Welcome to the April 2024 edition of IoT Insider, your go-to source for the latest news and trends in the world of Internet of Things. In this edition, we bring you a curated selection of news and regulations to keep you informed and empowered in the digital age.
1. Cyber Threats on the Rise | Protect Your Digital Fortress!
As technology advances, so do the risks. We highlight the latest cyber threats making headlines, from sophisticated ransomware attacks to data breaches affecting millions.
- Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit. Researchers have developed a simple exploit capable of unlocking all of the doors at more than 10,000 hotels. Saflok-brand RFID-based keycard locks have been around for 36 years. But only in the late summer of 2022 did a team of seven researchers identify a series of vulnerabilities that allowed hackers to crack them open, deadbolt and all, using only a customized keycard.
- Fatal Tesla ‘Autopilot’ crash of Apple engineer reaches settlement – report. The incident that received significant media attention, involving the unfortunate loss of life of an Apple employee while driving a Tesla, has been resolved. The electric car company has reached a settlement with the family of the deceased individual.
- Critical RCE bug in 92,000 D-Link NAS devices exploited in attacks. Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw. The security vulnerability (CVE-2024-3273) is the result of a backdoor facilitated through a hardcoded account (username “messagebus” with an empty password) and a command injection issue via the “system” parameter.
- IoT Botnets and Infostealers Target Retail Sector.Based on the research conducted by Netskope Threat Labs on cloud threats in the retail sector, it has been identified that IoT botnets, remote access tools, and infostealers were the prominent malware families observed in the retail industry during the previous year.
- Secret codes of thousands of alarm systems were exposed online for a whole year! Our safety and security are crucial, and this incident serves as a strong reminder to be extra cautious with our personal security measures (Please note that the article is in Dutch).
- Microsoft April 2024 Patch Tuesday fixes 3 critical Remote Code Execution Vulnerabilities for Microsoft Defender. CVE-2024-29053 CVE-2024-21323 CVE-2024-21322
- LG smart TVs may be taken over by remote attackers. Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search engine for Internet-connected devices, identified over 91,000 devices that expose this service to the Internet,” the researchers pointed out. The vulnerabilities are: CVE-2023-6317 is a prompt bypass in the secondscreen.gateway service running on webOS, which may allow attackers to create a privileged account without having to enter the security PIN and without any user interaction. CVE-2023-6318 is a command injection vulnerability that can be triggered with a series of authentication requests and can lead to command execution as the root user. CVE-2023-6319 allows OS command injection and CVE-2023-6320 lets an attacker inject authenticated commands by manipulating a specific API endpoint and achieve command execution as the (highly privileged) dbus user.
- Sophisticated backdoor found in XZLib 5.6.0/5.6.1. a major component of many POSIX OSs such as Linux, MacOS, Android, iOS, IoT devices, & the WSL component of Windows.
2. Global Cybersecurity Regulations | Navigating the Compliance Maze
Governments worldwide are tightening their grip on cybersecurity regulations. Stay updated on the latest compliance requirements, privacy laws, and data protection regulations that can impact businesses and individuals alike. We decode complex jargon and provide practical insights to help you navigate the compliance maze effortlessly.
- The UNECE R155 and R156 regulations establish cybersecurity and software update requirements, to strengthen the safety and security of automotive systems. UNECE compliance: Simplifies the regulatory process for manufacturers looking to sell their products in multiple countries. The requirements will be starting in July 2024. And in July 2026 it will be enforced.
- NIST has posted an initial public draft of Cybersecurity White Paper (CSWP) 33, Product Development Cybersecurity Handbook: Concepts and Considerations for IoT Product Manufacturer...This Product Development Cybersecurity Handbook describes broadly applicable considerations for developing and deploying secure IoT products across sectors and use cases. This handbook extends NIST’s work to consider the cybersecurity of IoT product components beyond the IoT device.
- UK Product Security and Telecommunications Infrastructure (PSTI) Regulation 2023: Starting from April 29, 2024, the PSTI Regulation will be enforced in the United Kingdom. Under this regulation, manufacturers and importers are required to provide a statement of compliance prior to introducing their products into the market. This measure aims to ensure the security and integrity of products related to telecommunications infrastructure and product security.
