Both the beauty and the downfall of the Internet of Things (IoT) is that the power is in the software; it controls our devices and the networks that provide connectivity and communications. Over the years, we’ve realized how important it is to write code that is resistant to malicious attack. In 2012, malicious software called Sykipot surfaced – traces had been found in cyberattacks since 2006, but this set a new standard; this was the first time Sykipot targeted smart cards used by government employees to access restricted servers and networks.
Before that, three Web domains associated with the home page of the U.S. Bureau of Engraving and Printing, which falls under the auspices of the Treasury Department, served up malicious software. Hackers added some iframe HTML code to the sites that in effect redirects visitors to a bogus site hosted in Ukraine. Once they land on that page, it launched a variety of Web-based attacks based on a commercially available attack kit called the Eleonore Exploit pack.
We’ve already seen these types of attacks in the modern era of the Internet of Things. Proofpoint recently uncovered an IoT-based cyberattack, which involved more than 750,000 malicious email communications coming from more than 100,000 consumer gadgets, such as home networking routers, multimedia centers, TVs and at least one refrigerator.
In a whitepaper, “Defend Against Injection-based Attacks,” Klocwork, a company that enables secure and reliable software, discussed the most common security vulnerabilities in the software development industry, how they present themselves to end users and developers and mitigation strategies to resolve each issue. Klocwork provides tools that enable developers to identify potential security vulnerabilities and reliability issues before they’re submitted to the software build. Some of the biggest brands in automotive, consumer electronics, gaming, medical technologies, military and aerospace, mobile device and telecom sectors rely on Klocwork and its tools to create secure and reliable software.
Today, the most common security weaknesses are in software accessible from a desktop, tablet or mobile device. Web-based applications, network-enabled or controlled devices and wisely used mobile software are the most targeted applications. These weaknesses can usually be traced back to the developer not anticipating how software could be misused or made to perform actions it wasn’t designed to do.
There are many types of security vulnerabilities that exist in computer software today. Finding and removing these weaknesses as quickly as possible ensures that software running crucial functionality remains secure and protected.
Read the whitepaper on understanding and mitigating security vulnerabilities here, and then make sure you understand the three guidelines to protecting M2M systems.
Edited by
Cassandra Tucker