Whitepaper Published by IoT Security Foundation
Release Date: August 04, 2021
The Internet of Things Security Foundation (IoTSF) has published a whitepaper today titled: “Router and IoT Vulnerabilities: Insecure by Design”
This Whitepaper seeks to raise awareness of a fundamental design flaw that has received little attention to date and yet affects many IoT devices and standard Internet routers.
Typically, when a user wants to provision or manage an IoT device or router using a browser, their user name, password and all communications are passed over an unencrypted connection. This is a very serious problem; it is pervasive, affecting most domestic installations, and it represents a huge security exposure, leaking both passwords and activity to anyone who is listening.
This problem cannot be mitigated by implementing cybersecurity best practice as it is due to a fundamental design flaw.
About the Whitepaper
The whitepaper goes into greater detail about the problem, design flaw and explores potential solutions.
Download the Whitepaper for free from the IoT Security Foundation website
The whitepaper is aimed at organisations and professionals from across the Internet of Things (IoT) ecosystem e.g. manufacturers, Internet and communication service providers, standards bodies, government agencies, browser/software/solution companies, Certificate Authorities, IoT industry end users and consultants.
The whitepaper has been produced by IoTSF’s ManySecured Special Interest Group (SIG) which has been formed as part of the ManySecured Project.
The aim of the ManySecured project and SIG is to protect consumers, organisations and industry from the risks posed by IoT devices by utilising the unique position of the IoT gateway/router to implement security best practice through:
- security collaboration: resources, standards and sharing data
- innovation: helping to create reference (Open Source) solution implementations to monitor, detect threats and manage (at scale) IoT networks and devices
This project and the work of the SIG supports IoTSF’s mission to help secure the Internet of Things.
If you would like to learn more and are interested in joining the ManySecured SIG, please contact us: https://manysecured.net/contact/
About the Internet of Things Security Foundation (IoTSF)
The IoTSF is an international, collaborative and vendor-neutral not-for-profit membership association, formed as a response to existing and emerging threats in the Internet of Things applications. The mission of IoTSF is to help secure the Internet of Things, in order to aid its adoption and maximize its benefits. To do this IoTSF will promote knowledge and best practice to those who specify, make and use IoT products and systems.
IoTSF promotes the security values of a security-first approach, fitness for purpose and resilience through operating life. The security values are targeted at those that build, buy and use products and services: Build Secure. Buy Secure. Be Secure.
For more information, news and further announcements, visit the official website at: https://iotsecurityfoundation.org
Collaboration is essential to ensure ‘Interoperable Security’, no one company can do it alone. To facilitate this collaboration, the IoT Security Foundation has created the ManySecured Special Interest Working Group (SIG) and we are looking for organisations and professionals from the IoT ecosystem value/supply chain to help:
- Produce Best Practice recommendations in the areas of Gateway Foundations, Secure Comms, Update Management, Network Isolation
- Develop and publish Problem Statements, Whitepapers, Requirements and Solutions
- Define methods and algorithms to monitor, detect threats and suspicious activity in IoT devices and networks
- Share datasets for: test purposes, malware trace data, fingerprints and patterns, sample network traffic of vulnerable and compromised devices
- Create reference (Open Source) solution implementations
- Develop a ManySecured Certification Program
For more information, news and further announcements, visit the official website at: https://manysecured.net/