Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Ring Flaw Underscores Impact of IoT Vulnerabilities

posted by janrinok on Wednesday November 13 2019, @04:09PM   Printer-friendly
from the Internet-of-Leaks dept.

upstart writes:

Submitted via IRC for soylent_lavender

Ring Flaw Underscores Impact of IoT Vulnerabilities

A vulnerability in Amazon’s Ring Video Doorbell Pro IoT device could have allowed a nearby attacker to imitate a disconnected device and then sniff the credentials of the wireless networks when the owner reconfigured the device, according to a report issued by security firm Bitdefender.

The issue, which was fixed by Amazon in September, underscores the impact of a single insecure Internet-of-Things device on the organization in which it is deployed. While the vulnerability may only occur in a single network device, the result of the flaw could be leaked information — the wireless network password, for example — which  would have far more serious repercussions.

"IoT is a security disaster, any way you look at it," says Alexandru Balan, Bitdefender's chief security researcher. "Security is not the strong suit of IoT vendors — only rarely, do we see vendors who take security seriously."

The discovery of a serious vulnerability in a popular IoT product comes as businesses and consumers increasingly worry about the impact that such devices may have on their own security. Only about half of security teams have a response plan in place to deal with attacks on connected devices, according to recent report from Neustar. Even critical-infrastructure firms, such as utilities that have to deal with connected operational technology, a widespread class of Internet-of-Things devices, are ill-prepared to deal with vulnerabilities and attacks, the report says.

Vulnerabilities in IoT devices can have serious repercussions. In July, a team of researchers found widespread flaws in the networking software deployed in as many as 200 million embedded devices and found millions more that could be impacted by a variant of the issue in other real-time operating systems.

The issue with Amazon Ring is not as serious but it is a reminder that vulnerabilities can still be easily found in the devices by attackers paying attention, says Balan"We tend to look at the popular devices, and those tend to have better security than the less popular devices," 

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ring Flaw Underscores Impact of IoT Vulnerabilities | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by Anonymous Coward on Wednesday November 13 2019, @08:15PM (1 child)

    by Anonymous Coward on Wednesday November 13 2019, @08:15PM (#919989)

    The catholic rise to power came so suddenly and lasted so long. Once you know a man's sins, you can get him to do anything by either catering to those sins, or by using the threat of exposing them over his head to get him to do whatever you need done.

    Catholicism can be seen as one of the first largescale, widespread, and overarching intelligence organizations... or organized crime rings.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Total Score:   2  

  • (Score: 2) by Bot on Thursday November 14 2019, @01:38PM

    by Bot (3902) on Thursday November 14 2019, @01:38PM (#920321) Journal

    Except that a priest is not allowed to speak about confessed sins with anybody, not even the pope, which would make spilling the beans rather costly. The worst and most dangerous guys are not going to confess anyway. And the amount of general info collected by being trusted is far more useful than blackmail.

    --
    Account abandoned.