Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Privacy

IoT Security Flaw Leaves 496 Million Devices Vulnerable At Businesses, Report Says (crn.com) 108

Nearly a half-billion Internet of Things devices are vulnerable to cyberattacks at businesses worldwide because of a 10-year-old security flaw, according to a new report from a security software vendor. From a report: The report was published Friday by Armis, a provider of Internet of Things security software for enterprises that focuses on detecting threats in IoT devices at workplaces. The Palo Alto, Calif.-based company has previously made security disclosures, including the BlueBorne malware attack that impacted 5 billion IoT devices.
This discussion has been archived. No new comments can be posted.

IoT Security Flaw Leaves 496 Million Devices Vulnerable At Businesses, Report Says

Comments Filter:
  • Just desserts (Score:5, Informative)

    by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Sunday July 22, 2018 @08:27PM (#56992330)

    If you let your appliances communicate with anybody but you, you deserve what you get.

    • Re:Just desserts (Score:5, Insightful)

      by Ol Olsoc ( 1175323 ) on Sunday July 22, 2018 @08:40PM (#56992370)

      If you let your appliances communicate with anybody but you, you deserve what you get.

      If for some incredibly stupid reason you need the company toilets and cameras and other crap connected toa network, build a separate network for them that never connects to teh intertoobz.

      • by Anonymous Coward

        You should probably connect the toilet to the tubes unless you want to deal with a very unpleasant mess

      • Automatic expiration (Score:5, Interesting)

        by Anonymous Coward on Monday July 23, 2018 @12:15AM (#56992888)

        All IOT devices should automatically cease functioning after 1 year without a firmware update. It should be the default deadpans switch to assume they are security compromised unless someone actively is maintained by them. Routers could be set up so protocol identities are increments every year and anything with an out of date protocol could be restricted in what it can do on the network.

        • All IOT devices should automatically cease functioning after 1 year without a firmware update. It should be the default deadpans switch to assume they are security compromised unless someone actively is maintained by them. Routers could be set up so protocol identities are increments every year and anything with an out of date protocol could be restricted in what it can do on the network.

          Nobody would buy IOT devices that had to be replaced every year. Most manufacturers only offer firmware updates for a short period of time. It would be the end of IOT for anyone except enterprises that could afford to roll and maintain their own.

          • Precisely wrong. First you are right that no one would buy an nonmaintaiable IOT device but they would buy ones that the manufacturers promised to keep updated. You could do that now of course but people complain about the Apple tax or similar. But Apple routers and Apple TV are trivial to update because they do it via the attached computer. So do things like chrome computers and fire sticks.

            Or you could contract with a third party if you dare.

            The key point is that once someone is paying for it then it

        • by mea2214 ( 935585 )

          All IOT devices should automatically cease functioning after 1 year without a firmware update.

          You are assuming your vision of a security profile onto everyone. If your device isn't on the Intertubes there is nothing to worry about with security. Firmware updates should always follow if it ain't broke don't fix it -- not break it if you don't fix it.

      • Re:Just desserts (Score:5, Interesting)

        by JaredOfEuropa ( 526365 ) on Monday July 23, 2018 @12:58AM (#56992970) Journal
        IoT should stand for Intranet of Things. A separate intranet for IoT, with no access to the Internet and very limited access to the LAN (to connect to an IoT hub for instance, or a smart phone). And do not buy devices that “require” internet in order to function.
        • But how can I see who's ringing my doorbell from work then? How can I see what's in my fridge when I'm out shopping? How can I turn up the AC when it looks like fluffy is getting a little hot while I'm out getting dinner?

          I can't believe you don't care about these incredibly important use-cases for internet enabled everything!

      • If you let your appliances communicate with anybody but you, you deserve what you get.

        If for some incredibly stupid reason you need the company toilets and cameras and other crap connected toa network, build a separate network for them that never connects to teh intertoobz.

        Much easier said than done, unless you're a company with the means and desire to roll your own device every single time. Your investors might decide it's stupidity and fire the executives, if you waste your resources here...

        Many (most?) IOT devices require Internets access in order to function. Here's a more practical and common example of iot devices: IP security cameras. Few and far between are the IP cam's you can use without internet connectivity.

        Another example? Streaming video player devices.

