Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks, Carnegie Mellon University's CERT/CC warns.
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices - routers, DSL/cable modems, VoIP phones, IP/CCTV cameras - represent a significant attack surface.
The US energy grid is under cyber attack from Islamic State hackers but fortunately, these attacks end up in failure because the hackers are simply not skilled enough to do much damage, Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security, reassured the audience at GridSecCon 2015.
Tracking ankle bracelets that some criminals are forced to wear after being senteced to home detention can be hacked, allowing them to exit the house and go wherever they want without the police being none the wiser.
If the past 12 months saw a dramatic increase in data breach activity, then the year ahead promises to bring an entirely new set of concerns – and a shift in how companies are responding to the cyber threat.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.