IoT Security News: DoS Attack at Your Door and Semiconductor Stats

By Joanne Kelleher | December 22, 2017

IoT security and semiconductor industry growth were two of hottest tech-related topics in 2017. Every few weeks, we learned about next-generation IoT hacks, new security-related legislation, and exciting advances in processor technology. Here are a few interesting news items from the past month.

A DoS Attack at Your Door

Amazon Key is a new delivery service that enables a delivery person to enter your home and drop off a package. For $250, you get a digital keypad and a Wi-Fi-connected Amazon Cloud Cam for live streaming each delivery. But wouldn’t you know: Just a few weeks after the service’s launch, a security testing company discovered a way for a hacker to disable the camera while someone enters your home.IoT Security Hacking

Rhino Security Labs reported that it had used known vulnerabilities in Wi-Fi to launch a DoS attack against the camera to stop it from streaming and recording. “The technique used in the demonstration is a known and viable attack for all Wifi-connected devices that simply disconnects the device from its router,” Rhino Security Labs reported. “Amazon Key is a connected device that provides interior access to people’s homes, and when the device is disabled, the Amazon Key application does not alert the user to any error, issue or failure. In fact, if a user watches the camera view from within the app during the attack, it appears as if the Cloud Cam is merely buffering.”

Amazon launched the Amazon Key service in October. In mid-November, after Rhino Security Labs published its findings, several news outlets reported that Amazon had deployed a software update to address the issue. It remains to be seen how the Amazon Prime community takes to the service and IoT security issue. We will not be using the service at our corporate HQ any time soon.

Jail Time for Execs Hiding Data Breaches?

Earlier this year, we wrote about the Internet of Things Cybersecurity Improvement Act of 2017, which would establish security requirements for IoT devices procured by government agencies. In late November, US Senate Commerce Committee members revisited the security issue with the introduction of the Data Security and Breach Notification Act, which would establish national data breach reporting standards. If the bill passes, corporate executives will have 30 days to report data breaches or possibly face up to five years in prison.

Senator Bill Nelson (D-FL) introduced the bill on the heels of a few widely publicized data breaches. A few weeks ago, Uber revealed that 57 million accounts had been hacked in 2016. And in September, Equifax announced that hackers had accessed data from 143 million consumers.

It is unlikely that cybercriminals will stop undertaking such attacks any time soon. But legislation such as the Data Security and Breach Notification Act will pressure corporations to update consumers about security breaches in a more timelier manner. Read the Bill

SecureRF in the News

  • Louis Parks (CEO, SecureRF) was interviewed by Embedded Intel Solutions about authenticating remote devices using Intel Cyclone V SoC FPGAs. He also commented on a variety of IoT security-related topics, including quantum resistance. “The idea of quantum resistance methods has been an intellectually interesting idea for some time,” Parks said. “However, with the arrival of elementary working quantum computers in the last year to year and a half, the clock is now ticking to address this issue. There are a couple of solutions—we are one—that do address known quantum attacks today.” Read the Interview
  • Recent advances by companies such as IBM and Google in quantum computing raise the urgency to address potential IoT security threats. As we have noted in the past, known quantum computing attacks pose a threat to legacy cryptographic protocols, such as ECC and RSA. Louis Parks commented on this challenge in a recent IoT Institute article, “8 IoT Security Trends to Look Out for in 2018.” Read the Article
  • Iris Anshel (Chief Scientist, SecureRF) was featured in EE Times’s “Women in Tech: 25 Profiles in Persistence.” She was profiled along with 24 other women in tech—including engineers, scientists, and executives—from companies such as Qualcomm, STMicroelectronics, and Texas Instruments. In the interview, Anshel talked about her background in combinatorial group theory and the need to “nurture talent from all groups of people who are underrepresented in the STEM fields.” Read the Profile

News Briefs

  • According to a new report from Inmarsat Enterprise, more than half of the IT leaders at energy companies believe they lack the security skills needed to deploy successful IoT projects. In addition, only 38% of IT leaders at energy companies said they have taken additional steps to protect IoT projects against cyberattacks. Inmarsat Enterprise
  • The World Semiconductor Trade Statistics (WSTS) organization reports that 2017 semiconductor sales should exceed $400 billion. That is a 20.6% increase over 2016. According to the report, memory chip sales led the way in fall 2017 followed by logic chips. WSTS
  • Trendforce recently reported that semiconductor foundry global revenue will top $57 billion in 2017. Taiwan Semiconductor Manufacturing Company (TSMC) currently leads the industry with a market share of 55.9%. TrendForce
  • IC Insights forecasts that Samsung will unseat Intel as the top semiconductor supplier in 2017. It also reports that Nvidia will make the top-ten list for the first time. IC Insights