        • Many (most?) IOT devices require Internets access in order to function. Here's a more practical and common example of iot devices: IP security cameras. Few and far between are the IP cam's you can use without internet connectivity. Another example? Streaming video player devices.. guess where they stream content from? Want a thermostat that trends your cooling data, crunches the numbers, and attempts to reduce your power consumption? it's going to send that data off to a server farm for number crunching. There's a long list.

          Then you accept that hackers will pwn you and the risk is worth it.

    • by Anonymous Coward

      I laughed, she laughed, the toaster laughed, I shot the toaster; it was a good time. -PCP

    • Re:Just desserts (Score:5, Interesting)

      by locofungus ( 179280 ) on Monday July 23, 2018 @04:23AM (#56993350)

      One of the most frustrating things about these IOT things is that they won't work properly unless they have an internet connection and are registered.

      I don't actually own any IOT things but kindle - AFAICT you cannot have a 'collection' until it can talk to the internet.

      Kindlefire, connect to a private network with no (non proxy) internet connectivity and it will refuse to automatically use the connection - even if there are no other connections available.

      I'd guess things like nest are the same. The crazy thing is that I do have a way onto my internal network from outside - a VPN - I don't need each and every device trying to find its own way to punch holes through my firewall. I shouldn't have to have firewall rules to catch outgoing traffic and send it to an internal server so devices work. I shouldn't have to have special DNS zones to redirect traffic.

      These devices even try to use their own hardcoded DNS servers and bypass the ones supplied by dhcp/radvd so more firewall rules to send that traffic to the only reachable dns servers.

      • by AmiMoJo ( 196126 )

        A dedicated firewall box for IoT is a good idea. You can just block everything except the few IP addresses they need to contact. Hard coded DNS can be fixed by simply re-routing those IP addresses to your own server.

    • Comment removed based on user account deletion
  • by Snotnose ( 212196 ) on Sunday July 22, 2018 @08:32PM (#56992346)
    But I was president of my HOA for 12 years back when I was much younger and naive. Get 3 bids for something. Toss out the lower one if it's too much lower than the other 2. Make a choice on the other 2.

    Stuff goes wrong, doesn't it always? Sue the contractor's company.

    The contractor's company goes out of business with no assets left, while the contractor has another business he's running under.

    I'm guessing vendors of these IoT PoS run under the same rules. You can sue the fuck out of them, win, and get some dust bunnies and used condoms nobody on the cleaning crew wanted to touch.
  • by raymorris ( 2726007 ) on Sunday July 22, 2018 @08:34PM (#56992350) Journal

    Here's the basic idea of the attack they are talking about.
    An IoT thermostat can be controlled by your smartphone or computer, via a web service it exposes. Your smartphone might send data to a script at http://192.168.1.4/temp.pyc [192.168.1.4]

    An attacker is able to put malicious JavaScript on a web page which changes the temperature. The attack manages to get around the same-origin policy. The bad guy has their web page, titled "NEST Troubleshooting", on nesttb.com. It loads a script from scripts.nesttb.com. Your browser does a DNS request to get the IP of scripts.nedttb.com and it comes back with 77.77.77.77 and a ttl (cache time) of 1 second. The script then calls http://scripts.nesttb.com/temp... [nesttb.com]. It's been more than 1 second, so the browser does another DNS request for scripts.nesttb.com. The DNS server gives the IP as 192.168.1.34. The attacker can now change your thermostat setting.

    Prevention:
    The device manufacturer should require authentication in order to change the setting. This should involve a TLS certificate for the client, bit at least use a username and password which is generated for each device separately.

    The customer can mitigate the risk by using a local network other than 192.168.1.1/24. Try perhaps 192.168.106.1/24

    The customer also prevent the attack completely by not buying a super expensive toy, and instead buying a normal programmable thermostat.

    • by weilawei ( 897823 ) on Sunday July 22, 2018 @08:40PM (#56992372)

      This is the Slashdot I remember. :)

    • All that sounds like it relies on an insecure web browser to break out onto your local lan. Doesn't that make it a web browser issue?

      This is like if a dam breaks and floods a village, you blame the homes for not being water tight.

    • Bullshit attack (Score:4, Insightful)

      by mveloso ( 325617 ) on Sunday July 22, 2018 @09:39PM (#56992508)

      This is a bullshit attack. If they've already gotten to the embedded web server then they don't need you to change your thermostat.

