Encryption and IoT - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Manufacturing

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

A connected world means a vulnerable world Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. But the moment we bring IoT into the mix, we create thousands of potential entry points for attackers.

IoT

IoT Firmware Encryption Authentication

Akira ransomware gang used an unsecured webcam to bypass EDR

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware

Ransomware IoT Encryption Passwords

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. He found that 39 percent of the vulnerable IoT things were in China; another 19 percent are located in Europe; seven percent of them are in use in the United States.

IoT

IoT Firewall Manufacturing Computers and Electronics

IoT Inspector Tool from Princeton

Schneier on Security

MAY 1, 2018

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. Related: IoT Hall of Shame. Some examples include: Samsung Smart TV.

IoT

IoT Manufacturing Encryption DNS

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. We can execute a lot of machine learning, at the edge, in IoT devices.

IoT

IoT Internet Internet Technology

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

The Last Watchdog

OCTOBER 18, 2023

Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. ABE makes it much more difficult to fraudulently decrypt an asset in its entirety; it does this by pulling user and data attributes into the encryption picture — in a way that allows decryption to be flexible.

Encryption

Encryption Surveillance Internet Internet

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Related: IoT growing at a 24% clip To get there to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge to benefit humankind cybersecurity must first catch up. New generations of microchips can embed encryption, monitoring and control capabilities into devices at the edge at scale.

Internet

Internet Internet IoT Manufacturing

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

The Last Watchdog

NOVEMBER 15, 2018

Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies. Tiered performances.

IoT

IoT Encryption Authentication Penetration Testing

Cisco secures IoT, keeping security closer to networking

Cisco Security

FEBRUARY 6, 2023

The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 A critical concern is deploying IoT devices without requisite security controls. Furthermore, 83% of IoT-based transactions happen over plaintext channels and not SSL, making them especially risky.

IoT

IoT Firewall Encryption Retail

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. Improper encryption. Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

GCHQ on Quantum Key Distribution

Schneier on Security

AUGUST 1, 2018

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. QKD also seems unsuitable for some of the grand future challenges such as securing the Internet of Things (IoT), big data, social media, or cloud applications. I agree with them.

Big data

Big data Encryption Authentication IoT

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

They outlined why something called attribute-based encryption, or ABE, has emerged as the basis for a new form of agile cryptography that we will need in order to kick digital transformation into high gear. PKI is the authentication and encryption framework on which the Internet is built. Encrypting just once.

Encryption

Encryption Artificial Intelligence IoT Data collection

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. Pierluigi Paganini.

IoT

IoT Firmware Advertising DNS

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

MARCH 17, 2020

Encryption is a cornerstone of digital commerce. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. PKI is the authentication and encryption framework on which the Internet is built.

Encryption

Encryption Authentication IoT Internet

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

MARCH 4, 2020

However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled. Related : The promise and pitfalls of IoT At the technology level, two fundamental things must get accomplished. More IoT standards are sure to come, but regulation will raise the bar only so high.

IoT

IoT Authentication Internet Internet

Consumer Reports Reviews Wireless Home-Security Cameras

Schneier on Security

NOVEMBER 7, 2018

Consumer Reports is starting to evaluate the security of IoT devices. The video is encrypted, and it travels from the camera through D-Link's corporate servers, and ultimately to the user's phone. Users can also access the same encrypted video feed through a company web page, mydlink.com. Boing Boing link.

Wireless

Wireless Manufacturing IoT Encryption

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Digital transformation: The integration of IoT, SCADA systems, and advanced analytics has increased operational efficiency but also expanded the attack surface. Leverage data analysis: Data analytics and IoT technologies are revolutionizing the oil and gas sector, enabling better monitoring and threat detection.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security

Security Boulevard

SEPTEMBER 11, 2024

Once SBOM and IAM provisioning knit seamlessly with policy-driven data encryption and AI-powered monitoring, they will have a far stronger security posture. The post The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security appeared first on Security Boulevard.

IoT

IoT Encryption Risk Government

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

FEBRUARY 18, 2020

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption.

Encryption

Encryption Firewall Risk IoT

Weekly Update 251

Troy Hunt

JULY 11, 2021

and I'm sure there'll be an all new stash of cyber-IoT-other things waiting for me at the end of it 🙂 References Finally got my first COVID shot!

IoT

IoT Encryption Government

Lousy IoT Security

Schneier on Security

DECEMBER 19, 2019

OTA -- over-the-air updates) were stored in a publicly accessible AWS S3 bucket that also lacked TLS encryption (CVE-2019-16270, CVE-2019-16274). Additionally, DTEN hadn't set up HTTPS web encryption on the customer web server to protect connections from prying eyes. meeting notes) and other sensitive files (e.g.,

IoT

IoT Wireless System Administration Encryption

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments.

Ransomware

Ransomware IoT Encryption Social Engineering

How can home security be improved with IoT?

CyberSecurity Insiders

JANUARY 31, 2022

The Internet of Things (IoT) has been exploding in the last decade, with more and more connected objects or devices. IoT also enables home security systems to offer a variety of new features, such as secure biometrics and face detection at your door. . IoT enables secure, remote updates, for devices installed for a long time.?

IoT

IoT Wireless Technology Internet

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks.

IoT

IoT Malware DDOS Advertising

Weekly Update 263

Troy Hunt

OCTOBER 2, 2021

See the references for all the details, but plenty of cyber, some IoT weather station discussion and a bit of chatter around career and me deciding I want to do a "Hack Your Career More" talk once we all get back to doing events in person. Lots of little bits and pieces this week in a later and shorter than usual update.

