Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security concerns rising for Internet of Things devices

John Brandon | June 2, 2016
Call it the Attack Vector of Things.

The burgeoning market for gadgets that trigger a sprinkler system, help you count the number of times you swing a bat, or dim the lights automatically are rising.

That’s a concern for any business due to how these devices are also starting to show up at the corporate office for use in conference rooms, executive suites, and even as a low-cost building security camera system. Experts claim the industry is not doing enough to protect these devices.

Craig Young, a cybersecurity researcher at Tripwire, says a big part of the problem is that the firmware is not updated on a regular basis.

In one recent example, researchers at the University of Michigan found they were able to hack into the Samsung SmartThings platform and even control an entire home automation system. The researchers were able to eavesdrop on the PIN code used for a new install.

“These companies sometimes have the intention of fixing a vulnerability like that through a firmware upgrade, but then never get around to it because they don’t want to disrupt the user base,” explained Young.

He described how, in some cases, he tests out a new device from a company like Belkin or Wink, finds a potential security flaw, notifies them and waits patiently to see when the new vulnerability will be patched, which can take way too long.

Young says the most common hack is to break into a connected home hub, which then provides access to any of the connected devices including door locks, motion detectors, sprinkler systems, and even the alarm system protecting a home.

Surprisingly, there are few security apps available that can monitor Internet of Things devices, let you know about any new emerging attack vectors, and tell you about any recent compromises.

“When we look at our workspaces today there are already a number of wireless devices, from Bluetooth mice to wireless keyboards, and we have very little knowledge of who develops the firmware that runs on them or where is it coming from,” says Roman Foeckl, the CEO of CoSoSys.

“With the little security that is in place today for Internet-connected devices, threats will continue to multiply as more and more IoT devices are adopted, both at home and in the workplace.”

Why is this a problem?

Hackers always seem to flock to the most popular platforms. It’s one of the reasons there are more risks for Windows users than the Mac -- there’s a much bigger footprint. According to BI Intelligence, there will be 34 billion connected devices in the world by 2020, creating a $6 trillion industry; surprisingly, BI names business as the main IoT adopter. The costs are low, the gadgets are simple to install, and they solve nagging problems (e.g., installing a motion detector to find out how many people use a conference room during the day).

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.