Aaron Guzman is a Director with Aon’s Cyber Solutions Group, also serving as Head of Automotive & IoT Testing.
In preparation for the country's 2020 Olympics (and - ostensibly - in order to avoid catastophic numbers of IoT vectored attacks during the Olympic events)... Probably about 5 years too late, though, as the enormity of fixing the problems may be insurmountable even for the Japanese Governmental Security Groups, who are well-known for attention to detail. Regardless there will certainly be an enormous number of surprises and what-not in their targeted bailiwick of connected devices. H/T
Terrific blog post by Gerhard Jacobs, writing at the Imperva Cybersecurity blog, and discussing IoT and ML with Gilad Yehudai (Gilad is a Security Research Engineer at Imperva), this time, where connected devices and machine learning interact in concert with and inform warfighting and warrior, and machine capabilities. Today's Must Read.
465,000. The number of Abbott manufactured pacemakers that require software updates due to life-threatening vulnerabilities resident within installed software packages. Coupled with easy accessibility via the interwebs, another example of incompetent software engineering in the manufacturing process? No, just a jarring welcome to the Internet of Shite. The United States Food and Drug Administration's announcement ordering a recall and detailing the flaws came as no real surprise:
via the FDA Announcement: Abbott's (formerly St. Jude Medical's) implantable cardiac pacemakers, including cardiac resynchronization therapy pacemaker (CRT-P) devices, provide pacing for slow or irregular heart rhythms. These devices are implanted under the skin in the upper chest area and have connecting insulated wires called "leads" that go into the heart. A patient may need an implantable cardiac pacemaker if their heartbeat is too slow (bradycardia) or needs resynchronization to treat heart failure. The devices addressed in this communication are the following St. Jude Medical pacemaker and CRT-P devices:
- Accent MRI
- Accent ST
Andrei Robachevsky, a Technology Program Manager at The Internet Society (ISOC), writes of a contemplated security engineering initiative targeting security flaws in the Internet of Things environ. Today's Must Read.
"Unfortunately, as is often the case with fast-pace developments, security of IoT components and the system as a whole is lagging. Price and functionality features take higher priority. We need to make security and privacy the most important features. Never before has the virtual world penetrated so deep into our physical lives, and if the gap isn't shortened there is a high risk of long-term damage to user confidence in the IoT." - Andrei Robachevsky, Technology Program Manager at The Internet Society (ISOC)
Meanwhile, in troubling IoT news, a paper (published by the IACR) entitled "IoT Goes Nuclear: Creating a ZigBee Chain Reaction" & authored by Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten (a Weizmann MSc student); we find - perhaps - the ultimate ZigBee nightmare... Today's Must Read (and while your're at it, check out the video to round out your day). Thanks and Tip O' The Hat