    • There are not 496 million NEST devices out there. Not all IoT devices are alike, most are very different from each other, they don't use a common operating system at all. So where did this 496 million number come from?

    • It is easy to be vigilant at first, but when you are faced with a flood of this crap it is often hard for a human to know what to do.

      Synology NAS appliance: do you let it do automatic updates, or block it from the internet completely? The same thing goes for each vendor you use— do they get a black hole, or effectively unrestricted access (since everything is encrypted)?

    • by Miamicanes ( 730264 ) on Sunday July 22, 2018 @11:39PM (#56992774)

      If you REALLY want to be a rebel & be safe(r), pick a network between 172.16.x.x and 172.31.x.x

      99.994% of people have *no* idea that range of private IP addresses exists. Everyone knows about 192.168.x.x, and almost everyone knows about 10.x.x.x, but I have yet to meet anyone who uses 172.16.x.x-172.31.x.x for their home network.

      • Until the intern at Evil Corp reads your post and uses it is default instructions for their next IoT device...

      • by Minupla ( 62455 )

        I do this because no company I've worked for has used that IP block avoiding all sorts of 'fun' NAT issues when I'm VPN'd in from home.

      • Comment removed based on user account deletion
      • I use that range for industrial automation. The remote access VPN routers will not connect if the same network address range is used twice along the connection.

        Usually the factories are on the 10.xx network, and you're likely to encounter the 192.xx network anywhere, so it's easy to get locked out of your remote machine if you use the common ranges.

        Many of the (Siemens) Ethernet devices also use that range for the default IP, so it makes remote recovery much easier as well.

    • This can also be prevented by simply using a decent router that doesn't allow local IP replies from a public DNS.
      Load up pfsense and you are protected from this. Even with default settings.
    • by MobyDisk ( 75490 )

      Thank you for that.

      I don't understand how DNS rebinding works on a local device. How would the attacker at nesttb.com know the internal IP address of my IoT device? And how did they know I am the one making the DNS request at all since my DNS request really went to my ISP's DNS server, who then made the DNS request on my behalf?

      • Most home / small office routers by default assign themselves 192.168.1.1 and hand out IPv4 IPs starting at 192.168.1.2, handing them out in order. Therefore pretty . Uch every device in everyone's house will have one of 11 IPs 192.168.1.2 - 192.168.1.12. The attacker simply tries each in turn.

        This attack can't be done with IPv6. You don't have everyone using the same default IPs with IPv6, and IPs aren't normally assigned in order.

        • by MobyDisk ( 75490 )

          In this example, the attack requires knowing the IP address of the camera, not the router. Although to your point, they could probably get it right in 256 guesses.

  • by Anonymous Coward on Sunday July 22, 2018 @08:37PM (#56992360)

    says these devices have security flaws.

    wait, whut? no fucking way. really?

    • It's almost like they want to claim that companies who have no experience with networked devices because so far their main experience lies in a totally different segment of electronics where the "networked" part is only tacked on as an afterthought don't spend time and resources making a feature secure they mainly have as a sales gimmick.

  • They won't learn (Score:5, Informative)

    by Ol Olsoc ( 1175323 ) on Sunday July 22, 2018 @08:38PM (#56992364)
    Olsoc's rules of IOT

    Rule 1. IOT devices are insecure

    Rule 2. In the event someone has a secure IOT device read Rule 1.

    • IoT could be made secure. The problem is that security costs time and money, and it ain't something people care or even know about. Especially in devices they don't consider "computers".

      • by LordWabbit2 ( 2440804 ) on Monday July 23, 2018 @03:15AM (#56993216)
        Everything could be made secure. But it isn't and it's not going to happen anytime soon either. Not until people start dropping dead, and by then there will be so many insecure devices that instead of fixing the problem it's cheaper to make a Draconian example of the "hacker". This is already happening, the horse has bolted from the stables, and we CAN'T close the door, so now we crucify the person who finds the horse.
        • Yeah, because everyone knows as long as you don't find the horse, you can still pretend it's inside the barn.

          • Security by obscurity, I may not like it, but if no one is digging into your code to find issues, then no issues will be found. Linux is a prime example, no hacker is going to spend time digging into something that still has so little market share that it's not worth the time and effort. When Linux "has it's day" and becomes WAY MORE mainstream we are going to find SOOO many bugs in Linux it's not funny. In a big way Android has changed that, and we are discovering major security issues in Android that i
            • If no one is digging into your code but your market share is big enough, me digging into your code will produce some exploits easily because nobody found them before me.

