Q: Have you met with Spectre or Meltdown vulnerabilities on IoT (Internet of Things) devices? What are your recommendations about encryption key management and identity management?
Andrew, Lead Developer
– I have not personally met with these issues. However, I am building a community-based Cyber security solution on top of IPFS and my platform QALB.
– Yes. Spectre or Meltdown are two different types of vulnerabilities states observed in the IoT devices at a hardware level. Spectre allows the attacker to exploit the random memory location and Meltdown allow to read the whole memory locations which means an attacker can read all the credentials and secret data stored on the processor even without leaving any evidence and logs which is quite risky and mostly ARM and AMD processors are prone to it. However, hardware-level fixes are still going on and it’s a part of R&D, and fixes are provided by the processor manufacturers to avoid these vulnerabilities.
Kapil, Security Operations
– IoT or Devices are next-level targets for adversaries so vulnerabilities management becomes more critical. 4 main pillars – Key management, IM, access (permission) management and sufficient logging and monitoring are key for any cyber program.
– Haven’t had those, but a few years ago, in one of the companies I worked at, there was a CryptoLocker problem and the ransomware proved too much to handle so they paid what the hacker asked, and surprisingly the hacker kept their word. The company was an easy target as they didn’t invest in security at all, hope things are better now.
The SecPro is a weekly security newsletter to help you stay sharp and upgrade your skills with trending threat insights, practical tutorials, hands-on labs, and useful resources. Build skills in as little as 10 minutes. Join the newsletter here.