{"id":10736,"date":"2017-12-06T10:10:20","date_gmt":"2017-12-06T18:10:20","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/12\/06\/news-4508\/"},"modified":"2017-12-06T10:10:20","modified_gmt":"2017-12-06T18:10:20","slug":"news-4508","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/12\/06\/news-4508\/","title":{"rendered":"Internet of Things (IoT) security: what is and what should never be"},"content":{"rendered":"

Credit to Author: Wendy Zamora| Date: Wed, 06 Dec 2017 17:00:00 +0000<\/strong><\/p>\n

The Internet has penetrated seemingly all technological advances today, resulting in Internet for ALL THE THINGS. What was once confined to a desktop and a phone jack is now networked and connected in multiple devices, from home heating and cooling systems like the Nest to AI companions such as Alexa. The devices can pass information through the web to anywhere in the world\u2014server farmers, company databases, your own phone. (Exception: that one dead zone in the corner of my living room. If the robots revolt, I\u2019m huddling there.)<\/p>\n

This collection of inter-networked devices is what marketing folks refer to as the Internet of Things (IoT). You can\u2019t pass a REI vest-wearing Silicon Valley executive these days without hearing about it. Why? Because the more we send our devices online to do our bidding, the more businesses can monetize them. Why buy a regular fridge when you can spend more on one that tells you when you\u2019re running out of milk?<\/p>\n

\"Internet<\/p>\n

Unfortunately (and I\u2019m sure you saw this coming), the more devices we connect to the Internet, the more we introduce the potential for cybercrime. Analyst firm Gartner says that by 2020, there will be more than 26 billion connected devices<\/a>\u2014excluding<\/em> PCs, tablets, and smartphones. Barring an unforeseen Day After Tomorrow<\/em>\u2013style global catastrophe, this technology is coming. So let\u2019s talk about the inherent risks, shall we?<\/p>\n

What\u2019s happening with IoT cybercrime today?<\/strong><\/h3>\n

\u00a0<\/strong>Both individuals and companies using IoT are vulnerable to breach. But how vulnerable? Can criminals hack your toaster and get access to your entire network? Can they penetrate virtual meetings and procure a company\u2019s proprietary data? Can they spy on your kids, take control of your Jeep, or brick critical medical devices?<\/p>\n

So far, the reality has not been far from the hype. Two years ago, a smart refrigerator was hacked<\/a> and began sending pornographic spam while making ice cubes. Baby monitors have been used to eavesdrop on and even speak to<\/a> sleeping (or likely not sleeping) children. In October 2016, thousands of security cameras were hacked to create the largest-ever Distributed Denial of Service (DDoS) attack against Dyn, a provider of critical Domain Name System (DNS) services to companies like Twitter, Netflix, and CNN. And in March 2017, Wikileaks disclosed that the CIA has tools for hacking IoT devices<\/a>, such as Samsung SmartTVs, to remotely record conversations in hotel or conference rooms. How long before those are commandeered for nefarious purposes?<\/p>\n

Privacy is also a concern with IoT devices. How much do you want KitchenAid to know about your grocery-shopping habits? What if KitchenAid partners with Amazon and starts advertising to you about which blueberries are on sale this week? What if it automatically orders them for you?<\/p>\n

At present, IoT attacks have been relatively scarce in frequency, likely owing to the fact that there isn\u2019t yet huge market penetration for these devices. If just as many homes had Cortanas<\/a> as have PCs, we\u2019d be seeing plenty more action. With the rapid rise of IoT device popularity, it\u2019s only a matter of time before cybercriminals focus their energy on taking advantage of the myriad of security and privacy loopholes.<\/p>\n

Security and privacy issues on the horizon<\/strong><\/h3>\n

According to Forrester\u2019s 2018 predictions<\/a>, IoT security gaps will only grow wider. Researchers believe IoT will likely integrate with the public cloud, introducing even more potential for attack through the accessing of, processing, stealing, and leaking of personal, networked data. In addition, more money-making IoT attacks are being explored, such as cryptocurrency mining or ransomware attacks on point-of-sale machines, medical equipment, or vehicles. Imagine being held up for ransom when trying to drive home from work. \u201cIf you want us to start your car, you\u2019ll have to pay us $300.\u201d<\/p>\n

It\u2019ll be like a real-life Monopoly game.<\/p>\n

Privacy and data-sharing may become even more difficult to manage. For example, how do you best protect children\u2019s data, which is highly regulated and protected according to the Children\u2019s Online Privacy Protection Rule (COPPA<\/a>), if you\u2019re a maker of smart toys<\/a>? There are rules about which personally identifiable information can and cannot be captured and transmitted for a reason\u2014because that information can ultimately be intercepted.<\/p>\n

Privacy concerns may also broaden to include how to protect personal data from intelligence gathering by domestic and foreign state actors. According to the Director of National Intelligence, Daniel Coats, in his May 2017 testimony at a Senate Select Committee on Intelligence hearing: \u201cIn the future, state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks.\u201d<\/p>\n

In a nutshell, this could all go far south\u2014fast.<\/p>\n

So why are IoT defenses so weak? <\/strong><\/h3>\n

Seeing as IoT technology is a runaway train, never going back, it\u2019s important to take a look at what makes these devices so vulnerable. From a technical, infrastructure standpoint:<\/p>\n