              • but your market share is big enough

                Hence the "Obscurity" part. I could have SQL injection issues all over, but if no one tries to exploit them then they are not a problem. Until someone does, but that's not the point!

                • Part of my job is to disassemble code and look for security flaws. It's a pretty expensive way to hunt for security flaws, but when the stakes reach 7 figures, it starts being worth it.

                  If the potential revenue (or damage, depending on what side you're sitting on) is big enough, someone will start looking for security flaws even if it means digging through obfuscated, self-modifying assembler code in a custom virtual machine.

                  Hell, game crackers do it for free, so...

                  • Hell, game crackers do it for free, so...

                    Not just for free, the do it for FUN, I know, because I used to do it.

                    • I once had a job that was basically reverse engineering well obfuscated software. One of the requirements of the job was also that you didn't have any police record. But ... how do you learn to reverse engineer well obfuscated software, let alone how to use the various tools of the trade?

                      "Don't ask - don't tell" got a whole different meaning there...

                    • As soon as a company knows you can hack things at some point they will ask you to hack something. I once worked for a big bank in my country, and they had a falling out of some sorts with the only guy who knew the admin password for system x. The system belonged to them, so when they asked me to hack it and recover the password I did not see anything wrong with it. I have done a LOT more questionable hacks (for companies) that made me question if I should be doing what I was doing, but most of them were
                    • I shudder at the thought that there is actually a large bank with shoddy enough practices, processes and protocols to let a single guy have the admin password of a critical system.

                    • I agree, but I don't know what actually went down in the end. If someone who realizes they are going to get fired logs into the system and changes the admin password just before he is frog marched out the door means they have shoddy processes... yeah, perhaps. Fuck, I work in IT I have lots and lots of admin rights, if I wanted to I could do the exact same thing in the next five minutes to a lot more systems than he did. They placed their trust in someone who failed their trust. I would also like to poi
        • Everything could be made secure. But it isn't and it's not going to happen anytime soon either. Not until people start dropping dead, and by then there will be so many insecure devices that instead of fixing the problem it's cheaper to make a Draconian example of the "hacker". This is already happening, the horse has bolted from the stables, and we CAN'T close the door, so now we crucify the person who finds the horse.

          Well ... to play devil's advocate, stealing horses actually is illegal.

          We don't just shrug and say "oh well, you should thank the horse thieves for testing your security. This should lead to stronger barn doors."

          • stealing horses actually is illegal

            So is hacking, but that doesn't seem to be acting as much of a deterrent since most people are not caught. So the few they do catch are strung up to set an example, but the real problem is that most of these "hackers" are just script kiddies, and have no fucking clue. The serious malware out there is written in assembly, and the coders have decompiled the fucking decompilers and have written their source code in a way that makes the decompilers run around in loops. I m

  • by AHuxley ( 892839 ) on Sunday July 22, 2018 @08:44PM (#56992380) Journal
    Put all the IoT behind a strong new firewall.
    Have a modern OS be the only way back to the internet/cell phone for the IoT.
    Firewalls and OS always stay updated and work on the internet?
    Nothing on the internet can see the IoT. the IoT can only see the OS and firewall.
    The OS takes what the IoT wants to communicate and makes such data secure, sending it in a modern way out to the user.
    The user can interact with their IoT but the internet only detects a firewall.
    • by aaarrrgggh ( 9205 ) on Sunday July 22, 2018 @11:20PM (#56992718)

      What exactly is this magical firewall you speak of? Most are simply stateful and port blocking, which means internally started communication is fine. When the device phones home (in what ever innocuous way, even with a hard-coded NTP request), they have full access. You can’t proxy the https traffic, so you really don’t have any of the easy means of control. You can try a few other tricks— but it gets to diminishing returns quickly.

      • by AHuxley ( 892839 )
        Make the OS only see the IoT and the IoT only see the OS. That keeps the IoT away from the internet as a wide open device waiting for any random internet command.
        That keeps the IoT working behind a secure network.
        The OS can then pass on any requested data beyond the modern secure firewall as needed.

        Re 'but it gets to diminishing returns quickly"
        Think of the software sales and support at an OS and app level to secure the IoT in new ways. Upgrades to software networks every year to keep old IoT hardw
      • by Anonymous Coward

        Haha his "new" fireall will be cloud-native and run an AI block chain.

