IoT devices – Cyber Law Watch

Interlopers in Things? IoT devices may be used as backdoors to your network

Aug 27 2019

By Cameron Abbott and Karla Hodgson

This month Microsoft reported that its Threat Intelligence Center discovered that IoT (internet of things) devices – a VOIP phone, a printer and a video decoder – were used to gain access to corporate networks in April.

Microsoft have identified Strontium – also known as Fancy Bear or APT28 – as the culprit, a hacker group associated with the Russian government who appear to be targeting government, IT, military and defence, engineering, medical and education sectors. Strontium has been linked to the hacking of Hillary Clinton’s presidential election campaign and of the email accounts of researchers investigating the missile strike on MH17 and the Skripal poisonings. In the last 12 months alone Microsoft has delivered almost 1,400 notifications to those targeted or compromised by Strontium.

US Internet of Things bill advanced to vote on House floor

Jun 14 2019

By Cameron Abbott and Rebecca Gill

Just a few months ago, we blogged on the ‘Internet of Things’ (or IoT) legislation making an appearance in the US Senate. But now the legislation may be becoming a reality. On Wednesday, the House Committee on Oversight and Reform advanced the Internet of Things Cybersecurity Improvement Act of 2019 to a vote on the House floor.

The bipartisan legislation aims to reduce the risk to critical government information technology infrastructure from cyberattacks, and directs the National Institute of Standards and Technology to develop recommendations for use and management of internet-connected devices by March 31 2020.

So you plug your shiny Tesla in to charge…

Dec 20 2018

By Cameron Abbott and Wendy Mansell

…and suddenly you are at risk of starting fires.

We all know that these days the Internet of Things is a favourite for cyberattacks, with the latest target being home charging stations for electric cars.

Many home charging stations are controlled remotely by mobile apps, which seem to provide the perfect opportunity for hackers to cause harm.

Hackers cleverly can infiltrate an account and turn charging off or even worse, they may change the current to the extent it can start a fire.

Once again the industry needs to take security seriously for IoT and have the same diligence as IT networks now do.

Apple Watch data leads to arrest of suspected murderer

Apr 05 2018

By Cameron Abbott and Allison Wallace

Last month we blogged about the potential for data from our smart devices being used against us in court. Well, that potential has now been realised in Australia, with prosecutors in a murder trial in Adelaide telling the court that data from the victim’s Apple Watch helped pin down her suspected murderer.

Abbott Labs makes a costly mistake as FDA targets cybersecurity deficiencies

Apr 19 2017

By Cameron Abbott and Giles Whittaker

The Food and Drug Administration (FDA), after a previous warning in 2014, threatens legal action against Abbott Labs if the company fails to address safety and security issues in implanted cardiac devices sold by St Jude Medical – a recent subsidiary acquired by Abbott Labs. The internet of things takes a much more serious tenure when it’s a medical device compared to your fridge!

The company recently purchased St. Jude Medical, which makes implanted cardiac devices that have been the subject of cybersecurity concerns. A warning letter issued by the FDA gives Abbott Labs 15 days to submit a plan to address errors in the products’ design that could allow hackers to tamper with the settings and drain the batteries of the devices. Many of the cybersecurity concerns first came to light after medical device security research firm MedSec submitted a report outlining a variety of alleged security flaws in St. Jude products to investment firm Muddy Waters Research (MWR). MWR subsequently publically announced the product design failures while short-selling St. Jude Medical’s stock in order to capitalise on the expected market response.

As the public increases its awareness of cybersecurity issues it becomes apparent that a failure to adequately consider these issues – as a day to day function of operating a business or prior to the acquisition of a new business – can result in significant damage to a company’s bottom line. The recent short-selling by MWR indicates the necessity for cybersecurity considerations to form central in a company’s business model, otherwise risk having its inadequacies called out in a public forum. And we are not even thinking about what litigation liability risk these sorts of issues might raise.

Threat from hackers against Internet of Things grows

Oct 17 2016

By Cameron Abbott and Rebecca Murray

New research by Akamai Technologies has revealed that cyber criminals have cracked into as many as two million Internet-of-Things (IoT) devices at homes and businesses. IoT devices are products that connect to the internet, which now include refrigerators, sound systems, televisions and home security systems. In the report, researchers state that “Once malicious users access the web administration console of these device they can then compromise the device’s data and in some cases, take over the machine.” This report sheds much needed light on one of the most under-focused on areas of cyber security. Read the report here.

Tag:IoT devices