Senrio researchers to expose risk of lateral IoT attacks
As connected devices make their way onto more enterprise networks, researchers from the cutting edge IoT security firm Senrio will demonstrate how insecure and compromised Internet of Things endpoints can be leveraged in damaging cyber attacks.
Senrio Chief Technology Officer Stephen Ridley and VP of Research M Carlton will demonstrate how would-be attackers can exploit known vulnerabilities in the firmware (software) running on devices like IP cameras, wireless routers, network attached storage and other devices to gain access – to and control over hardware ranging from medical devices to industrial machinery.
>> Your ticket to the Security of Things™ Forum comes with an Explorer pass to LiveWorx 2018.
Register now and get $75 off admission using this link. <<
The two will present their research at The Security of Things Forum, a one day Internet of Things and security event taking place alongside the 2018 PTC LiveWorx Conference in Boston on June 19.
Embedded devices like routers and cameras pose a variety of risks to sensitive IT environments, Ridley and Carlton say. Among them: the re-use of vulnerable code across product families. That means a software flaw found in one firmware file might exist across dozens or scores of other versions of that software running on hundreds of different types of products.
Senrio has used research to expose these risks before. Last year, for example, its researchers highlighted a flaw dubbed Devil’s Ivy, which affected hundreds of security cameras made by the firm Axis Communications. That flaw was linked to a third-party software library and would allow an attacker who could connect to an Axis camera from the public Internet to take control of it, even if she did not know the user name and password required to log into the device.
In their presentation at The Security of Things, Ridley and Carlton will demonstrate how attackers can launch lateral attacks between IoT devices using critical vulnerabilities in popular devices. Among other things, the two will show that common responses to this threat, such as segmenting networks containing IoT devices is an insufficient defense.
The two will discuss useful approaches to identify IoT devices in sensitive network environments, assess their security risk and to protect them from compromise. Get your tickets now to reserve your seat!
About the Security of Things™ Forum (SECoT)
The Security of Things™ Forum (SECoT) delivers some of the world’s leading experts and executives for a day of discussion and debate on the preeminent challenge of our time: securing the Internet of Things. Since 2014, SECoT has drawn experts, practitioners, executives and entrepreneurs from government, academia and the private sector get together to explore the practical and political challenges of securing a global population of tens of billions of connected, intelligent devices.
Past keynote speakers include Chris Valasek of Uber, Dan Geer, the Chief Information Security Officer of In-Q-Tel, Federal Trade Commissioner, Julie Brill, Raytheon CTO Michael Daniels and renowned hacker Moxy Marlinspike.