      • What exactly is this magical firewall you speak of?

        An ultra secure CISCO one of course!

      • by AmiMoJo ( 196126 )

        Someone should build a Raspberry Pi firewall for IoT devices. It would basically block everything by default, and then have simple check boxes for different IoT devices that open up access to the necessary IPs/domains. Settings contributed by the community, similar to ad-blockers.

        Throw in a bit of rate limiting. Second ethernet port can be a cheap USB thing, doesn't need to be fast. Build in WiFi so it can act as an AP. Could be a popular project, like the PiHole.

    • The OS takes what the IoT wants to communicate and makes such data secure, sending it in a modern way out to the user.

      I'm not sure this means anything......

      • by AHuxley ( 892839 )
        The other way is just to let the IoT device get discovered and used by malware.
        The IoT product is long past getting new support.
        The user still wants to communicate over the internet with their IoT products.
        Consumer AV scans can only do so much to tell the user about their home network and default passwords.
        Time to think about the OS, software and firewall to try and protect wide open IoT expected to face the internet.
    • > Nothing on the internet can see the IoT. the IoT can only see the OS and firewall.

      That's all good, but doesn't solve this issue. This vulnerability requires that:

      Your computer or phone can see the web.
      Your computer or phone can see the IoT.

  • by Anonymous Coward on Sunday July 22, 2018 @09:05PM (#56992432)
    I work in the microcontroller industry and somehow became the security 'expert' for my group. I don't trust IoT for many reasons, the biggest is that not many people has a clue on how to do security right, and those that do cost an arm and a leg and most manufacturers producing IoT devices can't afford them.

    With various upgrades to my house (mostly solar), I've had to accept some IoT devices. So I've segmented my wireless network. There's an open wifi (secured by a passkey, I still consider this open), and there's a second wifi that needs 802.1X authentication. The IoT devices go to the open wifi, which is on its own subnet and vlan, and only has access through the firewall with QoS tuned down to 1 Mbps. The second wifi has its own vlan, and is routed to the internal wired network. But if I find that's been compromised its easy to shut it down. I have yet to come upon a consumer IoT devices that can work with WPA2-Enterprise & 802.1X, but my sample size is small.

    Of course most people don't run Linux firewalls with 3 Ethernet cards, and level 2 managed switches at home. Prosumer tip: watch the switch manufacturer End-of-Life notices and pick up the switches at fire sale prices as everyone tries to dump their supply, don't buy off of EBay or refurbished, you never know what's one there.
    • by ELCouz ( 1338259 )
      Why buy a firewall which the supplier has EOLed? Sounds like a good plan to have your first line of defense without updates/support getting p0wn3d.
      • by Zocalo ( 252965 )
        OP didn't say buy the firewalls at EoL - just the switches. EoL is not the same as end of support, which mean you get a good few years before they go out of support and patches cease, so you get a decent switch for your home network, rather than your regular cheap SOHO model.

        Switches do generally last forever though, what happens when patches do cease is up to your security risk appetite. Assuming you know what you are doing and have them properly locked down with management IPs firewalled away or disa
        • Yes, so low [tomshardware.com] risk [bleepingcomputer.com]. For values of low that include near certainty, I guess.

          • by Zocalo ( 252965 )
            Both of which require that the management IP be enabled and accessible, which I specifically covered in the second paragraph. Once you've got it configured, do you *really* need the management IP enabled on a home/SME switch, when then console port will do? Probably not unless you're doing VLAN moves and changes on a regular basis, and if you are doing that then you're more likely to be big enough to justify having a dedicated management LAN with more restrictive access network policies in place. Either w
        • OP didn't say buy the firewalls at EoL - just the switches. EoL is not the same as end of support, which mean you get a good few years before they go out of support and patches cease, so you get a decent switch for your home network, rather than your regular cheap SOHO model. Switches do generally last forever though, what happens when patches do cease is up to your security risk appetite. Assuming you know what you are doing and have them properly locked down with management IPs firewalled away or disabled, etc., then they're a pretty low security risk, barring some "packet of doom" style exploit.

          Do you follow CERT? Cisco has tons of exploits in their gear, including countless backdoor accounts. Some that have been discovered and published on the internet that Cisco hasn't even acknowledged. You can't secure a switch against a known backdoor if the switch can be accessed.

