Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Insecurity of Things: Locking the front door to your connected devices

Peter Sparkes, Symantec Senior Director, Cyber Security Services for APJ | May 17, 2016
The Internet of Things has already arrived. We only have to look around at our own environment to see the impact it is having on our everyday lives.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

The Internet of Things has already arrived. We only have to look around at our own environment to see the impact it is having on our everyday lives. The average smart phone now has more computing power than the Space Shuttle; a smartwatch now downloads updates from the Internet; the point-of-sale terminals at a coffee shop are all connected to the company's central financial system; many cars now have satellite navigation and Bluetooth connections; an Internet-connected thermostat can control the temperature in our homes

Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, and will reach 20.8 billion by 2020.

Given the present poor state of security on connected devices, they will present an increasingly attractive target to criminals who look for easy targets in the same way that burglars prefer houses without alarms or resident dogs.

Over the last year, Symantec has seen an increase in proof-of-concept attacks and growing numbers of IoT attacks in the wild. In numerous cases, the vulnerabilities were obvious and all too easy to exploit. IoT devices often lack stringent security measures, and some attacks are able to exploit vulnerabilities in the underlying Linux-based operating systems found in several IoT devices and routers. Many issues stem from how securely vendors implemented mechanisms for authentication and encryption (or not).

We may even expect to see IoT devices as the preferred route for attacking an organization, and potentially the most difficult for incident response staff to recognize and remove. While a hacked smartwatch may be an inconvenience, a vulnerability in business tools can present a serious danger. For instance, a backdoor in a medical device may give thieves access to medical records, leading to serious injury or potentially even death.

So how should businesses employ security for IoT devices? It is vital that effective security layers are built into devices and the infrastructure that manages them - strong SSL/TLS encryption technology will play a crucial role in authentication and data protection. However, given the present poor state of security on connected devices, they will present an increasingly attractive target to criminals who look for easy targets in the same way that burglars prefer houses without alarms or resident dogs.

Security tips to protect information when using smart devices

            Use basic security measures

When first installing a device or app, change the default usernames and passwords, and ensure your data is encrypted.

            Research the product/vendor

Consumers and enterprises should take control of their security by vetting connected-device vendors to confirm that they encrypt data and allow only signed code to run on their devices.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.