Hacked off: the risks posed by smart devices
Around three-quarters of the most commonly used devices connect to the Internet of Things today are open to serious security vulnerabilities – and the situation is only going to get worse if steps aren’t taken now to remedy the situation.
Around 25 billion devices already connected to the Internet of Things (IoT) according to the US Federal Trade Commission, and this will only be the tip of the iceberg as the trend gathers momentum.
IoT will connect every part of our lives, from public transport and health to cars to airline check-ins, home security and white goods. Not to mention everything from glasses to footwear in the not too distant future. What do you do when the coffee machines in the staff room have Wi-Fi access and are wide open to security breaches? Paradoxically, the enormous power IoT offers in its ability to share data is also its Achilles heel – it poses an enormous security threat.
Nowhere to hide
There is no escaping it. IoT is set to be a potent force in business transformation and it will impact all industries and all areas of society.
Take for example to so called ‘red button’ attack. Two researchers at the Network Security Lab at Columbia University hacked into a smart TV using a simple antenna. As well as broadcast messages, hackers could potentially takeover apps on the TV and launch attacks on the Internet. On Facebook, for example, they could take over people’s accounts and post messages. Or subscribers to NetFlix or YouTube could find the content they watch revealed to the world.
At Mobile World Congress this year, James Lyne, global head of security research at security experts Sophos showed just how insecure some devices are. Lyne hacked into an Android tablet over Wi-Fi to record video and audio. He also demonstrated the insecurity of CCTV cameras that use weak or no password protection and showed how they can easily be breached from another country.
The smaller the device, it seems, the more fun to hack. A hacker known as ‘Comex’ is laying claim to breaking into the Apple Watch via a video he has posted online entitled ‘I always wanted a web browser on my wrist’. The video shows how he can run a full web browser on the device, which should not be possible. If he can get access to the iOS file store and manager, it would enable him to run code that hasn’t been screened by the Apple App store.
Stealing data from IoT devices isn’t just an invasion of privacy, it also offers a very lucrative gold rush for cybercriminals. As businesses collect increasing amounts of personal data for data analysis, its value in the wrong hands sky rockets.
Is everything suspect?
The scope and benefits IoT brings are truly phenomenal and yet so are the risks. Enterprise IT managers will have to counteract this by creating a multifaceted approach to IoT risk and the security that surrounds it. The best way around this will be to carry out customized risk assessments on various devices. IT managers will have to carefully balance the 24/7 connected requirements of the business to its digital security strategy. And yes, this will take work, but it is totally possible.
The host of Wi-Fi enabled devices connected to the Internet will create a deluge of valuable data that needs to be collected, processed an analysed. It is paramount that businesses can identify reliable and malicious traffic patterns on IoT devices. To get ready for these challenges, businesses must start putting the right tools and processes in place to provide robust security analytics capabilities.
They will also need the Band-Aid at the ready. Many businesses are not aware that IoT devices require a firmware update to patch any vulnerabilities. This takes both time and effort. They will need to have the resources in place to act fast should a possible security breach arise.