February 28, 2016

“It’s not a major security issue but this story enforces what we already know (and be afraid) about IoT: those devices have weak configuration and they lack visibility/documentation about their behavior.”

the new stack: Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.” By David Cassel

'While the device is not necessarily sharing video from your camera, it is punching through firewalls to connect with other devices. Even if the user discovers it, it’s still extremely hard to turn off. And apparently it’s not the only electronic device that’s secretly phoning home.

'The manufacturers may envision this as a service, allowing mobile users to conveniently connect remotely to their collection of devices at home. But in some cases, manufacturers aren’t even publicizing these features to their customers, which is one of the things that’s alarming the former Washington Post cybercrime reporter, who hold the device up as an example of “Why People Fear the ‘Internet of Things’.”

'“[T]he problem with so many IoT devices is not necessarily that they’re ill-conceived, it’s that their default settings often ignore security and/or privacy concerns,” Krebs wrote.'

No comments: