Posts

iot security importance for all

Why You Should Care About IoT Security

iot security importance for all

You might not be one of the two-thirds of Americans currently owning and utilizing IoT (Internet of Things) devices, so news on IoT security may not pique your interest or alarm you, but it should. IoT security affects you in more ways than you realize. With IoT quickly progressing, it’s not just the number of connected devices that are skyrocketing but the number of industries that are utilizing them is also increasing and shaping the way society functions. For example, IoT devices in the service industry are monitoring and controlling vital resources like water supply, natural gas, and electricity. With such a penetrative extent of connectivity in our daily lives, IoT has the potential to affect us in more ways (and not all good) than we could have imagined.

Malware and IoT security

Hackers can harness IoT vulnerabilities to overtake computer systems and affect even non-IoT owners in the form of botnets and network traffic hijacking. This is possible because there isn’t much difference between malware found in laptops or PCs and malware found in IoT devices. Malware is defined as malicious software that can take on the form of executable codes, scripts, and so on to infect a computer system. By their nature, IoT devices are simply internet-connected computers placed inside some kind of device, meaning IoT devices don’t get a free pass from exploitation. In fact, IoT devices may be even more vulnerable than personal PCs.

Due to their limited operating systems and processing powers, IoT devices are created and unleashed onto the market without the most advanced security practices in mind. As a result, malware and other types of exploitations are a major problem for IoT devices. In some cases, changing the default password might not even be an option, even if you wanted to, thus making them extremely susceptible to attacks.

DDoS, botnets, and more

Nowadays, it’s become a trend for hackers to target vulnerable IoT devices and use them to form a botnet, in most cases to carry out DDoS attacks. What’s more shocking is that users who own IoT devices may already be part of a botnet and not even know it. This scenario is not something new as we’ve seen it play out in the attack on the global DNS provider Dyn, in which hackers severely disrupted the Internet, bringing down mainstream websites and online services by hacking into digital cameras and DVR players.

This is just one of the many instances that show us how IoT hacking can affect regular users indirectly. Moreover, it isn’t limited to just botnet and DDoS attacks. Infected devices can also hack into local networks to monitor network traffic and disseminate this information to a third party without your permission. Furthermore, there is also the chance of IoT devices being used as proxies that “anonymize” traffic, allowing them to infiltrate your IP webcams or TV streaming boxes.


Hence, even if you don’t own an IoT device, many industries are using IoT devices, which means your privacy and sometimes even physical safety can be at risk. The medical industry for example often relies on IoT devices for testing, managing, and treating patients. And it’s the same old tale – default passwords account for the fall of the majority of medical IoT devices. Not to mention, critical public infrastructure, that we rely on for key necessities like water and electricity, are also susceptible to attacks. In a nutshell, whether you own an IoT device or not, users are indirectly affected to some extent as most have no control over the security measures in infrastructural IoT that we are subscribed to. 

Future of IoT


It will be impossible to avoid IoT security forever. With connected cars already transforming the automobile industry, it’s estimated that 75% of cars shipped globally will be equipped with hardware and software that connect to the Internet. Already, we are seeing users having the ability to stream music, look up certain services besides navigation online, be alerted of traffic and weather conditions, as well as receive driving assistance.

Security for IoT should be a topic of concern for everyone, whether you own an IoT device or not. With the IoT market rapidly growing, more emphasis is being placed on the security aspect of these connected devices, but for now IoT devices should still be kept on a close watch due their inherent vulnerability and ability to indirectly affect the security of even non-owners.

Medical Devices With Exposed Vulnerabilities

5 Medical Devices with Exposed Vulnerabilities

Medical Devices With Exposed Vulnerabilities

The medical field has changed for the better, with technology allowing people to live longer and lead healthier lives with fewer health complications. Unfortunately, as medical devices become more advanced with the Internet of Things (IoT) introduced into the picture, security concerns arise. It wasn’t just the recent WannaCry ransomware attack that demonstrated the vulnerability of medical systems. When UK hospitals were hit with WannaCry, it showed just how vulnerable hospitals are worldwide if they rely on IoT without considering the security implications. So in this blog post, we’ve complied five medical devices that are known to have security flaws.

