A lock with the key still in it isn’t much of a solution. Sadly, the security in many embedded devices isn’t much better. Read the full blog here.
In June 2013, the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) published a list with more than 300 devices from approximately 40 vendors using hard-coded passwords. The use of hard-coded passwords can permit hackers to easily gain control of the devices and make it impossible to update the passwords to block future attacks. According to the ICS-CERT report, the vulnerability could be exploited to change critical settings and/or modify device firmware. Read full article here.
Shodan, “the scariest search engine on the Internet” according to CNN Money, is a search engine scouring the Internet looking for servers, webcams, printers, routers and all the other devices that are connected to, and make up, the Internet of Things. Searches on Shodan can find a stunning amount of information. Would-be hackers find critical systems to attack, search by city or GPS coordinates, and find detailed information on devices and their vulnerabilities. Read the full article here.
The FDA and Department of Homeland Security recently issued an alert urging medical device makers and medical facilities to upgrade security protections to protect against potential cyber threats. This was issued in response to an ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) publication of a list with more than 300 devices using hard coded passwords, allowing hackers to easily gain control of the devices and making it impossible to update the passwords to block future attacks. Read the full article here.