Connected and Compromised: When IoT Devices Turn Into Threats
Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.
IoT systems connect sensors and control networks, so device identity, secure updates, data protection, and reliable operation support safety and availability.
Search across headline titles and summaries.
Background for this topic.
Internet of Things (IoT) comprises physical devices—such as sensors, cameras, appliances, vehicles, medical equipment, and industrial controllers—that collect data, perform actions, and communicate with other devices or cloud services. Its distinctive assets include telemetry, control functions, device identities, and sometimes sensitive location, health, or operational data. Availability and integrity can be safety- or production-critical, while many devices have limited processing capacity, long service lives, and constrained maintenance access.
Security depends on the complete device lifecycle: maintain an accurate inventory, replace default credentials with unique authentication, verify firmware and provide signed, supportable updates, and restrict management interfaces through network segmentation. Exposed services, insecure update mechanisms, weak device-to-cloud APIs, physical access, and third-party components can enable unauthorized monitoring or control, compromise other systems, or conscript devices into attacks. Privacy protections should limit collection and access to telemetry, and monitoring should support detection and safe isolation without disrupting essential operations.
Weekly headline count for the current query.
Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.
While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access.
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises.
What happens to all of those always-connected devices when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.
What happens to all of those always-connected devices and Internet of Things when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.
The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. First in a three-part series.
IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they're protected by security software or not online.
Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength.
The Internet of Things (IoT) has made everything more interconnected than ever, but an important US government security initiative is stuck in limbo even as threat actors step up attacks on everything from medical gear to printers.
The cloud now acts as the connecting infrastructure for many companies' assets — from IoT devices to workstations to applications and workloads — exposing the edge to threats.
Experts agree there have been subtle improvements, with new laws and applied best practices, but there is still a long way to go.
Hackers can spy on tens of thousands of connected tractors in the latest IoT threat, and brick them too, thanks to poor security in an aftermarket steering system.
Hackers are exploiting trusted authentication flows — like Microsoft Teams and IoT logins — to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks.
Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here's how experts say you can get eyes on it all.
Consumer Reports, Secure Resilient Future Foundation (SRFF) and US Public Interest Research Group (PIRG) introduced a model bill to increase transparency around Internet of Things that have reached end-of-life status.
Two separate campaigns are targeting flaws in various IoT devices globally, with the goal of compromising them and propagating malware worldwide.
The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.
New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.
Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.