  would have far more serious repercussions.

"IoT is a security disaster, any way you look at it," says Alexandru Balan, Bitdefender's chief security researcher. "Security is not the strong suit of IoT vendors — only rarely, do we see vendors who take security seriously."

The discovery of a serious vulnerability in a popular IoT product comes as businesses and consumers increasingly worry about the impact that such devices may have on their own security. Only about half of security teams have a response plan in place to deal with attacks on connected devices, according to recent report from Neustar. Even critical-infrastructure firms, such as utilities that have to deal with connected operational technology, a widespread class of Internet-of-Things devices, are ill-prepared to deal with vulnerabilities and attacks, the report says.

Vulnerabilities in IoT devices can have serious repercussions. In July, a team of researchers found widespread flaws in the networking software deployed in as many as 200 million embedded devices and found millions more that could be impacted by a variant of the issue in other real-time operating systems.

The issue with Amazon Ring is not as serious but it is a reminder that vulnerabilities can still be easily found in the devices by attackers paying attention, says Balan"We tend to look at the popular devices, and those tend to have better security than the less popular devices," 


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Interesting) by Rosco P. Coltrane on Wednesday November 13 2019, @04:31PM (7 children)

    by Rosco P. Coltrane (4757) on Wednesday November 13 2019, @04:31PM (#919900)

    Amazon is behind it, watching / recording videos of your house, neighborhood, friends and family, exploiting the data for profit without any regards for morals or ethics as long as it turns a profit, or letting unscrupulous employees watch the videos without your knowledge. Heck of an elephant in the room. How anyone with half a brain thinks it's acceptable is beyond me.

    • (Score: 2) by Bot on Wednesday November 13 2019, @05:00PM (6 children)

      by Bot (3902) on Wednesday November 13 2019, @05:00PM (#919914) Journal

      If people couldn't be driven to irrational behaviour, we wouldn't have smoking, MS windows, and systemd. IoT and generally the adoption of IT in the current state is just another way to have people scrambling around to fix leaks and buy reinvented wheels, an attack on the asset called time.

      A better model for the home would be... a home computer driving dumb peripherals. Easier to keep up to date and Free. Can be made redundant. Anything autonomous is a PITA.

      --
      Account abandoned.
      • (Score: 2) by Mojibake Tengu on Wednesday November 13 2019, @05:07PM (5 children)

        by Mojibake Tengu (8598) on Wednesday November 13 2019, @05:07PM (#919919) Journal

        Those recording devices are hardly autonomous. Truly autonomous devices would be logically encapsulated and self-sufficient, using only their interfaces, not clouds, to interact with other devices. A principle of locality.

        --
        Respect Authorities. Know your social status. Woke responsibly.
        • (Score: 2) by DannyB on Wednesday November 13 2019, @05:32PM (4 children)

          by DannyB (5839) Subscriber Badge on Wednesday November 13 2019, @05:32PM (#919928) Journal

          Confessionals should be soundproof. That way background noise is not picked up by autonomous recording devices.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
          • (Score: 2, Insightful) by Anonymous Coward on Wednesday November 13 2019, @08:15PM (1 child)

            by Anonymous Coward on Wednesday November 13 2019, @08:15PM (#919989)

            The catholic rise to power came so suddenly and lasted so long. Once you know a man's sins, you can get him to do anything by either catering to those sins, or by using the threat of exposing them over his head to get him to do whatever you need done.

            Catholicism can be seen as one of the first largescale, widespread, and overarching intelligence organizations... or organized crime rings.

            • (Score: 2) by Bot on Thursday November 14 2019, @01:38PM

              by Bot (3902) on Thursday November 14 2019, @01:38PM (#920321) Journal

              Except that a priest is not allowed to speak about confessed sins with anybody, not even the pope, which would make spilling the beans rather costly. The worst and most dangerous guys are not going to confess anyway. And the amount of general info collected by being trusted is far more useful than blackmail.

              --
              Account abandoned.
          • (Score: 0) by Anonymous Coward on Wednesday November 13 2019, @11:19PM (1 child)

            by Anonymous Coward on Wednesday November 13 2019, @11:19PM (#920062)

            confessionals should be a reality show

            • (Score: 0) by Anonymous Coward on Thursday November 14 2019, @01:10AM

              by Anonymous Coward on Thursday November 14 2019, @01:10AM (#920110)

              A drunk wandered into the Catholic Church, headed straight for the confessional.

              The priest saw, and scurried into position.

              No one said a word.

              Puzzled, the priest rattled on the grate and cleared his throat.

              Again, silence.

              The priest asks if there is any burden to lift to the Lord.

              The drunk finally responds...

              Sorry, ain't no paper in this side either!

(1)