Category Archives: IoT Security

Is the IoT apocalypse coming, or not?

There is a wide agreement on the fact that IoT is much more vulnerable to attacks than traditional internet, and even on the fact that IoT attacks could lead to considerable damage to all kinds of assets, logical and physical. But risk is not just about vulnerability level and potential consequences. There is also intent. […]

Time bombs, from climate to IoT security

The comparison between IoT security and climate change is getting better every single day, and I am not sure that this is good news. A few minutes ago, a tweet on climate change got my attention: This is not the new normal, just a pit stop on the way to decades and decades of deteriorating […]

The Collective Risk of IoT

One of the favorite activities of certification experts is to define security levels based on risks. Such levels allow us to put the items to be certified in well-defined boxes. Then, we can certify them according to the rules on that box/level. Until recently, life was easy, and we could define levels easily. Since 3 […]

Is it Reasonable to Own a Connected Car?

I have been hearing for a while that « cybersecurity is a process » and that one of the issues with executives is that they don’t understand that: most of them think that cybersecurity is a problem that should be solved by engineering. When you think about an online service’s lifecycle, it all makes sense. […]

Think like an attacker with a bottom-up threat analysis

A risk analysis is a great tool when planning the security of a product. This is typically done with a top-down methodology: You first define assets, then identify threats or risks on these assets, followed by attack strategies and attack objectives, countermeasures, getting finer and finer. These methodologies present many advantages, and one of the […]

Attacking IoT is really easy

A few days ago, Metasploit has announced that their famous tool is now available to car hackers, and soon for any connected object. Metasploit is a well-known tool for web apps, and extending it to objects simply makes these objects as easy to hack as web apps. Indeed, there are many aspects in common between […]

Fighting poker-winning AIs on IoT Security

Published attacks tend to repeat themselves this year, but in the last few days, there has been a few interesting events and publications, in particular: Adi Shamir has made gloomy predictions about security in the next 15 years. Bruce Schneier has published a long essay about IoT security, with a vibrant and desperate call for […]

Resilience for Connected Objects

Attacks occur, especially on IoT. While it is very hard to avoid an attack altogether, we can minimize its consequences. The first factor to consider is the impact of an attack; there are many ways to analyze such impact, for instance from a financial or technical point of view. In a very simple analysis, we […]