3、研究者称IoT恶意软件即将扩大感染范围
标题:IoT Malware Will Soon Surround Us: Researcher
作者信息:November 11, 2016 By Ionut Arghire
//BEGIN
When it comes to Internet of Things (IoT) devices, everything from smart glasses to connected cars is susceptible to malware infection if not properly
secured, Fortinet senior researcher Axelle Apvrille said in a presentation at the DefCamp 2016 security conference in Bucharest, Romania this week.
来自传统安全公司Forinet的研究人员最近在安全峰会DefCamp2016(2016年11月10-11日在罗马尼亚首都布加勒斯特举行)上表示:恶意代码已经盯上了物联网IoT设备:从智能眼镜到智能汽车等等与人们的日常生活密切相关的设备都上榜。
//END
“There is a new path of least resistance, which Mirai so well illustrated. Consumer connected devices are generally not built with security in mind. The
software that powers these devices isn’t tested to the same level that a financial institution will test a Web application. The hardware, firmware, and OS
isn’t sufficiently hardened against attack. If a password exists, it is weak and widely published in support documentation that is broadly available on the
Internet,” Cigital’s Jim Ivers noted in a recent SecurityWeek column.
Because of these vulnerabilities and lack of security standards, any IoT device in a smart home could represent a vulnerable entry point for a malware
attack. By compromising a toothbrush, a toaster, or a refrigerator, an attacker could then spread malware to other devices on the network, including
computers and smartphones.
近期的Mirai(未来)物联网恶意代码被连篇累牍,特别是与最终客户相关的物联网设备的安全特性非常之少,而且物联网设备的出厂测试过程也非常简单:更多的是功能性的测试,而没有安全性的详尽测试,现实情况是与网银等的应用投入的精力差别很大。当然物联网设备安全涉及到硬件、固件、操作系统等一整个链条。一个简单的例子是有时某些设备的使用是需要密码的,不过这些密码被写在说明书和宣传册,几乎人人尽知。
智能家居的安全薄弱环节可能成为被入侵的入口,通过感染智能牙刷、智能电冰箱、智能炊具等,恶意代码然后能横向移动感染其他智能设备或者手机和电脑。
点评:物联网安全之智能家居安全..... |