In 2011 Barnaby Jack warned of insulin pump attacks
(
https://en.wikipedia.org/wiki/Barnaby_Jack) yet in 2016 J&J had to warn their
customers that they were vulnerable to attack
(
https://www.techdirt.com/articles/20161004/06242635699/johnson-johnson-warn…).
When are companies going to get compliant with security?
-----Original Message-----
From: cctalk [mailto:cctalk-bounces at
classiccmp.org] On Behalf Of Alexandre Souza
Sent: Sunday, October 23, 2016 2:36 PM
To: General Discussion: On-Topic and Off-Topic Posts
Subject: Re: Time to get rid of weird connected appliances! <<SKYNET MUST
DIE>> check this
A good linux machine running a firewall wouldn't make all of this work flawlessly?
2016-10-23 17:31 GMT-02:00 Chuck Guzis <cclist at sydex.com>:
On 10/23/2016 01:29 AM, Guy Dawson wrote:
It's not so much an attack on IoT as with
IoT. The worm's ( assuming
a compromised IoT device is used to compromise others - I'm not sure
about this) job is to make IoT devices available to a control system
so that IoT devices can be used to generate the loads needed in DDOS
attacks.
The attackers would rather you did not know your IoT devices were
compromised as that way you'll leave them connected to the Internet
and under their control.
I contrast NFC and IoT. At least to me, "IoT" implies an
Internet-connected device. NFC implies only that there's a device
that can communicate wirelessly with nearby devices.
Having said that, if one prowls the web for vulnerabilities in, say,
DSL modems, it's shocking. Many, if not most, are running some sort
of Linux, usually BusyBox (not known for its security). There are
millions of the things out there, many with telnet enabled and still
with the default password. The ISPs who distribute these things
usually view them as "black boxes" and apparently have little interest in
security.
Whether or not some malefactor can hack a Carrier or Trane connected
thermostat is something that I've not researched.
--Chuck