Highest Voted 'iot' Questions - IT Security Stack Exchange

57

votes

10 answers

Does the local network need to be hacked first for IoT devices to be accessible?

I completely understand how IoT devices were used in the massive DDoS attacks because they are easily manipulated due to lack of firewalls, default passwords, etc. What I don't understand is although easily hacked, most IoT devices are connected to…

network iot

asked Oct 25 '16 at 02:29

Chad Caldwell

623
1
5
6

50

votes

6 answers

How safe are wifi enabled talking toys?

There have been ads on the radio recently for a wifi enabled toy called Talkies, which are advertised as being able to communicate with app enabled phones, with a "trusted circle" that other phones can be added to. (Obligatory photo of a cute wifi…

wireless iot

asked Oct 31 '17 at 14:42

JohnP

611
1
6
11

27

votes

8 answers

Should firmware images for IoT be encrypted for security reasons?

When working with Internet of Things devices, is it recommend to obfuscate or encrypt firmware images pushed to clients? This to make reverse engineering harder. (They should be signed of course)

encryption obfuscation firmware iot

asked Sep 01 '17 at 13:28

VC_work

481
4
7

22

votes

6 answers

When connecting an Arduino Uno to the internet (ethernet) what are some attacks it's susceptible to and how can I secure against them?

I am connecting an Arduino Uno to the internet via ethernet (using the ethernet shield v2) and querying NTP time. Making requests to a NTP server is the only internet related thing it does. You can use the ethernet shield as an SD card to host data,…

iot embedded-system arduino

asked Sep 20 '21 at 02:55

JohnnyAppleseed

331
2
5

20

votes

4 answers

Should I only let my TV connect to the guest WiFi?

According to this Kaspersky blog post, it is a security risk to connect IoT devices, such as Smart TVs, to my home WiFi. It claims I should use my guest WiFi network for this. Is this true? Is it a security risk to use my regular network to get…

wifi iot smart-tv

asked Sep 01 '20 at 16:55

Evorlor

567
2
6
13

18

votes

1 answer

Is a PKI for the IoT really a good idea?

I am reading a bit about the security of IoT devices and found quite a lot of articles describing how a PKI would be an improvement for the current infrastructure. I am, however, not convinced if setting up a PKI would improve security for most of…

public-key-infrastructure iot

asked Jan 22 '18 at 10:11

KojoUzochi

343
2
9

12

votes

4 answers

Is there a common standard for evaluating the Security of an IoT device?

When you write a paper about an implementing a classifying computer-vision/machine-learning algorithm, you can simply count the number of positive (correct) negatives/positives, and the number of negative (incorrect) negatives/positives. However is…

iot

asked Nov 26 '16 at 13:15

Iancovici

223
1
6

7

votes

3 answers

Key differences between X509 TLS Client certificate and server certificate

Is there any difference between a X509 TLS client cert and a server cert? I had been implementing certificate-based mutual authentication and hence trying to get/use certificates for IoT devices. While we are pretty clear on server certificates, I…

tls authentication certificates x.509 iot

asked May 04 '21 at 18:12

Akhilesh Gupta

163
9

7

votes

1 answer

How can IoT and other network devices access the internet if my router works as a firewall?

My understanding is that routers act as natural firewalls. In that context, how can an IoT device receive commands from the WAN if they are not initiated from within the LAN? In a specific example, how does my smart thermostat know that temperature…

network router iot

asked Dec 21 '16 at 03:29

John

71
2

6

votes

2 answers

CCM for IoT - choosing L and M

Other developers have developed a custom in-house RF protocol for our upcoming IoT devices. I would like to replace our use of AES-CTR with AE - our encryption library supports CCM which should therefore have the lowest barriers to…

encryption iot

asked Jan 25 '19 at 03:17

Iiridayn

293
2
11

6

votes

1 answer

How can I properly secure the WiFi setup process of an IoT device?

My company develops a WiFi-connected IoT product. I want to make sure that the process of getting the user's WiFi credentials into the device is as safe as possible. At the moment, the product is in a prototype stage, so we can (and will) make…

tls wifi http embedded-system iot

asked Jan 17 '18 at 16:58

Oromis

85
4

6

votes

2 answers

IoT devices with public IP?

My understanding of worms like Mirai is the following: Try to telnet/ssh into random IPs using default user/pass credentials from various router/IoT manufacturers If you get in, do Bad Things™. It seems the targets are generally home/consumer…

nat iot default-password telnet

asked Dec 03 '16 at 23:50

Elliot Gorokhovsky

496
3
12

6

votes

1 answer

secure IoT device/brand publication

I came across this article: 75 Percent of Bluetooth Smart Locks Can Be Hacked when I was looking for IoT stuff for my home. tl;dr is they tested 16 bluetooth smart locks and eventually only two were hack proof (as of the last update). The two left…

audit iot

asked Nov 19 '16 at 23:24

ton.yeung

245
2
8

5

votes

3 answers

What are the advantages and disadvantages of using a HackRF One compared to specific protocol sniffers?

I am performing some research on IoT test tools and came across the HackRF One which can transmit and receive from 1 MHz to 6 GHz. I therefore think that it can analyze many protocols, but I cannot find a list of them anywhere. Can it for example…

penetration-test sniffing iot

asked Jan 09 '20 at 09:41

Maikkeyy

187
7

5

votes

3 answers

How to do TLS on embedded devices in a home network?

If you have a router or webcam with a web interface on a home network, can the connection between the browser and the device be secured against a man in the middle attacker? What should device manufacturers do to offer transport level…

tls defense iot

asked Jan 30 '19 at 18:27

Sjoerd

28,707
12
74
102

Questions tagged [iot]