July Round Up of News that Proves Trust is the Point
It seems that many people have a blind faith when it comes to their devices. What will it take to get people to take IoT security seriously?
This month we look at the concerns consumers don’t have, the steps companies need to take to prevent hacks and the hackers who are bringing attention to the problem.
While security professionals are concerned with how malicious hackers can infiltrate a home through entertainment systems, health care monitoring devices or even toys, consumers are more concerned about the cost of these systems and whether their privacy may be violated.
In the U.S., a recent survey of 2,000 households, about a quarter of respondents were concerned about privacy and 66% named cost as the reason for not buying IoT devices for their homes.
If people aren’t concerned with the security of their devices, it opens up even more opportunities for hackers to gain access.
While households may not be paying too much attention to IoT security, the business world is. As more and more internet connected devices come to the workplace, the opportunity increases for hackers to infiltrate vulnerable networks.
IoT security expert Dave Palmer sums up the problem for businesses. "Modern businesses are digital hives of connected objects that all too often lack adequate security, providing attractive gateways for cyber attackers. That could be anything from a printer or a thermostat connected to the corporate network, through to a connected coffee machine or iWatch. These devices are part of the modern tech scene today, but they are relatively unprotected and vulnerable to new threats, such as ransomware."
Awareness is likely the strongest defense for any company that deploys IoT devices. Don’t make assumptions that any product is “safe”. Instead, companies should have and enforce security policies that require regular security updates, secure passwords and encrypted communication.
IoT security is getting a lot of attention at this year’s DEF CON in Las Vegas. 15,000 white-hat hackers are gathering and exchanging notes on cyber vulnerabilities.
IoT devices and their insecurities have been around long enough that the criminal world is taking notice. As a result, ransomware is becoming a bigger problem. Hackers rely on a user opening an infected file and downloading the malware that encrypted all the files. For a fee, the criminal will (usually) provide the key that allows the user to access their files.
Andrew Tierney and Ken Munro are the two researchers who have shown an insecure internet connected thermostat can become infected with malware that allows the hacker to control the temperature. To unlock the thermostat and regain control, the homeowner must pay a ransom.
While the researchers admit that it’s not an easy hack — the user has to unwittingly download the malware — the model in question allows users to download pictures and custom settings, which could allow a clever criminal an easy place to hide the malware.
“You’re not just buying [Internet of Things] gear,” Tierney warned, “you’re inviting people on your network, and you have no idea what these things do.”
If people make the connection between ransomware and the vulnerability of devices in their homes, perhaps their awareness around security will also increase.
More From DEF CON in September
Join us again next month for News that Proves Trust is the Point for more from DEF CON 2016 as well as other hacks that get our attention.