Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Domotics - a can-o-worms

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Domotics - a can-o-worms


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: blog.noticebored.com


This morning, Iโ€™ve been browsing and thinking about ISO/IEC 27403, a draft ISO27k standard on the infosec and privacy aspects of โ€œdomoticsโ€ i.e. IoT things at home.

ย 

Compared to a [reasonably well controlled] corporate situation, there are numerous โ€˜challengesโ€™ (risks) in the home setting e.g.:

  • Limited information security awareness and competence by most people. IoT things are generally just black-boxes.
  • Ad hoc assemblages of networked IT systems - including things worn/carried about the person (residents and visitors) and work things, not just things physically installed about the home (e.g. smart heating controls, door locks and cat feeders).
  • Things are not [always] designed for adequate security or privacy since other requirements (such as low price and ease of use) generally take precedence. Finite processing and storage capacities, plus limited user interfaces, hamper/constrain their security capabilities.
  • Lack of processes for managing security and privacy systematically at home. If anything, activities tend to be ad hoc/informal and reactive rather than proactive.
  • Informality: the home is a relatively unstructured, unmanaged environment compared to the typical corporate situation. Few domotics users even consider designing a complete system, although certain aspects or subsystems may be intentionally designed or at least assembled for particular purposes (e.g. entertainment).
  • Dynamics and diversity: people, devices and services plus the associated challenges and risks, are varied and changeable. The home is a fairly fluid environment anyway, and innovation is driving the tech at quite a pace.
  • Limited ability to control who may be present in/near the home and hence may be interacting with IoT devices e.g. adult residents plus children, owners, visitors, installers, maintenance people, neighbours, intruders ...ย  Physically securing things against accidental or malicious interaction is difficult, while networking compounds the issue.
  • Limited ability to manage and control IoT device and service supply chains, as well as the installation, configuration, use, monitoringย  and maintenance of devices and services, with little if any coordination among the parties.

Good luck to anyone seriously attempting to secure their own home, or for corporations concerned about securing their employees including home workers (execs and plebs) and an increasingly mobile and tooled-up workforce.ย 

For instance, I have only a rough idea of what IoT things are in my home, some of which are not mine and are not under my control. Security configuration is, at best, an ad hoc activity when (some) things turn up. Security monitoring and management (e.g. patching) are almost nonexistent, in practice. Being an infosec professional and geek, I do my level best to contain and protect work-related and personal info but it is hard going in such an open, dynamic and potentially hostile environment. โ€œZero trustโ€ just about sums it up.

The practical limitations, in turn, open the door to all manner of mischief and misfortune.ย  Itโ€™s a veritable can-o-worms I tell you.

...



๐Ÿ“Œ Can't execute anything, Can't sudo, Can't change permissions


๐Ÿ“ˆ 14.12 Punkte

๐Ÿ“Œ If You Can Say It, Now You Can See It: RunWayโ€™s Latest Artificial Intelligence Tool Can Generate Videos With Nothing But Words


๐Ÿ“ˆ 14.12 Punkte

๐Ÿ“Œ You canโ€™t be invulnerable, but you can be well protected


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Can Microsoft Edge Become the World's Top Browser? Stats Show It Canโ€™t


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet (33c3) - deutsche รœbers


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet (33c3)


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ You canโ€™t be invulnerable, but you can be well protected


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet (33c3) - deutsche รœbers


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Can Microsoft Edge Become the World's Top Browser? Stats Show It Canโ€™t


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet (33c3)


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Soon, you can buy gadgets that can self-destruct when stolen


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ USA can afford golf for Trump. Can't afford .com for FBI infosec service


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Your Selfies Can Hurt You But There's A Privacy Adviser That Can Help


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Drinking a Can of Sugary Soda Every Day Can Boost a Person's Risk For Prediabetes, Study Finds


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Can Microsoft Edge Become the World's Top Browser? Stats Show It Canโ€™t


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Can Microsoft Edge Become the World's Top Browser? Stats Show It Canโ€™t


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Extreme Cybersecurity Visibility: You Can't Secure What You Can't Measure


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Northrop Grumman can make a stealth bomber โ€“ but can't protect its workers' W-2 tax forms


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Your voice assistant can hear things you canโ€™t โ€“ such as a hacker


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Drinking a Can of Sugary Soda Every Day Can Boost a Person's Risk For Prediabetes, Study Finds


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Malware Makers Can Put a Price on Your Data โ€“ Can You?


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Hackers Can Take Control of Siri and Alexa By Whispering To Them in Frequencies Humans Can't Hear


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Hackers Can Talk To Voice Assistants Like Siri And Alexa By Speaking With A Voice You Can't Hear


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Why You Can't Fix Facebook (Only Facebook Can)


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Why Uber Can Find You but 911 Can't


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ How's the UX on the Web, Really? (aka If You Can't Measure It, You Can't Improve It)


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Lucifer: Recap zu "Anything Pierce Can Do I Can Do Better" (S03E21)


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ It's 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Alexa, Siri and Google can be tricked by commands you canโ€™t hear


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ Apple can't protect you from data trackers forever. No one can


๐Ÿ“ˆ 9.41 Punkte

๐Ÿ“Œ You can't always trust those mobile payment gadgets as far as you can throw them โ€“ bugs found by infosec duo


๐Ÿ“ˆ 9.41 Punkte











matomo