Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cybersecurity expert and CIO: Internet of Things is 'scary as hell'

Al Sacco | March 26, 2014
The terms "Internet of Things" (IoT) and "connected home" are two of the trendiest buzzwords in the technology world today. And while both clearly offer very real potential, they also introduce their own share of risk, particularly if they're not approached with caution, according to Jerry Irvine, an owner and CIO of IT outsourcing services firm, Prescient Solutions.

When many consumers think of the IoT, they think of the connected home, connected appliances. Have you heard of any specific threats targeting consumers via these kinds of devices?

I have not heard of a specific example where it has happened. [As a hacker], I may not actually use your alarm system or your heating, your AC that I can see sitting on your Wi-Fi network, while I'm sitting out in the front yard, to affect those systems. I may implement a virus that gets on your network and now it affects your network, and I'm able to grab your user IDs and passwords and get your financial information moving forward.

It's just the fact that all of these things are on the Internet and unsecured. They have no antivirus available for them. They have no other means of securing them. They are the weakest link in your network. Hackers can get into them, they can target them with malicious applications to infect your PCs, and now get your financial information and your identity.

People are excited about the IoT, and there's clearly a lot of promise and potential there. Security concerns aside, what excites you most about IoT?

I do really appreciate the idea of having an alarm system that will remotely allow me to check my environments. You hear about people on vacation, they get an alert, they see somebody robbing their house, and they're able to call the police.

That's exciting. That's a real opportunity for individuals to protect themselves. The problem is doing it in an insecure manner.

How would a hacker gain access to consumer IoT devices? Is the commonly used Wi-Fi security, WPS or WPA, good enough to protect the average user's home wireless network?

Most likely [hackers] are going to steal your information the same way they're stealing everything else, with a virus or malicious application that you download from the Internet. Your PC is going to be breached, it's going to gather all your information, send it out in a script to somebody, and now they're going to have all your information. Antivirus solutions only protect you against 30 percent of known viruses and malware.

There's the potential of people sitting outside in the front yard, seeing all of your devices and going from there. WEP is a very insecure wireless security protocol which is still in use. WPA is more secure, but most individuals still leave their wireless network to broadcast, so I can see all the traffic going across it, I know there's a network there, I know the SSID.

Are there specific types of IoT devices that are more risky than others? Should consumers be more wary of one connected-home gadget than another?

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.