create account

Painful IoT Security Lessons Highlighted by a Digital Padlock by mrosenquist

View this thread on: hive.blogpeakd.comecency.com
cybersecurity · @mrosenquist ·
$3.40
Painful IoT Security Lessons Highlighted by a Digital Padlock
<html>
<p><img src="https://i.postimg.cc/MHd3Tfrg/cyber-security-3411476-640.jpg"/></p>
<p>The first warning sign was “hackproof” in the <a href="https://www.kickstarter.com/projects/1686612613/360lock-1st-modular-smart-padlock-certified-by-blo">360Lock marketing materials</a>. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.</p>
<p><a href="https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/">Straightforward penetration testing revealed</a> horrible logical and physical security for a padlock that promotes itself as “incorruptible” and “hackproof”!</p>
<p>Digital Transformation is a rush to connect our physical world to the global electronic ecosystem to enable better access, integration, and advanced capabilities. Internet of Things (IoT) devices are often at the forefront of this movement, turning normal devices into ‘smart’ devices. Sometimes even the best ideas fail when it comes to design and execution. </p>
<p>This padlock has several innovative features such as connectivity to mobile applications, an included RFID wristband and tag for easy unlocking, configurability to add access for others, and a detailed history log. What it lacks however, is actual security.</p>
<h3><strong>Security theater</strong></h3>
<p>Simple pentesting proved what was likely a foregone conclusion. The kickstarter funded lock is neither hackproof nor secure. Testers found that simple replay attacks could trick the logic to open the device. Additionally, crude brute-force methods were able to compromise the integrity of the lock mechanism. Pounding it with a hammer quickly defeated the padlock. </p>
<p>The results highlighted that the $40 lock is not robust and better served as a visual deterrent, casual locking device, or novelty item. </p>
<h3><strong>An industry problem</strong></h3>
<p>A massive quantity and vast diversity of smart devices are emerging. Most connect to the internet and require a high degree of security. Connectivity accentuates vulnerabilities. Sadly, many of the IoT devices consumers and businesses are embracing lack the necessary measure for security rigor, leaving users exposed and data vulnerable. </p>
<p>The 360Lock is not the only device that has poor security, but it does highlight two important points, emphasizing overall industry challenges. </p>
<p>First<a href="https://medium.com/@matthew.rosenquist/unhackable-product-claims-are-a-fiasco-waiting-to-happen-dc73e4f763ff">, never trust any product that claims to be ‘unhackable’</a>. Seasoned security professionals would never make such an outlandish assertion as to say a device is hackproof! The fact that 360Lock promoted their product in this way was the only indicator needed to instill great skepticism.   </p>
<p>Second, this device’s weaknesses highlight the need for proper data transport security. Man-in-the-Middle (MitM) attacks, such as a replay attacks, are common tactics for hackers. Transactional security is absolutely critical to protect data and requests. Unfortunately, securing data in-transit between IoT devices on the edge and phones/PC/cloud-services requires the right expertise and tools. Most failures occur in how data protections are implemented and managed. As a rule, if a product manufacturer is not detailing their security, they likely do not have quality capabilities in place.</p>
<h3><strong>Painful lessons</strong></h3>
<p>Consumers must be wary and realize that even dedicated security products, such as padlocks, can be victimized by poor development decisions. Trendy features are no replacement for solid security and reliability. IoT devices are often much less secure than the marketing materials and salesperson will reveal. Look for reputable manufacturers who have committed to work with the best technology, security integrators, and verification practices. Every consumer and business is responsible for understanding the risks accompanying the benefits of new technology.</p>
<p><br/></p>
<p>Interested in more? Follow me on <a href="https://www.linkedin.com/today/author/matthewrosenquist">LinkedIn</a>, <a href="https://medium.com/@matthew.rosenquist">Medium</a>, and <a href="https://twitter.com/Matt_Rosenquist">Twitter (@Matt_Rosenquist)</a> to hear insights, rants, and what is going on in cybersecurity.</p>
</html>
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
properties (23)
authormrosenquist
permlinkpainful-iot-security-lessons-highlighted-by-a-digital-padlock
categorycybersecurity
json_metadata{"tags":["cybersecurity","security","iot","technology","hacking"],"image":["https://i.postimg.cc/MHd3Tfrg/cyber-security-3411476-640.jpg"],"links":["https://www.kickstarter.com/projects/1686612613/360lock-1st-modular-smart-padlock-certified-by-blo","https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/","https://medium.com/@matthew.rosenquist/unhackable-product-claims-are-a-fiasco-waiting-to-happen-dc73e4f763ff","https://www.linkedin.com/today/author/matthewrosenquist","https://medium.com/@matthew.rosenquist","https://twitter.com/Matt_Rosenquist"],"app":"hiveblog/0.1","format":"html"}
created2020-09-16 01:05:21
last_update2020-09-16 01:05:21
depth0
children2
last_payout2020-09-23 01:05:21
cashout_time1969-12-31 23:59:59
total_payout_value1.944 HBD
curator_payout_value1.458 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length4,388
author_reputation179,465,243,630,432
root_title"Painful IoT Security Lessons Highlighted by a Digital Padlock"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id99,650,642
net_rshares14,718,687,259,213
author_curate_reward""
vote details (60)
@enforcer48 · 
Gotta love fancy gadgets that wind up not worth their money.
properties (22)
authorenforcer48
permlinkre-mrosenquist-qgqhen
categorycybersecurity
json_metadata{"tags":["cybersecurity"],"app":"peakd/2020.09.4"}
created2020-09-16 04:20:48
last_update2020-09-16 04:20:48
depth1
children0
last_payout2020-09-23 04:20:48
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length60
author_reputation426,238,777,098,689
root_title"Painful IoT Security Lessons Highlighted by a Digital Padlock"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id99,652,572
net_rshares0
@ultimus ·
$0.04
Insecure and weak 'smart' devices.  Even padlocks aren't secure
👍  
properties (23)
authorultimus
permlinkqgq8nh
categorycybersecurity
json_metadata{"app":"hiveblog/0.1"}
created2020-09-16 01:11:42
last_update2020-09-16 01:11:42
depth1
children0
last_payout2020-09-23 01:11:42
cashout_time1969-12-31 23:59:59
total_payout_value0.032 HBD
curator_payout_value0.005 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length63
author_reputation6,664,676,750,516
root_title"Painful IoT Security Lessons Highlighted by a Digital Padlock"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id99,650,692
net_rshares391,042,122,159
author_curate_reward""
vote details (1)
Help/Feedback