IoT, IIoT and Shadow

Shadow IT is where I really delved into security.  And the human condition is what makes everything we do inherently insecure. We’ll always find a way around the rules to suit things to our own likings. The explosion of devices, the need to connect anything to everything – that is a disaster of our own making.

IOT
By now, most people know that webcams mics, can be hacked remotely. Yes – go cover your webcam now. Because the NSA was watching. Except for those who use Macs, with the little light that indicates if your webcam is in use. However, even that security can be bypassed. Synack’s Patrick Wardle claims attackers can bypass the light indicator in Macs by piggybacking onto lives sessions of Skype or FaceTime when the camera and mic are already in use. They can then remotely record these sessions. The good news is that wardle has a tool, Oversight, which can block those rogue webcam connections. And it’s free.
http://www.zdnet.com/article/new-attack-can-stealthily-monitor-your-mac-video-calls/#ftag=RSSbaffb68?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=information_security

HEALTHCARE
Oct 8 Hackers Could Harm Diabetics via Insulin Pump Attacks
Insulin pumps by Johnson & Johnson firm Animas are vulnerable to remote attacks. The security holes are serious but the risk is seen as low and the vendor is not going to release a firmware update. One Touch Ping pumps have a remote that controls the pump function from up to 10 feet away. The remote and pump communicate over an unencrypted channel, which was accidentally discovered by a security researcher who happens to be diabetic. This would allow a MiTM attack to intercept certain patient data. The danger comes in an attacker being able to spoof the remote and issue commands to change the amount of insulin dispensed, which could bring on a severe or even fatal reaction. Johnson & Johnson has since notified patients
http://www.securityweek.com/hackers-could-harm-diabetics-insulin-pump-attacks

Advertisements