Avanti Markets feels the heat as it suffers data security breach

Michael Patterson

Avanti Markets, which owns snack and drink vendor machines across the USA, has suffered a data security breach. The company has admitted that hackers might have compromised not only customers’ credit card accounts, but also the physical biometrics associated with those accounts.

A security researcher has characterised this hack as a classic case of an Internet of Things (IoT) threat where a network-controlled device maintained by a third party was not properly patched, audited or controlled.

Michael Patterson, CEO of Plixer said, “Vending machines have been vulnerable to hacking and thefts since the day they were brought to market. However, with IoT technology, the stakes are much higher now. The villains behind these infections aren’t interested in stealing the refreshments inside the machine rather, they have their eyes on a much bigger prize: Personally Identifiable Information (PII) including one-of-a-kind fingerprints that can be resold on the dark web.

Avanti Food Vending Machine

“This is an example of why organisations must begin to follow a least privilege model when deploying IoT devices. IP addresses should be defined, along with layer 4 protocols and application traffic profiles that IoT devices use to perform their defined task.”

Patterson continued, “With this knowledge, Network Traffic Analytics technologies can be leveraged to monitor traffic to and from IoT devices and alert if they send or receive any traffic that falls outside the least privilege policy.

Even a single packet of traffic that falls outside the least privilege model should be reported, investigated, and remediated immediately.”

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

OCF celebrates pulse systems’ installation of newly certified IoT platform for smart lighting

Posted on: December 6, 2021

The Open Connectivity Foundation (OCF) has announced the first installation of the recently-certified low power IoT platform, from OCF member Cascoda, that combines the end-to-end security benefits of OCF and the low power, wide-area coverage advantages of Thread.

Read more

Green Custard Ltd develop robust predictive maintenance system for Martin Engineering Ltd

Posted on: December 6, 2021

Green Custard Ltd, a professional services company and AWS Advanced Consulting partner, together with Eseye Ltd (also an AWS partner) has been selected by Martin Engineering Ltd to build a global predictive maintenance and monitoring platform on AWS so their localised US platform can be rolled out internationally.

Read more