    • by Opportunist ( 166417 ) on Monday July 23, 2018 @02:57AM (#56993190)

      The problem with microcontrollers and security is that security consumes a fair lot of processing power if done right. And while this is really no concern these days for a desktop or even a mobile computer (including smartphones), it still is a concern for lower end IoT devices powered by microcontrollers that can barely accomplish what their function is with the computing power they have.

      And try to justify the 2.50 bucks for the extra IC (or the next powerful IC) to implement sensible security. Not to mention the hundreds of hours.

      • The problem with microcontrollers and security is that security consumes a fair lot of processing power if done right. And while this is really no concern these days for a desktop or even a mobile computer (including smartphones), it still is a concern for lower end IoT devices powered by microcontrollers that can barely accomplish what their function is with the computing power they have.

        And try to justify the 2.50 bucks for the extra IC (or the next powerful IC) to implement sensible security. Not to mention the hundreds of hours.

        Why does security have to consume a fair amount of processing power? This all depends on the attack surface of your project, but most of the things that need to be secured ought to be considered and planned for before you even write your first line of code. And checking input shouldn't be that time consuming for a microcontroller. The real costly part of security is the time it takes to properly implement and verify it.

        • Why does security have to consume a fair amount of processing power?

          Because it's easier to just ACCEPT all connection attempts instead of piping them through multiple layers of filters. Even the most basic authentication scheme is more complicated and time consuming than allowing total access to everyone. Even if the gadget only connects actively and does not allow others to establish a connection, you have to sanitize input from your peer.

          • Why does security have to consume a fair amount of processing power?

            Because it's easier to just ACCEPT all connection attempts instead of piping them through multiple layers of filters. Even the most basic authentication scheme is more complicated and time consuming than allowing total access to everyone. Even if the gadget only connects actively and does not allow others to establish a connection, you have to sanitize input from your peer.

            But you should always be sanitizing your inputs, no matter where they came from. So the lost processing power SHOULD be zero because you should already be doing that anyway. And most hardware has cryptographic instructions that offload the verification of hashes and signatures so the only wasted processing power there is waiting for the bus to send and receive the request.

            • If they DID do it then we wouldn't have the problem we're having. The exact problem is that they're not sanitizing their input.

      • by AmiMoJo ( 196126 )

        Security on MCUs isn't actually too hard. I implemented an RSA based system for encrypted GPS logging as a hobby project a while back, it wasn't much work. That was an 8 bit MCU which admittedly had AES acceleration (not uncommon now).

        Thing is most of these devices are actually running some kind of RTOS on a 32 bit ARM, with crypto acceleration to support the WiFi stack. ARM SoCs with WiFi are super cheap now, well under $1 in quantity, e.g. the ESP8266. The manufacturers often offer free modules to handle

        • That is the second part of the problem. We're looking at engineers whose experience so far never included security. Someone who designs TV until very recently had no reason to know the first thing about network security. Let alone people who design refrigerators, stoves or washing machines. Suddenly these things "must" connect to the internet. What happens now is that some kind of internet connectivity kit is somehow haphazardly attached to the machine (or to paraphrase Homer Simpson, they take an existing

    • Prosumer tip: watch the switch manufacturer End-of-Life notices and pick up the switches at fire sale prices as everyone tries to dump their supply

      I hear there's a lot of CISCO gear going cheap.

    • don't buy off of EBay or refurbished, you never know what's one there.

      It doesn't matter where you get a router, you need to reflash it when you get it with something known good. In fact, it doesn't matter what it is, if it's reloadable, you need to reload it from known good media when you get it.

  • "One service Black Lake provides for customers is an IoT assessment that gives businesses a true look at all the connected devices on their network."

    " The report was published Friday by Armis, a provider of Internet of Things security software for enterprises that focuses on detecting threats in IoT devices at workplaces"

    I understand now.
  • If you read the story it should become evident that this is is just masked marketing for one of Armis' products. Essentially, the accusation is that if you have a device that is accessible by a Web interface on your computer, and someone gets access to your computer/browser, well lo and behold, they can get access to the devices. Newsflash: billions of cars are vulnerable to attack -- if someone steals your keys. This is just marketing to sell people crap to make up for the crap (IoT) they bought without un

You can be replaced by this computer.

Working...