1. Pacemakers

The security research firm WhiteScole conducted a security assessment on cardiac devices and home monitoring devices from four major manufacturers in the healthcare sector. Within peacemakers devices alone, they discovered 8,000 vulnerabilities. A major reason why pacemakers and similar devices contain so many vulnerabilities is mainly due to the fact that many vendors purchase third-party components for their software or hardware. More often than not, these components have vulnerabilities that go undetected and unpatched.  

2. Magnetic Resonance Imaging (MRI) machines

In a separate medical analysis by two security researchers, the verdict was the same: thousands of medical devices, from imaging machines to nuclear medicine devices, were found to be extremely vulnerable. Within an undisclosed healthcare organization in the US, the team found security flaws in 68,000 of their medical systems, which affected 97 MRI scanners. These security holes would potentially allow hackers remote administrative access to the devices. These devices were relatively easy to breach since many systems had maintained their default passwords or had no passwords set up at all. In fact, tens of thousands of login attempts were found to be made aimed at unauthorized access of the MRI machines.

3. Implanted defibrillators

In addition to pacemakers, implanted defibrillators have also been known to have security vulnerabilities. Used to monitor a heart’s electrical activity, they are important for sensing dangerous rhythms and delivering shocks. They can be monitored via radio transmitters. If a hacker is able to hack into the radio transmissions through the communication protocol for example, it’s just a matter of time before they gain complete control over the device, where it can even be reprogrammed. This can be disastrous if a hacker is successful in resetting the defibrillator clock and preventing the device from responding to cardiac/arrhythmic actions.

4. Insulin pumps

Pacemakers and defibrillators aren’t the only medical devices of hot debate; insulin pumps have also been found to be vulnerable to hacking due to major security bugs. As a medical device that’s commonly attached to patients’ bodies, these pumps inject insulin into the bloodstream through catheters. In fact, Johnson & Johnson was one of the first manufacturers to issue a security warning to its patients about the potential security vulnerabilities with its insulin pumps. Consequences can be unimaginable should a hacker gain access to these pumps such as overdosing a patient with insulin. The company, however, maintains its claims that the risk is extremely low.

5. Mammography equipment

Two security researchers discovered password vulnerabilities in medical devices like mammography equipment. These medical devices are managed by computers through a firmware, and only technicians who have access to the management can make adjustments including changing passwords. As such, all a hacker needs to do is gain access to the password and reprogram the device to provide inaccurate readings. In total, the researchers found 300 backdoor passwords for the medical devices they studied.

One of the major problems with medical systems is that many of the medical devices relying and operating on computers are likely running on Windows XP or some older operating system where security bug patches and vulnerabilities are not updated as frequently as we might expect. Furthermore, there may be a lack of IT security teams or administrators to implement basic security practices like installing basic antivirus solutions, thus allowing unauthorized access to the system. Because patients rely on these devices for their health, it’s important for healthcare organizations to practice the best security practices.

smart car mercedes benz with speed and meter black

The Smart Car Trend (Part 1): A New Era?

Some recent keywords that have garnered attention in the IT industry are connected car, smart car, or IoT.

Cars have come a long way. From being a vehicle or method of transportation, to being “connected” on a network… now cars are becoming “smarter” and hence many corporations are leaning towards building a more intelligent vehicle.

What makes a smart car so “smart”?

When it comes to a device being described as “smart,” most people will probably think of the smartphone.  Rightfully so, as it’s the same concept. Before it was simply a method of communication, but we were eventually able to connect the device to a network – so what sets apart the smartphone from a phone that’s merely connected to a network?

A smartphone goes past being a method of mere communication. It allows the user to customize and execute software. It differs vastly from the phones of the old days. With that in mind, let’s go back to the idea of a smart car. A smart car is “smart” because not only is it connected to a network, but the software can be customized and executed the way the user wants, making it a much stronger platform. More and more automobile makers  have been leaving the idea of the first generation of cars and leaning towards this new generation of smart, connected cars.

