An Unanticipated Lapse in IoT Security

https://ieeexplore.ieee.org/document/7863271/

https://www.microcontrollertips.com/security-connected-devices/

Anything connected to a computer network is a potential point of entry for hackers. The more doors and windows you have, the more likely one will be left unlocked and a burglar can break into your house. Same principle.

I'm not an IT person, but it seems a bit daft that confidential customer files and fish tank data are even on the same network. If they are, then the key deficiency is in the firewall and password policy allowing that first entry into the network. How does one envisage multiple entry points?

Based on recent surveys, many entities have no idea how many back doors are on their corporate networks. If you don't know where they are, you can't protect them. The work involved in upgrading to a secure network probably $care$ the executives as much as the potential for serious breaches.

This article has a few links to best practices and other resources.

A few years ago, I remember that a secretary from the department I was in was the cause of a huge virus infection of the City of Henderson's computer network. Including the main servers too! It was a social engineering ploy and got her to simply "CLICK" on a hyperlink and that infected the network within minutes, IT called our facility and we were instructed to not touch any computers and any that were logged on, to log off and leave alone. It took them about 2 weeks to clean it up and the secretary got a little lecture on clicking on unknown e-mails! At the time, there really weren't ant IoT things but I can see where these items would be attached to the network just because a supervisor wanted a certain sensor or computer connection and they really didn't think about their computer also being connected to the City network. Whoops!

Ignorance is bliss.

Arrogance is fatal.

I have probably 5 different free credit checking sites "protecting" my credit because the most trusted organizations in the country are too arrogant to take the proper steps to protect their clients.

"Dear so and so. We regret to inform you, six months after the fact, that all your personal credit, banking, social security and health records have been stolen" (and probably sold by now). "We regret any inconvenience that this may cause you and assure you that in six or seven years you may be able to repair your credit to the point that you can rent an apartment. Good news, since you have no personal possessions after the various foreclosures and wage attachments, you don't need much room."

If there's anything we can do for you please do not hesitate to call on us. There's a pay phone at most police stations.

My first intention was to respond that the bridge collapse in Florida was due to a "hack" of some relevant specs.

After reading all of the comments and articles, I'm beginning to think that my off the cuff thought might actually be true!

At one point I sold ethical (white hat) hacking services to major financial and legal firms as part of our internet security services. It took longer for the legal documents to be signed than it took the hackers to achieve their goal. The look on the internet security "experts" who swore it couldn't be done was priceless!