In 2011 Barnaby Jack warned of insulin pump attacks (https://en.wikipedia.org/wiki/Barnaby_Jack) yet in 2016 J&J had to warn their customers that they were vulnerable to attack (https://www.techdirt.com/articles/20161004/06242635699/johnson-johnson-warns-insulin-pump-owners-they-could-be-killed-hackers.shtml). When are companies going to get compliant with security?
-----Original Message----- From: cctalk [mailto:[email protected]] On Behalf Of Alexandre Souza Sent: Sunday, October 23, 2016 2:36 PM To: General Discussion: On-Topic and Off-Topic Posts Subject: Re: Time to get rid of weird connected appliances! <<SKYNET MUST DIE>> check this A good linux machine running a firewall wouldn't make all of this work flawlessly? 2016-10-23 17:31 GMT-02:00 Chuck Guzis <[email protected]>: > On 10/23/2016 01:29 AM, Guy Dawson wrote: > > It's not so much an attack on IoT as with IoT. The worm's ( assuming > > a compromised IoT device is used to compromise others - I'm not sure > > about this) job is to make IoT devices available to a control system > > so that IoT devices can be used to generate the loads needed in DDOS > > attacks. > > > > The attackers would rather you did not know your IoT devices were > > compromised as that way you'll leave them connected to the Internet > > and under their control. > > I contrast NFC and IoT. At least to me, "IoT" implies an > Internet-connected device. NFC implies only that there's a device > that can communicate wirelessly with nearby devices. > > Having said that, if one prowls the web for vulnerabilities in, say, > DSL modems, it's shocking. Many, if not most, are running some sort > of Linux, usually BusyBox (not known for its security). There are > millions of the things out there, many with telnet enabled and still > with the default password. The ISPs who distribute these things > usually view them as "black boxes" and apparently have little interest in > security. > > Whether or not some malefactor can hack a Carrier or Trane connected > thermostat is something that I've not researched. > > --Chuck >
