Internet-connected devices face a deluge of attacks

Given the threat environment, a single vulnerability in an internet-connected device can lead to a quick compromise. Even when established security processes are in place, it is easy for vulnerabilities to sneak through. Development teams may have introduced a buffer overflow vulnerability within their software. They may have failed to store cryptographic keys in hardware. They may have allocated unnecessarily high privileges to user accounts, or failed to protect firmware using cryptographic signatures.

The security processes described in this chapter can put a development team on the right path towards identifying specific threats to their products. Once threats are identified, engineers can work on identifying and prioritizing security controls to reduce the threats.

At the same time, developers should be using automated security analysis tools to evaluate product firmware and identify vulnerabilities that must be mitigated, as discussed in Chapter 3, Approaches to Secure Development.

Independent security researchers provide a vital service for the IoT community. These researchers may contact your organization to share details about vulnerabilities they have discovered in your devices and systems. Treat these researchers with respect, and realize that they more than likely have your best interests in mind. They should follow a responsible disclosure process, whereby they are prohibited from publicizing your vulnerability until you have completed the steps needed to remediate it and made a patch available, if necessary.

Table of Contents for Internet-connected devices face a deluge of attacks

Create new playlist

Sign In

Sign Up

Table of Contents for
Internet-connected devices face a deluge of attacks