Mocana IoT Security Blog

One security expert is warning that the Internet of Things is "out of control" and only going to get worse, as the number of interconnected devices out numbers the human population.

The keys to data in the cloud are there for the taking, says one security expert. Specifically API keys, used to identify applications or the application's use of an API, could be used by malware to evade host-based security.

Arduino boards are useful among security researchers for rapid prototyping of tools used in analysis. There's even an ARM-based version. Now researchers say they can start a car remotely using an Arduino board and a jailbroken iPhone.

With much anticipation, the Columbia University researchers Ang Chui and Jonathan Voris presented their full findings on remotely hacking HP printers at the 28th Chaos Communication Congress in Berlin, Germany, last week.

In continued fallout following last week's disclosure by two Columbia University researchers that the lack of firmware authentication makes HP printers subject to remote attacks that could result in fires and other damage, David Goldblatt of New York has filed a class action suite claiming the company violated California laws designed to protect consumers from fraudulent or deceptive business practices.

To combat the rising incidence of counterfeit medical products, medical device manufacturers can implement removable memory tokens that contain product authentication keys and other security features. However, the continued reuse of these small, detachable tokens in demanding hospital and healthcare settings can be problematic.

Cisco Systems is warning of flaws in one of their devices that could leave a building's critical systems vulnerable to attacks that might ultimately result in unauthorized takeover of the building. The device links together a building's critical systems--including security, lighting and HVAC--allowing IT personnel to automate and control these functions remotely.

The master operating system keys to a large number of Texas Instruments' calculators, which use RSA digital signatures to authenticate system updates, were recently cracked and published online.

What is the difference between an EAP pass-thru authenticator and an EAP standalone authenticator?