Tech Trends for 2017: Security of Things
The Internet of Things has arrived, opening the floodgates for a fresh set of security threats. Forget computer hacks, what happens if your IoT-connected fridge gets hacked?
A kettle you can switch on remotely using your phone. A fridge that tells you what food you’ve got on the shelves. Trainers that tell you the distance you’ve just ran…
It’s easy to get excited about the incredibly innovative Internet of Things (IoT)-connected gadgets currently on the market, but are we really considering the security implications of these devices?
Startups.co.uk has frequently reported on the evolution of IoT as more people connect with their devices and share valuable data, but disguised under the “novelty halo effect” of IoT are the threats that the potential misuse of this data could bring.
For instance, say you purchase an IoT-connected kettle with a standard default password and username. You don’t change the password and the manufacturer doesn’t prompt you to; you assume that necessary security and data encryption measures have been taken.
What’s to stop a hacker detecting this basic security vulnerability and uploading malicious code to your kettle? Your hacked kettle device can then be used to attack a targeted website – your kettle, what you perceive to be an inanimate object, could well turn against you – creating a security nightmare.
The recent DDoS (distributed denial-of-service) attack of Dyn has also indicated the need for an IoT security wake-up call. The attack on October 21 involved a cyber weapon called the Mirai botnet – a network of IoT devices such as digital cameras and DVR players – being used to bombard Dyn servers to create a major outage, said to the be largest of its kind in history.
Following the attack, cybersecurity senior fellow at the Council of Foreign Relations; David Fidler noted:
“We have a serious problem with the cyber security of IoT devices and no real strategy to combat it. […] Imagine what a well-resourced state actor could do with insecure IoT devices.”
With this in mind, security experts have predicted that 2017 will see the rise of the ‘Security of Things’ – new solutions, software and tools to address the security issues of smart devices.
How it works
Smart devices are becoming commonplace in households with everyday appliances now able to communicate with the internet to help us live smarter, more efficient lives.
However, users of smart IOT devices, and the companies that retail them, aren’t putting much thought into protecting these devices as Monica Brink, EMEA marketing director of iland, explains:
“What is really worrying is that the owners of the IoT devices are usually unaware of the attack. This is because once a device has been hijacked it can be impossible to tell as they often continue to work exactly as normal. Issues will then begin to occur behind the scenes when the compromised system is subsequently put on the same network as personal computers, corporate servers and even confidential government data.
“The main issue is, without knowing which devices exchange data within a specific network or the internet as a whole, there is no way to develop an adequate security strategy. In theory, every single device that is being added to a network needs to be evaluated, but this is just as painstaking as it sounds.
“Recent high profile cyber attacks and, increasingly, ransomware threats have spurred a long overdue discussion about the gaps in IoT security.” This discussion has even paved the way for a new a dedicated conference for Security of Things World in 2017 which will focus on the ‘next information security revolution’.
Professional IT network Spiceworks agrees that 2017 will be the year of the Security of Things. In its 2016 IoT report it suggests that, as IoT adoption continues to grow, security concerns will be top of mind:
“77% of IT professionals in EMEA are concerned about the growing number of entry points into the network and 70% are worried about the lack of security measures put in place by IoT manufacturers.”