Monday, February 29, 2016

Internet of Things — or Internet of Cyber Crime?

The Internet of Things needs effective cyber security solutions, too.

Gartner estimated that at the end of 2016, there will be around 6.4 billion connected objects in use — things like smart refrigerators, smart thermostats, wearable fitness gadgets and even dog collars that let consumers know how their pets are doing. By 2025, there will be 20.8 billion objects making up the IoT. In addition, the Industrial IoT is enhancing efficiency and productivity, effectively transforming the way companies do work.

These smart technologies are keeping people connected and helping to make business easier for the industrial sector. However, no matter how useful the IoT may be, there are still those who would try to exploit vulnerabilities within the system. There are several important ways the IoT is behind in terms of cyber security. Targeted attacks against devices within the IoT are entirely possible.

The problem with smart TVs

These vulnerabilities can exist anywhere within the IoT — even consumers' own living rooms. Trend Micro researchers found earlier this year that some Android-based smart televisions are susceptible to attack via third-party apps that people download onto their devices. These apps contain a backdoor that allows hackers to install other malicious apps and malware onto the system. Since most smart TVs operate using an older version of Android, they still contain the fatal flaw that allows this to take place.

The easy solution to this problem is to avoid installing third-party apps and to invest in effective security software. Since hackers rely on their ability to lure consumers to downloading these apps directly onto their smart TVs, it's important to remember not to fall for these types of social engineering tricks.

Another issue with smart tech: Passwords

A problem that arises within the IoT space is the question of authentication and password use. According to Dark Reading contributor Marilyn Cohodas, it may be possible to have mutual authentication between devices and users, but the solution to this issue may be complex.

"Context-aware security, new gateways and middleware were three measures [LG Mobile Research] said could help facilitate the 'chain of trust' necessary to support IoT," Cohodas wrote.

However, the solution isn't going to be simple. Passwords and authentication issues continue to plague the IoT. Most recently, the app for the popular electric car the Nissan Leaf had to be deactivated due to its inherent vulnerabilities. The NissanConnect EV app allows car owners to control the atmosphere within their vehicles, along with other capabilities. According to Wired, the app's susceptibility was first disclosed by security researcher Troy Hunt, who was able to remotely control a car's heated seating and steering wheel, along with air conditioning and fans.

The issue here is that the app doesn't hide usernames, and the passwords associated with the accounts are more often than not the VIN number that is easily locatable on the vehicle. In other words, it's a simple task for hackers to crack into the app and potentially take charge of the car.

"Anyone could potentially enumerate vehicle identification numbers and control the physical function of any vehicles that responded," Hunt wrote.

This is a troubling consideration. There are tools in the works that will hopefully help to curb the ability of hackers to gain access to the increasingly smarter vehicles that line the roadways.

IIoT security

Yet another area for concern lies in the Industrial Internet of Things. This is the counterpart to the consumer-driven IoT: the connected web of devices that manufacturers and distributors use to streamline supply chain management and develop their businesses. It also encompasses critical national infrastructure, including the power grid, hospitals and the transportation sector.

"The Industrial IoT is much more demanding than the consumer IoT, and breaches are more consequential," said Gerardo Pardo-Castellote, Chief Technology Officer at Real-Time Innovations, a company that focuses on . "In the IIoT the volume of data is larger and the systems require protecting real-time data in motion. This task gets increasingly harder as the systems grow in size and complexity."

In other words, security of the IIoT is almost more important than that of the devices utilized by consumers, because the global economy and marketplace – not to mention health care and the power grid – is beginning to rely on these technologies to function in the most efficient manner. If the devices were to be compromised in any way, the consequences could be catastrophic. It all comes down to the need for effective cyber security within these areas and making sure vulnerabilities are patched up.

Smart TVs, consumer vehicles and the Industrial Internet of Things are all important applications of smart technologies. Malware and other malicious apps that could potentially cause vulnerability within the Internet of Things will no doubt increase as the IoT continues to grow. Security solutions that can negate these kinds of targeted attacks are more important than ever.



from Trend Micro Simply Security http://ift.tt/1oTwmNT
via IFTTT

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.