Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.

Consumers Urged to Junk Insecure IoT Devices

posted by Fnord666 on Wednesday June 19 2019, @10:28AM   Printer-friendly
from the seems-ok-to-me dept.

upstart writes:

Submitted via IRC for Bytram

Consumers Urged to Junk Insecure IoT Devices

A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security.

More than 2 million connected security cameras, baby monitors and other IoT devices have serious vulnerabilities that have been publicly disclosed for more than two months – yet they are still without a patch or even any vendor response.

Security researcher Paul Marrapese, who disclosed the flaws in April and has yet to hear back from any impacted vendors, is sounding off that consumers throw the devices away. The flaws could enable an attacker to hijack the devices and spy on their owners – or further pivot into the network and carry out more malicious actions.

“I 100 percent suggest that people throw them out,” he told Threatpost in a podcast interview. “I really, I don’t think that there’s going to be any patch for this. The issues are very, very hard to fix, in part because, once a device is shipped with a serial number, you can’t really change that, you can’t really patch that, it’s a physical issue.”

Marrapese said that he sent an initial advisory to device vendors in January, and after coordinating with CERT eventually disclosed the flaws in April due to their severity. However, even in the months after disclosure he has yet to receive any responses from any impacted vendors despite multiple attempts at contact. The incident points to a dire outlook when it comes to security, vendor responsibility, and the IoT market in general, he told Threatpost.

b-b-b-b-but it is still working!

Original Submission

 
This discussion has been archived. No new comments can be posted.
Consumers Urged to Junk Insecure IoT Devices | Log In/Create an Account | Top | 56 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Funny) by Anonymous Coward on Wednesday June 19 2019, @03:09PM (5 children)

    by Anonymous Coward on Wednesday June 19 2019, @03:09PM (#857461)

    Windows 95
    Windows 98
    Windows ME - Millennium Edition
    Windows NT 31. - 4.0
    Windows 2000
    Windows XP
    Windows Vista
    Windows 7
    Windows 8
    Windows 10
    Windows Server
    Windows Home Server
    Windows CE
    Windows Mobile
    Windows Phone 7-10

    Starting Score:    0  points
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Total Score:   2  

  • (Score: 3, Funny) by kazzie on Wednesday June 19 2019, @04:40PM (1 child)

    by kazzie (5309) Subscriber Badge on Wednesday June 19 2019, @04:40PM (#857503)

    You clearly have a higher opinion of Windows 3.11 than I do...

    • (Score: 0) by Anonymous Coward on Wednesday June 19 2019, @08:08PM

      by Anonymous Coward on Wednesday June 19 2019, @08:08PM (#857588)

      Because Win95SP1 was when spyware was added.

  • (Score: 2) by Freeman on Wednesday June 19 2019, @04:49PM

    by Freeman (732) on Wednesday June 19 2019, @04:49PM (#857510) Journal

    What about Windows 3.1 / DOS? Modems were around then too, you know.

    --
    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"

  • (Score: 3, Informative) by Freeman on Wednesday June 19 2019, @04:52PM (1 child)

    by Freeman (732) on Wednesday June 19 2019, @04:52PM (#857514) Journal

    Also, please note this much more interesting list:

    1971
            The Creeper system, an experimental self-replicating program, is written by Bob Thomas at BBN Technologies to test John von Neumann's theory.[2] Creeper infected DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message "I'm the creeper, catch me if you can!" was displayed. The Reaper program was later created to delete Creeper.[3]

    https://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms [wikipedia.org]

    --
    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"

    • (Score: 2) by Dr Spin on Thursday June 20 2019, @06:57AM

      by Dr Spin (5239) on Thursday June 20 2019, @06:57AM (#857804)

      So I can now get a ToaD*, but it is an IoT?

      * The ToaD is a "Ten on a Desk" - a fantasy of most programmers in those days (1976),
      given that a DEC 10 took up a LARGE room, and probably consumed at least 20kw,
      even for the smallest one.

      --
      Warning: Opening your mouth may invalidate your brain!