
Blog Post
More Thoughts on Security and the Internet of Things
Attacks that are initially restricted to the realm of esoteric, government-backed spooks become accessible over time to run-of-the-mill cybercriminals. Take, for example, the Linux.Darlloz worm, which attacks embedded devices and is interesting for a couple of reasons. First, it propagates by exploiting a vulnerability that was patched in May 2012. But the firmware images on many embedded devices are much older than that. The second reason I find it particularly interesting is it targets PHP, a scripting language largely used for web development.

Blog Post
Five Software Tips for Securing IoT Devices
I’ve got a new blog post up today at EE Times, discussing how to secure devices on the Internet of Things: It used to be academically interesting, perhaps, that an attacker could compromise an unconnected home thermostat. Today, it’s another thing entirely that an attacker can potentially target thousands of home thermostats from afar, determine... View Article

Blog Post
The Internet of Things — and How Those Things Phone Home
There's a lot of buzz about the Internet of Things — a catchphrase designed to encompass a range of embedded devices that connect to cloud servers to act more intelligently than they could on their own. One problem that comes up is how to design the Thing to connect back to the Cloud Server — how does the Thing phone home? It's tricky, because, usually, we are trying to balance several factors.
Attacks that are initially restricted to the realm of esoteric, government-backed spooks become accessible over time to run-of-the-mill cybercriminals. Take, for example, the Linux.Darlloz worm, which attacks embedded devices and is interesting for a couple of reasons. First, it propagates by exploiting a vulnerability that was patched in May 2012. But the firmware images on many embedded devices are much older than that. The second reason I find it particularly interesting is it targets PHP, a scripting language largely used for web development.
I’ve got a new blog post up today at EE Times, discussing how to secure devices on the Internet of Things: It used to be academically interesting, perhaps, that an attacker could compromise an unconnected home thermostat. Today, it’s another thing entirely that an attacker can potentially target thousands of home thermostats from afar, determine... View Article
There's a lot of buzz about the Internet of Things — a catchphrase designed to encompass a range of embedded devices that connect to cloud servers to act more intelligently than they could on their own. One problem that comes up is how to design the Thing to connect back to the Cloud Server — how does the Thing phone home? It's tricky, because, usually, we are trying to balance several factors.

Blog Post
Sniffing iPad Traffic
Our engineering expert details how to capture and analyze all the network traffic flowing to and from a Wi-Fi-enabled device using a network sniffer.
Our engineering expert details how to capture and analyze all the network traffic flowing to and from a Wi-Fi-enabled device using a network sniffer.