What's that buzz . . . tell me what's happening? While the Internet of Thing's clarion call has awakened the early adopters, many of us still have it on snooze alarm. We may have seen bits and pieces of it, like those that have popped up as apps on our mobile devices. Perhaps we've recently purchased a Smart TV -- or have recently been intrigued by Nest's Thermostat [after Google plopped down a hefty $3.2 billion to acquire it].
411 on the IoT
For those living under the proverbial rock or are oblivious to how smart our machines are becoming, the IoT is the Internet on steroids, one that's connected to an incredible variety of handheld, household and industrial gadgets - each of which is capable of transmitting mega-data without the necessity of human intervention.
They've got the numbers. . .
Ironically, with more than 8.7+ billion devices connected in 2012 and over 15 billion forecasted for connection in 2015, the IoT is already a very unsecured landscape. Why? Because, it's riddled with vulnerabilities and is exceedingly hackable, fraught already with a high-level of malware attacks.
According to Bruce Schneier at Wired, "it’s not unlike what happened in the mid-1990s, when the insecurity of personal computers was reaching crisis levels," but more so today because the "industries producing these (IoT)devices are even less capable of fixing problems than the PC and software industries."
Companies like Broadcom, Qualcomm, Samsung and others who have been active in the IoT market have built chips that are often outdated as soon as they are shipped. This is due to the slim profit margins, particularly when there are no incentives, expertise or even ability to patch the software once it's out the door.
Black Hat Opportunity. . .
Hackers are seizing opportunities as they present themselves. Malware DNS Changer attacks home routers as well as computers. In Brazil, 4.5 million DSL routers were compromised for purposes of financial fraud. Recently, Symantec reported on a Linux worm that targets routers, cameras, and other embedded devices.
Malware has already hijacked up to 100,000 IoT devices and used them to launch malware attacks, according to Internet security firm, Proofpoint. In their analysis, they found that the compromised gadgets - which included everything from routers to smart TVs and refrigerators - sent more than 750K malicious emails to targets between December 26, 2013 and January 6, 2014.
Machine, know thy place. . .
Gartner research director, Lawrence Pingree has spent a lot time investigating the various ways these IoT flaws have and will continued to be compromised. Preventing such scenarios is a work in progress. Pingree believes that at this early juncture, by setting up and enforcing strict security standards at the manufacturing level, devices can be hardened before they leave the factory.
Ironically, he believes it's now important to start thinking like the bad guys. "Developers and engineers also need to start putting on their black hats, he said, and really start thinking about scenarios where things could go sideways with their devices," advises Pinagree.
Limit the amount of rope you give 'em. . .
Information security products manager, David Knight from Proofpoint put it best, when he said: “Don’t plug it in if you don’t plan to use it-- if you do put it on the Internet, try and make sure you put it behind your personal router and firewall in your environment.”
As it seems, the train has left the station here, and now it's incumbent on all of us to work wisely with our machines, less they be given enough latitude to rise up and revolt against us some day.