- The Cyber Resilience Act (CRA) is the first legislation at the European Union level that establishes common cybersecurity regulations for manufacturers and developers of products incorporating digital elements, including both hardware and software. This act is anticipated to be implemented in the third quarter of 2024 and will become mandatory three years after its enforcement. The CRA aims to enhance cyber resilience and ensure consistent cybersecurity standards across the EU.
- The EU Radio Equipment Directive (RED) includes Article 3.3, which specifically addresses cybersecurity aspects related to devices capable of internet communication, toys and childcare equipment, and wearables. This article covers various aspects, including network security, personal data protection, privacy and protection against fraud. Initially scheduled for implementation in August 2024, the enforcement of this directive has been postponed and is now expected to take effect in 2025.
- Lawmakers in the European Parliament today (13 March) approved the AI Act, rules aimed at regulating AI systems according to a risk-based approach.
- Automakers and FCC square off over potential regulations for connected cars. Car manufacturers and the Federal Communications Commission (FCC) are gearing up for a potential fight over whether connected cars should be regulated as small pieces of telecom infrastructure — a decision that would have vast implications for how vehicles handle consumer data.
3. Industry Spotlight | Cutting-Edge Innovations in Cyber Defense
Discover groundbreaking advancements and innovative technologies in the world of cyber defense. From artificial intelligence and machine learning to blockchain and quantum computing, we explore how these game-changing technologies are revolutionizing the fight against cyber threats. Get inspired by success stories and learn how to implement these solutions in your own digital ecosystem.
Swarm robotics is an emerging field in IoT. Swarm robotics is a field of robotics that focuses on the coordination and cooperation of multiple robots to achieve a common goal. It is inspired by the behavior of social insects, such as ants and bees, which work together as a collective to accomplish complex tasks. This technology allows for efficient and scalable operations in various sectors such as agriculture, logistics and manufacturing.
Swarm robotics has several key characteristics:
- Decentralized Control: In swarm robotics, each robot operates autonomously and makes decisions based on local information and simple rules. There is no centralized control or leader directing the actions of the entire swarm.
- Self-Organization: Swarm robots are capable of self-organizing and adapting to changes in the environment or the group. They can dynamically allocate tasks, reconfigure their positions, and communicate with each other to optimize their collective performance.
- Robustness and Fault Tolerance: The collective behaviour of a swarm is robust and resilient to failures of individual robots. If one or more robots malfunction or are removed from the swarm, the others can continue to work and adapt to the changing conditions.
- Scalability: Swarm robotics is highly scalable, meaning that the number of robots in the swarm can vary. The system can adapt to different swarm sizes without significant changes to the overall behaviour or coordination mechanisms.
For more information refer to: https://wyss.harvard.edu/technology/programmable-robot-swarms/
4. Expert Interviews | Insights from Cybersecurity Gurus
Gain exclusive access to interviews with industry experts, thought leaders, and cybersecurity gurus. Uncover their strategies, predictions, and best practices to protect yourself, your organization, and your loved ones from the ever-evolving cyber landscape. Stay updated on emerging trends, emerging threats, and expert tips to stay cyber resilient.
IoT industry veteran and Eseye SVP Strategy & Alliances Larry Socher once again joins Eseye CEO and IoT Leaders Podcast host Nick Earle to share predictions for 2024:
- Smart connectivity will play a greater role in linking intelligence between the device and the cloud, with more edge-based processing than ever before.
- Increasing network awareness for applications will give rise to more intelligent decisions, laying the foundation for 5G.
- Trust will play a greater role in IoT with AI increasingly impacting debates around data compliance and regulations
https://www.eseye.com/resources/podcasts/3-iot-predictions-for-2024-and-beyond/
5. Cybersecurity Awareness Corner | Empowering You with Knowledge
Knowledge is power! Our cybersecurity awareness corner equips you with practical tips, best practices, and actionable advice to enhance your online safety. Learn how to spot phishing attempts, secure your passwords, protect your personal information, and stay safe in the digital world. Be the cybersecurity champion your friends envy!
Mike Holcomb has created several ICS/OT cyber security resources. His list can be found here. Thanks Mike and keep up the great work!
We hope you find this edition of The IoT Insider both informative and engaging. Stay tuned for more exciting updates in the next edition, where we'll dive deeper into the world of cybersecurity. Remember, vigilance and knowledge are key to staying safe in our interconnected world.
Stay secure, stay informed, and stay one step ahead!
#iotspartan