https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

3 security flaws in devices and IoT that need fixing

3 security flaws in devices and IoT that need fixing

  • Written by Grigorii Markov / Dark Reading
  • 26th February 2021

Rapid changes in how Internet of Things (IoT) devices around us interact with each other have created a landscape defined by unprecedented security vulnerabilities. There are three main security concerns with them and some possible fixes.

In December 2020, Forescout identified 33 vulnerabilities impacting four open source TCP/IP stacks. These are used by millions of devices around the world. They allow attackers to target a smart home or an automated industrial environment and use nearly any device as an entry point into the network.

According to IBM, the average cost of a data breach is just under $4 million, and it takes organizations an average of 280 days to identify and contain a breach. Meanwhile, the destructive potential of botnets has grown over the past few years. They propagate malware, mount distributed denial-of-service (DDoS) attacks, and spread disinformation on social media.

Problem 1: Unsecured API Connections
Application programming interfaces are widely used for devices to communicate with one another but are rarely built with robust security. For instance, when a data analyst directly accesses a database, most security systems will log that user’s name and role. But an external user may not have to offer those credentials. So, two log entries can be as such:

● John_Smith: Data Analyst – 172.20.118.97

●  App_User: Service Account – 172.20.0.159

Only one of these gives you useful information about the user’s identity. If your smart devices and IoT equipment don’t collect useful data, you lack edge-to-end network visibility.

Cybercriminals scour the Internet for exposed API tokens. It’s one of the easiest ways to quickly create and leverage an enormous botnet made up of zombie IoT devices.

How to Solve API Connection Issues
Security engineers and enterprise IT teams should treat apps and APIs like data gateways. This means reviewing API connections to make security-oriented changes.

If an IoT device has any external connection capacity, it should be configured to securely categorize incoming user requests and block unauthorized ones. Developers need to inform security professionals about “shadow APIs” that might go unnoticed. Teams must work together to identify deprecated and outdated APIs.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Applications Critical Infrastructure Cybersecurity Drones/Robots Enterprise Federal Government/Military Incident Command/Situational Awareness Internet of Things IoT/Smart X News Policy Public Safety Regional Coordination Security Software State & Local Government Subscriber Devices System Design System Operation Test & Measurement Tracking, Monitoring & Control Training Partner content

Most Recent


  • 3 security flaws in devices and IoT that need fixing
    Newscan: ‘Predator’ spyware let government hackers break into Chrome and Android, Google says
    Web Roundup Items from other news organizations ‘Predator’ spyware let government hackers break into Chrome and Android, Google says A private firm exposes Chrome vulnerabilities to government hackers, says Google EPA seeks funding to improve water-system cybersecurity Philadelphia launches real-time smart-city project NIST’s supply-chain security guidance tells agencies: Look to FedRAMP first Senate report highlights […]
  • Malicious Python Repository Package drops Cobalt Strike on Windows, macOS & Linux systems
    Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries seeking to distribute malware to a mass audience. The latest case in point is a malicious package for distributing Cobalt Strike on Windows, macOS, and Linux systems, […]
  • T-Mobile's CEO explains the company's new private 5G strategy
    T-Mobile on Monday took the wraps off its new private wireless networking offerings, and the company’s CEO spoke about it at length during an investor event. “CIOs everywhere are interested in this topic right now,” T-Mobile’s Mike Sievert said Monday at the J.P. Morgan Global Technology, Media and Communications Conference. “And they’re interested in it for a reason. […]
  • Hytera, Motorola Solutions refile appeal, cross-appeal in civil case
    As expected, Hytera Communications again has appealed a $543.7 million judgment against it to the 7th Circuit Court of Appeals, while Motorola Solutions this week filed for second time a cross appeal in the case that was initiated more than four years ago. There was little surprise in the filings, because both Hytera and Motorola […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • 3 security flaws in devices and IoT that need fixing
    Newscan: Feds recover millions from pipeline ransom hackers, hint at U.S. Internet tactic
  • Cyber is the new Cold War, and AI is the arms race
  • Microsoft patches 6 zero-day vulnerabilities under active attack
  • IoT connectivity spending climbs as COVID-19 cases decline

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Newscan: ‘Predator’ spyware let government hackers break into Chrome and Android, Google says dlvr.it/SR2lBG

25th May 2022
UrgentComm

Malicious Python Repository Package drops Cobalt Strike on Windows, macOS & Linux systems dlvr.it/SR0Qb2

24th May 2022
UrgentComm

T-Mobile’s CEO explains the company’s new private 5G strategy dlvr.it/SQyzhc

24th May 2022
UrgentComm

Hytera, Motorola Solutions refile appeal, cross-appeal in civil case dlvr.it/SQxNX1

24th May 2022
UrgentComm

Amid shifting workplace expectations, local government employers must adapt dlvr.it/SQwVVs

23rd May 2022
UrgentComm

The private-wireless networking opportunity shouldn’t stay too private dlvr.it/SQw7MT

23rd May 2022
UrgentComm

Europe’s first driverless-car test completed dlvr.it/SQvqyY

23rd May 2022
UrgentComm

FCC approves order to modernize priority-service rules dlvr.it/SQmSN0

20th May 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X