Password Management

Password Management IoT Encryption Passwords

New Sophisticated Malware

Schneier on Security

MAY 4, 2022

There are many keys to its stealth, including: The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don’t support antivirus or endpoint detection. This makes detection through traditional means difficult.

Malware

Malware IoT Wireless Antivirus

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

The Last Watchdog

APRIL 24, 2025

Related: PKI and the IoT cloud One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence of a dedicated Public Key Infrastructure (PKI) framework, tailored to banks and payment networks, guided by the Accredited Standards Committee X9 (ASC X9), and being rolled out by DigiCert.

Banking

Banking Internet Internet IoT

SHARED INTEL: What can be done — today — to keep quantum computing from killing encryption

The Last Watchdog

NOVEMBER 12, 2019

Their trepidation is focused on the potential undermining of a core security component of classical computing systems: encryption. The monumental challenge is that replacing classical encryption with PQC will be complicated and time consuming. To its credit, the global cybersecurity community is not asleep on this.

Encryption

Encryption Cyber Risk Architecture IoT

US NIST unveils winning encryption algorithm for IoT data protection

Bleeping Computer

FEBRUARY 8, 2023

The National Institute of Standards and Technology (NIST) announced that ASCON is the winning bid for the "lightweight cryptography" program to find the best algorithm to protect small IoT (Internet of Things) devices with limited hardware resources. [.]

IoT

IoT Encryption Internet Internet

Two NSA Algorithms Rejected by the ISO

Schneier on Security

APRIL 25, 2018

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. They are optimized for small and low-cost processors like IoT devices. These algorithms were both designed by the NSA and made public in 2013. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors.

IoT

IoT Encryption Technology Risk

What Is Encryption Key Management?

Security Boulevard

NOVEMBER 18, 2022

What Is Encryption Key Management? To keep data safe, it is encrypted and decrypted using encryption keys. Types of Encryption Keys. There are two main types of encryption keys : symmetric and asymmetric. Symmetric key encryption uses a single key to both encrypt and decrypt data. brooke.crothers.

Encryption

Encryption Digital transformation Insurance IoT

NIST Issues Call for "Lightweight Cryptography" Algorithms

Schneier on Security

MAY 2, 2018

Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone. The NSA's SIMON and SPECK would certainly qualify.

IoT

IoT Encryption

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption

Encryption Passwords IoT Firewall

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

The Hacker News

FEBRUARY 8, 2023

National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications.

IoT

IoT Encryption Authentication Internet

China is Still Inside US Networks — It’s Been SIX Months

Security Boulevard

DECEMBER 4, 2024

Hell froze over: FBI and NSA recommend you use strong encryption. The post China is Still Inside US Networks — It’s Been SIX Months appeared first on Security Boulevard.

Encryption

Encryption Cyber Attacks Data privacy IoT

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The data may also include your address and phone number if you have provided that to us.”

Passwords

Passwords Authentication Firmware Accountability

Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks

The Hacker News

JUNE 2, 2022

As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns.

IoT

IoT Ransomware Encryption Technology

GnuPG fixes a problem with Let’s Encrypt certificate chain validation

Malwarebytes

OCTOBER 8, 2021

Despite advance warnings that a root certificate provided by Let’s Encrypt would expire on September 30, users reported issues with a variety of services and websites once that deadline hit. An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. So what happened?

Encryption

Encryption Authentication IoT Passwords

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

The Last Watchdog

DECEMBER 13, 2023

Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. Notable progress was made in 2023 in the quest to elevate Digital Trust.

Encryption

Encryption Technology CISO IoT

Top 10 Cybersecurity Trends to Expect in 2025

Hacker's King

DECEMBER 24, 2024

Quantum Computing Threats While quantum computing offers immense potential, it also poses a serious risk to traditional encryption methods. Hackers with access to quantum technology could potentially break existing cryptographic protocols, necessitating the development of quantum-resistant encryption.

Cybersecurity

Cybersecurity Cyber Insurance IoT Insurance

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

MARCH 13, 2019

The drivers of IoT-centric commerce appear to be unstoppable. Count on the wide deployment of IoT systems to continue at an accelerated rate. There are already more IoT devices than human beings on the planet, according to tech industry research firm Gartner. This time the stakes are too high. Security-by-design lacking.

Internet

Internet Internet IoT Energy and Utilities

IoT Unravelled Part 3: Security

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

Webinars

Trending Sources

Akira ransomware gang used an unsecured webcam to bypass EDR

Webinars

P2P Weakness Exposes Millions of IoT Devices

IoT Inspector Tool from Princeton

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

Cisco secures IoT, keeping security closer to networking

Top IoT Security Solutions of 2021

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

GCHQ on Quantum Key Distribution

Overview of IoT threats in 2023

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

New Ttint IoT botnet exploits two zero-days in Tenda routers

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

Consumer Reports Reviews Wireless Home-Security Cameras

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

Weekly Update 251

Lousy IoT Security

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

How can home security be improved with IoT?

Kaiji, a new Linux malware targets IoT devices in the wild

Weekly Update 263

New Sophisticated Malware

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

SHARED INTEL: What can be done — today — to keep quantum computing from killing encryption

US NIST unveils winning encryption algorithm for IoT data protection

Two NSA Algorithms Rejected by the ISO

What Is Encryption Key Management?

NIST Issues Call for "Lightweight Cryptography" Algorithms

What Is Encryption? Definition, How it Works, & Examples

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

China is Still Inside US Networks — It’s Been SIX Months

Ubiquiti: Change Your Password, Enable 2FA

Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks

GnuPG fixes a problem with Let’s Encrypt certificate chain validation

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

Top 10 Cybersecurity Trends to Expect in 2025

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

Stay Connected