Internet of Things Cyber Security Conference | Early Bird Tickets

Internet of Things Cyber Security Conference

There are just 4 days left to purchase an Early Bird ticket for the Secure IoT 2019, Internet of Things cyber security conference. Learn about: the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices; gain an understanding IoT security best practice and meet leading experts and companies offering security products, solutions and services with speakers from:

  • Amazon Web Services
  • Arm
  • Copper Horse
  • UK Government Department for Digital, Culture, Media and Sport
  • Device Authority
  • GSMA
  • IBM
  • IoT Security Foundation
  • Microsoft
  • NCC Group
  • Pen Test Partners
  • SAS

Purchase your Ticket here.

Secure IoT 2019, Internet of Things Cyber Security Conference will be held at the Green Park Conference Centre, 100 Longwater Avenue, Green Park, Reading, Berkshire, RG2 6GP, on Thursday, 7th November with registration from 9.00 am and closing at 6pm. For more details see:

For details of the speakers see: Secure 2019 Speakers

Why attend the Internet of Things Cyber Security conference?

We are seeing an ever-increasing number and sophistication of cyber-attacks on systems and products that are using connected IoT devices. These attacks are being instigated by different types of actors including: criminals; states and state sponsored; issue-orientated hactivists (malicious insiders pose the greatest threat) and ‘script kiddies’.

The risk and damage in terms of reputation, costs, health & safety to an organisation or individual due to poor security practice can be considerable.

In May 2018, the General Data Protection Regulation(EU) 2016/679 (GDPR) became enforceable. GDPR covers “security by design” in hardware and software. Data controllers are obliged to consider “data protection by design and by default”. Organisations using insecure IoT devices, software and systems could face action under GDPR should they contribute to theft or “spillage” of personal data.

If you would like to learn more about IoT Security best practice then come along to Secure IoT 2019, Internet of Things Cyber Security conference.

MedTronic recalling insulin pumps following the discovery of security vulnerabilities

Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them.

Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America’s medical drug watchdog the FDA also issued an alert this week over the holes, which can be leveraged by nearby hackers to execute commands on the pumps.

These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis.

See full Article  from The Register:

Scumbags can program vulnerable MedTronic insulin pumps over the air to murder diabetics – insecure kit recalled

Secure IoT 2019 will be held 7th November

  • Learn about the security issues, risks, threats and vulnerabilities associated with IoT systems and connected devices
  • Gain an understanding IoT security best practice
  • Meet Leading experts and companies offering security products, solutions and services

Book Tickets

NIST- Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

National Institute of Standards and Technology (NIST), US Department of Commerce have published a new document: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated with their individual IoT devices throughout the devices’ lifecycles.

Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.

NIST defines cybersecurity and privacy risks for IoT devices  in terms of three high-level risk mitigation goals:

1. Protect device security.

In other words, prevent a device from being used to conduct attacks, including participating in distributed denial of service (DDoS) attacks against other organizations, and eavesdropping on network traffic or compromising other devices on the same network segment. This goalapplies toall IoT devices.

2. Protect data security.

Protect the confidentiality, integrity, and/or availability of data(including personally identifiable information [PII]) collected by, stored on, processed by, or transmitted to or from the IoT device.This goalapplies toeach IoT device except those withoutany data that needs protection.

3. Protect individuals’ privacy.

Protect individuals’ privacy impacted by PII processing beyond risks managed through device and data securityprotection.This goalapplies to all IoT devices that process PII or that directly or indirectly impactindividuals.

This report, the first in a series addressing the IoT, looks at higher level considerations, NIST says future reports will go into greater depth and detail about related issues.

UK public sector lagging behind in taking IoT beyond pilot, says survey

UK public sector lagging behind in taking IoT beyond pilot, says Yotta survey. The UK’s public sector is lagging behind in adopting Internet of things (IoT) with almost three-quarters, at 74%, yet to make use of the emerging technology commercially, according to a research from technology company Yotta.

The survey commissioned by Yotta found that 39% of public sector organisations did run pilots but could not go beyond that with any live commercial deployments. On the other hand, more than a third, that is 35% of the surveyed public sector IT decision-makers indicated that their organisations are yet to start off with the technology.

The survey also found that public sector IT decision-makers believe security concerns to be the biggest obstacles faced by councils in making effective use of IoT-driven technology.

Almost four out of 10 of respondents, at 38%, voted security concerns as the main challenge, while more than a third, at 35% cited perceived cost of implementations as the reason for not deploying the technology.

Other prime concerns for using IoT are lack of skilled in-house expertise, at 34%, and integration challenges with existing systems, which was referenced by 31% of the surveyed public sector IT decision-makers.

How to hack an IoT device

An E&T investigation together with leading cyber-threat experts reveals how simple it is to hack Internet of Things (IoT) devices hooked up to the internet, exploring the implications of what this could mean for consumers and critical infrastructure in the UK.

See E&T article:

How to hack an IoT device

ETSI releases first globally applicable standard for consumer IoT security

ETSI releases first globally applicable standard for consumer IoT security. The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.

ETSI’s new specification, TS 103 645, addresses this issue and specifies high-level provisions for the security of internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) or smart home assistants.

As many IoT devices and services process and store personal data, this specification can help ensure that these are compliant with the General Data Protection Regulation (GDPR).

Implanted defibrillator can be hacked over the air

Implanted defibrillator can be hacked over the air

Implanted defibrillator can be hacked over the air: US government's Dept of Homeland Security issued an alert over two CVE-listed vulnerabilities in Medtronic's wireless communications system Conexus, which is used by some of its heart defibrillators and their control units. Conexus exchanges data between implanted devices and their control units over the air using radio-waves, with a range of roughly 25 feet without any signal boosting.

The more serious of the flaws, CVE-2019-6538, can be potentially exploited by an attacker to meddle with data flying between the device and its controller. The Conexus protocol does not include any checks for this kind of tampering, nor performs any form of authentication. This means transmissions can be intercepted, spoofed, and modified by hackers and their nearby equipment, which can also masquerade as a control unit and manipulate the operation of the vulnerable implant over the airwaves, potentially harming or perhaps even ultimately killing the patient.

See full article from The Register:

Don't have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)

 

Major Security Breach Found in Hospital and Supermarket Refrigeration Systems

Israeli hackers and activists Noam Rotem and Ran L from Safety Detective research lab have uncovered a major security breach in temperature control systems manufactured by Resource Data Management, a Scotland-based remote monitoring solutions company.

These control systems are used by hospitals and supermarket chains all over the world, including Marks & Spencer, Ocado, Way-on, and many others.

A basic scan reveals hundreds of installations in the UK, Australia, Israel, Germany, the Netherlands, Malaysia, Iceland, and many other countries around the world. As each installation includes dozens of machines, we’re looking at many thousands of vulnerabilities.

See SafetyDetective Blog:

https://www.safetydetective.com/blog/rdm-report/