Attackers often take advantage of the complexity that comes with balancing greater end-user convenience with traditional security. Behind that cool and responsive interface of an IoT device is millions of lines of code and superfast processing. The weakest link is something basic — a faulty implementation of a protocol, or a lack of a trusted security zone on a chip. Exploitation, in either case, requires very little skill. Thus, a lot of the attacks today are carried out not by criminals with elite skills but those with very basic programming skills.
Women play vital roles in developing the tools that engineers around the world use to design smart chips and develop secure code for the amazing devices that are changing the way we work and play. USA Today recently featured three Synopsys engineers, who reflect on their experiences as women in tech and offer advice on carving out success in a male-dominated field.
Posted in Application Security, Artificial Intelligence, Automotive, Cryptography, EDA, Healthcare, Internet of Things, IP, Machine Learning, Malware, Optical Design, Privacy, Quantum Computing, Robotics, Security, Superconducting Electronics, TCAD
When security researchers first demonstrated that they could hack a car over the internet to control its brakes and transmission, Chrysler had to recall 1.4 million vehicles to fix the software vulnerability. The infamous Jeep hack of 2015 was an expensive wake-up call for the automotive industry. So, what has changed since then?
By 2020 more than 50 billion devices will be connected to the internet ― according to Cisco’s latest forecast. Smartphone traffic will exceed PC traffic and broadband speeds will nearly double by 2021. And by the next Winter Olympics (Beijing 2022), 1 trillion networked sensors could be embedded in the world around us. While tech experts offer slightly different projections of actual numbers, it’s clear that the Internet of Things (IoT) will grow exponentially. And this explosion means new opportunities for one-time programmable (OTP) non-volatile memory (NVM).
For their involvement in creating and distributing the Mirai IoT-based botnet, Paras Jha, Josiah White, and Dalton Norman each admitted on Wednesday to one count of conspiracy in plea agreement in Alaska. A botnet is traditionally defined as a network of compromised computers that can be remotely controlled to mount large-scale attacks such as a distributed denial-of-service (DDoS) attack on a website. Mirai was the first botnet to compromise and remotely control internet of things (IoT) devices in a large-scale attack on internet services.
Two new surveys from Synopsys find there is general alignment among C-level IT professionals, managers, and executives in Europe and in Asia in terms of application security concerns and mitigations. Although the percentages differ by region, the order in which concerns and solutions ranked generally agreed.
Despite years of evidence from researchers that some medical devices in homes and in healthcare facilities may contain serious vulnerabilities, such has the ability to manipulate insulin pumps and pacemakers wirelessly, there has been little acknowledgement from the industry. Unlike the automotive industry, which addressed a wide variety of cybersecurity issues soon after the infamous Cherokee Jeep Hack in the summer of 2015, medical devices have remained rife with potentially life-threatening vulnerabilities. That is about to change.
Zero days are simply software vulnerabilities for which there is no public patch or workaround. They have value because they can allow remote code exploitation or electronic surveillance without detection for long periods of time. On Wednesday, White House Cybersecurity Coordinator, Rob Joyce, issued updated guidance how the U.S. handles zero days.