Insecurity in the Internet of Things (IoT)

The Open Web Application Security Project’s (OWASP) List of Top 10 Internet of Things (IoT)Vulnerabilities sums up most of the concerns and attack vectors surrounding the IoT category of devices as below:

• Insecure web interface
• Insufficient authentication/authorization
• Insecure network services
• Lack of transport encryption
• Privacy concerns
• Insecure cloud interface
• Insecure mobile interface
• Insufficient security configurability
• Insecure software/firmware
• Poor physical security

During a research by Symantec in 2015, they found issues such as the following:

• Around 19% of all tested mobile apps that are used to control IoT devices did not use Secure Socket Layer (SSL) connections to the cloud
• None of the analyzed devices provided mutual authentication between the client and the server
• Some devices offered no enforcement and often no possibility of strong passwords
• Some IoT cloud interfaces did not support two-factor authentication (2FA)
• Many IoT services did not have lock-out or delaying measures to protect users’ accounts against brute-force attacks
• Some devices did not implement protections against account harvesting
• Many of the IoT cloud platforms included common web application vulnerabilities
• 10 security issues were found in 15 web portals used to control IoT devices without performing any deep tests. 6 of them were serious issues, allowing unauthorized access to the backend systems.
• Most of the IoT services did not provide signed or encrypted firmware updates, if updates were provided at all

 

The above information is excerpted from a Symantec white paper regarding the Insecurity in the IoT.

 

 

 

My electronic UV light mosquito trap

There has been increased dengue fever cases in my residential area. As a preventive measure, I have bought some electronic ultraviolet light mosquito traps to capture the mosquitoes found in my house.

The body of this mosquito trap is mostly made by plastic, which might be the reason for its cheap price selling at around RM25 only. Anyhow, as long as it works, I am happy with it.

The most important parts of this mosquito trap are its 6 LED lights on top which emit purplish visible light and ultraviolet light which function to attract the mosquitoes to fly to it, and a small fan to suck the mosquitoes down into the trapping chamber.

As you can see from the photo, the trapping chamber can be opened up like a drawer, and you can inspect the amount of insects trapped and died inside, wash it and put it back to the device.

Its fan will generate some noise during operation, not very loud, but still audible at close distance, especially during quiet time. It's suction is not very powerful, so probably can only able to suck in the mosquitoes which flied very near to it, and might not be strong enough to suck in larger insects such as flies, cockroaches, etc.

Now, this question is, does it really work? I really can find dead mosquitoes in the trap. There isn't much mosquito in my house all the while though.

So, it really works! It might not be as effective as those models that use electrocute to kill the insects, but at this price I think is a worth.

ADcase the handphone case with special dampers that can save the phone from dropping damage

ADcase (active damping case) is a very innovative handphone case invented by a German engineering student called Philip Frenzel. It has just won an award from German Mechatronics Society.

The phone case has special shock-absorbers made with metal springs at its 4 corners. In normal situation, the shock-absorbers are hiding inside the case, and the case just looks like other normal handphone cases.

When sensors inside the case detected that the phone is on free fall dropping, it will immediately unfold the metal springs before hitting the ground. In this way, it can effectively protect the phone from damage due to dropping.

After the falling, the dampers can be manually folded back into the case and are therefore reusable.

You can watch the video below to see how ADcase reacts when the phone is dropping.

Very brilliant idea, isn't it?