IoT Security Lessons From Recent Projects

Forums Security Discussions (Security) IoT Security Lessons From Recent Projects

This topic contains 0 replies, has 1 voice, and was last updated by  TelegramGroup IoTForIndia 2 months, 2 weeks ago.

  • Author
  • #27281

    TelegramGroup IoTForIndia
    • Topic 842
    • Replies 0
    • posts 842

      #Discussion(Security) [ via IoTForIndiaGroup ]

      We don’t have to look too deeply to find practical ways to protect IoT operations. In this post, we will cover three common issues facing IoT projects and best practices to resolve.

      Lesson A – Message metadata can be leveraged to secure dispersed data distribution

      Lesson B – Legacy control equipment will often be the “weakest link”

      Lesson C – Vendor “fine print” may create data leakage leading to increased risk

      Again, George Cora has an example of a recent “ fine print” example:

      “A well-known IoT company has a legal disclaimer with their products that states that their cloud ‘gathers information from users, which may be comprised of … personally identifiable information’. It then goes on to say that ‘We do not consider the name, title, business address email or telephone number of an organization and/or employee of an organization …’ to be ‘… personally identifiable information …’. This is a case in point to look very clearly at the legal disclaimer. Some businesses will collect your or your client’s information and sell it or use it as they see fit. That is their business plan, and it is up to you to check because if the release of user information is specific enough, this can in turn, disclose information on the users of the particular IoT network. Potential intruders of the IoT network will now have specific user information to leverage through social engineering attacks. The end result is a risk increase to the IoT network.”

      Read More..

    You must be logged in to reply to this topic.