On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT devices running Boa web servers. The Boa web server, an open-source small-footprint web server suitable for embedded applications, was discontinued in 2005, but many software development kits still use this lightweight server on IoT hardware. Since being discontinued, vulnerabilities were discovered in Boa that make every version out there exploitable.

It’s breakthrough and game-changing for Biden’s SBOM and customers’ IoT Edge security and deployment challenges. This week the Device Authority team is proud to be releasing KeyScaler 7.0. This has been a seismic achievement, adding breakthrough features based on customer demand, as we advance our Product Led Growth Strategy to solve the Zero Trust for IoT security challenges. Device Authority’s breakthrough KeyScaler 7.0 release includes advanced Edge and SBOM capabilities.

During our recent webinar hosted by Device Authority’s Tyler Gannon and Imagination Technologies Marc Canel (Does new IoT security legislation make Zero Trust the only strategy?). We ran a poll asking attendees about their understanding of SBOM; one of the options was “SBOMs are a roadmap to the attacker”.

As the number of IoT devices grows, predicted “to reach 27 billion or more by 2025 (IDC, IoT Analytics)”, so does the need for IoT device management companies and security solutions. While there are many benefits to the IoT, there are also security risks that come along with it. Gartner estimates that “75% of security failures will result from inadequate management of identities, access, and privileges” by 2023.

IoT device lifecycle management is the process of managing the entire life cycle of an IoT device, from conception and design to manufacturing and distribution, to installation and eventual decommissioning. The goal of IoT device lifecycle management is to ensure that devices are properly managed throughout their lifespan to maximise their operational efficiency and longevity.

Imagine this… you walk into work; you are the supervisor of an automated automotive production line for one of the largest global car manufacturers. Everyone from the last shift is still there, they are not packing up to go home, in fact, they are panicking. The production line has shut down, nothing is working, and computer screens along the production line display a ransom demand.

The impact of ransomware attacks on healthcare is as alarming as it is under-addressed. The United States healthcare system alone faces an annual burden of nearly $21 billion due to these attacks. It pays well over $100 million in ransoms, and is beginning to acknowledge the tragic realities of impacted patient care, including higher patient mortality rates. For every headline related to cyberattacks, there are likely hundreds more that go unreported.

Have you noticed it’s never “Hey, someone got by a firewall” or “WOW, they bypassed the network security”? No. It’s always about the Device. It’s the same for hackers because everything else is just a means to an end, and that end is your Device! Imagine, late at night, driving around the Amusement Park security gate, then busting open the locked gated fence. These actions are necessary to get to the big score, the Rides! Yaaahoo!