Gatwick incident – Dronejacking will get worse before it gets better.

By Cesare Garlati – prpl Chief Security Strategist

With the recent news of a drone causing chaos at Gatwick airport, hacking IoT devices has resurfaced as a topic of discussion especially regarding the security issues should a multitude of devices be hacked.

In the optimal situation, there is no way that anyone should be able to access, much less hijack, the critical functions of an IoT device such as a drone. While the power for destruction from just one drone may seem paltry, directing these drones in large numbers at a target is a very real, and dangerous, possibility – as confirmed by this news.

The time to act is now to take control of security in IoT devices at the most basic level: the hardware.

Manufacturers need to move away from the attitude that “it works, let’s try to secure it and get it to market” to “if it’s not secure, it doesn’t work”. Unless the industry adopts this attitude, the security problems of IoT will continue to proliferate at an alarming rate and unfortunately, lives could quite literally be at stake.

*   *   *

More about what can be done today to secure IoT: prpl Security Guidance for IoT

More about what can be done today to secure the smart home: prpl Smart Home Security Report

Embedded World 2017 – IoT coming of age.

by Cesare Garlati – Chief Security Strategist, prpl Foundation

Last week I had the pleasure of attending Embedded World 2017 in Germany as I was invited to give a couple of presentations on the pioneering work we have been doing at the prpl Foundation with regards to the prplHypervisor™ and prplPUF™ APIs for securing IoT. As it turns out, IoT was the top line at the conference that drew in more than 30,000 trade visitors – and the event solidified the notion that embedded computing is now synonymous with IoT.

Continue reading

RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2

rsa-2016-garlati-clip

 

Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

From hospitals dispensing life-saving drugs, to connected cars – embedded computing is transforming the way we live and work. But underlying weaknesses have introduced potentially life-threatening vulnerabilities into the Internet of Things.

Continue reading

The Internet of Things: Life-changing tech or a disaster waiting to happen?

Reposting from Tech City News NOV 02, 2016 http://techcitynews.com/2016/11/02/the-internet-of-things-life-changing-tech-or-a-disaster-waiting-to-happen/

By Cesare Garlati, chief security strategist at the prpl Foundation, an organisation working to make the IoT safer, explains how startups can get IoT security right to avoid being subjected to harm.

miraiThe Internet of Things (IoT) is exciting new territory for many startups and innovative companies looking to push boundaries and connect even the smallest devices to attempt to simplify and enhance our lives. But the security of these devices is fundamentally flawed for a number of reasons.

Continue reading

Automotive security: pen-testing is no replacement for sound product development

automotive-testingReposting from Automotive Testing Technology International

http://www.automotivetestingtechnologyinternational.com/industry-blogs.php?BlogID=1863

By Cesare Garlati

When it comes to testing the components of modern connected cars, of course pen-testing (penetration testing) has its place; however, it is no substitute for solid product development.

In testing, companies often operate under the notion that an identified problem can be fixed or patched. This may be true for some areas of testing, but for security, it is not sufficient. Security needs to be built-in, from the ground up. And that means starting at the hardware layer, which is seldom done today, but which is completely viable given the advancements in silicon and other connected vehicle technologies.

Continue reading

Smart Home Security Report

Study Finds Smart Home Tech Gaining in Popularity, Yet Still Woefully Insecure

Smart Home Security ReportSANTA CLARA, CA – Sep 20, 2016 – The non-profit prpl Foundation today unveiled its global study on the use of smart devices in a domestic setting entitled, “The prpl Foundation Smart Home Security Report.” The one-of-a-kind study, which was conducted through OnePoll, covers the proliferation of smart device use and security within the home. It surveyed 1,200 respondents across the US, UK, France, Germany, Italy and Japan to discover the measures people take to secure their smart homes and their attitudes about the security of devices.

Some key findings include:

  • The smart home isn’t coming; it’s already here and device adoption in certain cases has reached a tipping point
  • The smart home is woefully insecure due to users’ failure to follow best practices
  • Consumers prefer security to usability, and they’re prepared to take more responsibility if it means living in a safer home

Continue reading

prpl @ Microchip MASTERs 2016

U.S. MASTERs 2016prpl Foundation, along with our members Imagination Technologies and Seltech, were excited to participate in Microchip MASTERs conference in Phoenix last week.

MASTERs is known as the “premier technical training conference for embedded control engineers”. We were thrilled to showcase our latest developments for this group: the porting of the prplSecurity™ framework to Microchip’s PIC32MZ controllers sporting the MIPS M5150 core.

Continue reading