In fact, the lines of code in software for automobiles surpasses the number of code for combat planes, commercial planes, heck – even Facebook – with over 100 million lines of code. Cars are taking over the industry. In fact, the running joke of this year’s Consumer Electronics Show (CES) in Las Vegas was that it should be called the “Car Electronics Show” with the number of automobile companies that showed up with new technology in hand.

So if you’re going to remember anything about the rising trend of smart cars, here are the top three must-know facts within this trend:

First, automobile companies are going to the cloud.

BMW featured the Open Mobility Cloud at this year’s CES, connecting the vehicle with a person’s schedule and tasks. So not only is your car a vehicle – it now houses features of a smartphone as well.

Second, smart car/home network connections are all the rage.

For example, recently Volkswagen and LG agreed to a join development after LG revealed its smart refrigerator at CES in January. Why a refrigerator? It’s a brilliant execution, as a refrigerator is widely regarded as the family hub, the center of a home network. As a device that is never turned off and is used constantly by family members of various ages, the idea of connecting it to the smart car was a strategic move.

Third, maps are becoming crucial to the smart car service platform.

Many automobile companies have acquired mapping corporations, especially as the technology to map out locations on-demand have been developing. This is a smart move as licensing fees on third-party map use for navigation could be exorbitant. After all, the first thing one thinks of when they think of cars being “connected” is location services and GPS.


So the conclusion is that the connectivity in cars is becoming more widespread and more intelligent. But the second and perhaps more important question is, what’s the concern over security of the vehicle? Stay tuned as in Part 2 we’ll explore the growing concerns over breaches of automobiles and how that can mean catastrophic consequences for society.


This blog post was adapted from an article written by Dr. Sang Gyoo Sim at Penta Security’s IoT Convergence Lab regarding the security issues in smart cars. Find the original article in Korean here

Penta Security Opens New IoT Research and Development Center

Called PICL, the lab will focus on new industry and service models based on ICBM

Penta Security Systems Inc., an IT security industry leader in data encryption and web security, announced that it has established its new IoT Research and Development (R&D) center. The center is called the Penta IoT Convergence Lab (PICL). It opened officially on April 15th.

The Korean government’s recent IT policies primarily focus on the development of new industry and service models based on ICBM (IoT, Cloud, BigData, Mobile). Amongst the ICBM, IoT has been receiving the most attention. IoT-related issues, such as the importance of patents and intellectual property rights, mitigation of regulation, and improvements to the legal system are currently being discussed. There is an increased interest in several industries including healthcare, smart city and agricultural life. Nevertheless, IoT research is till inadequate with the demand for products.

Penta IoT Convergence Lab

The new IoT research center

PICL, the second R&D center from Penta Security, was established to research technology and develop new products on the new convergent security areas, with a special emphasis on IoT research. PICL will focus on adapting to the new IT environment, using encryption technology that Penta Security owns. The lab is an R&D organization specializing in information security, which is necessary to all IoT environments.

The IoT research lab will develop security technology for smart cars, smart homes, authentication and encryption of IoT devices and infrastructure. Consequently, Penta Security’s existing R&D center will continue to develop technology for WAPPLES, D’Amo, and ISign+, all of which have already been recognized as competitive solutions in the security market.

PICL is planning to concentrate on IT security technology for the future. The opening day, April 15 was chosen in honor of Leonardo da Vinci’s birthday.

Penta Security CTO Duk Soo Kim expressed:

“PICL is specializing in convergent security, with IoT as the center. We are going to research new technologies and produce products that are essential to our society, as they relate to the various fields including smart car security, authentication between IoT, lightweight encryption, big data security, machine learning and much more. We expect PICL to be truly the top IoT security R&D center in South Korea.”

For more information on Penta Security, head to www.pentasecurity.com. For partnership inquiries, email mktg@pentasecurity.com