US Democratic party fundraising firm leaves data-filled NAS open to IoT search

Bill Evans of One Identity

Reports are emerging that a consumer-grade network attached storage (NAS) device owned by Rice Consulting, a fundraising firm working primarily with the Democratic Party in the US, containing client data and passwords giving access to other organisations, was left publicly accessible. A member of the Hacken cyber risk security team discovered an unprotected instance in Buffalo TeraStation NAS.

The factory-set authentication of the NAS device was disabled, leaving it open to being spotted and indexed by Shodan or Google’s IoT search engine. The data leakage has highlighted the firm’s failure to implement basic security measures to protect swathes of highly sensitive voter and donor data.

Commenting on the news, Bill Evans, senior director at One Identity said: The concerning thing about this leak is the fact that the factory-set authentication had been disabled. While we may never know why it was disabled, it was most likely done for convenience. Although it can be a hassle to manually manage administrative passwords, organisations must do their utmost to protect their ‘keys to the kingdom

Evans continued, “This brings to light the real problem with the proposed California legislation, which intends to ensure the security of IoT (Internet of Things) devices by requiring unique passwords, among other measures. Like in this most recent case, administrators and users may simply change or disable those security features for convenience making a device or system inherently unsecure.

Enterprises would be best served at looking at the myriad options for automating the management of their privileged accounts to ensure leaks like this don’t happen again,” he added.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Axiomtek launches compact DIN-rail IIOT gateway for data driven energy

Posted on: November 30, 2022

Axiomtek, a world-renowned specialist relentlessly devoted in the research, development, and manufacture of series of innovative and reliable industrial computer products of high efficiency is pleased to announce the ICO120-E3350, an extremely compact industrial IoT gateway powered by the Intel Celeron processor N3350 (codename: Apollo Lake-M). The ruggedised designs feature fanless operation, -40°C to 70°C

Read more

Semtech, AWS to create low-power IoT track and trace services with LoRa cloud geolocation

Posted on: November 30, 2022

Please replace the release with the following corrected version due to multiple revisions to the Forward-Looking and Cautionary Statements.

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more