News Column

Internet of things is hackable

August 6, 2014

Nicola Mawson



A HP study found 70% of common Internet of things gadgets can be attacked through a hack.

More than two-thirds of the Internet of things (IOT), which is already here (../index.php?option=com_content&view=article&id=136024:Internet-of-things-is-already-here&catid=260), can be hacked. While this is an issue most commentators shrug off because not all devices allow access to valuable information, others say hardware provides an entry point into a core network, and the security threats are already here.

Recently, HP played around with IOT devices, and found 70% of the most commonly used of these gadgets contain serious vulnerabilities. Its study, Internet of Things State of the Union Study (http://fortifyprotect.com/HP_IoT_Research_Study.pdf), uncovered privacy concerns, insufficient authorisation, a lack of transport encryption, insecure Web interfaces, and inadequate software protection.

Liron Segev, MD of Swift Consulting, points out that getting into any one device gives a hacker access into the broader network, which opens up an array of possibilities when it comes to swiping information.

Reuters (http://www.reuters.com/article/2014/08/06/us-cybersecurity-hackers-cars-idUSKBN0G603220140806), Chrysler and Nissan are reviewing a report by cyber security experts that rates their vehicles among the three "most hackable" cars on the market, along with a General Motors model.

Some people have even taken to hacking IOT devices, with blogger (http://blogs.mulesoft.org/5-internet-of-things-you-can-hack/) Ross Mason turning hacking into a hobby. He has already hacked Google Glass and Raspberry Pi, among other more seemingly innocuous items, such as light bulbs. The number of hackable devices will grow by the day, with Cisco predicting (http://share.cisco.com/internet-of-things.html) 50 billion gadgets will be connected to the IOT by 2020.

Risk levels

However, John Eigelaar, director at Keystone Electronic, says the implications of a device being hacked are, generally, minute, unless the device contains vital information or serves an important purpose, such as a smart meter that can be made to turn off power, or information gleaned via a hacked TV that allows people to reverse-engineer a victim. "It is an issue that devices can be hacked, but the severity [of the attack] must be seen in conjunction with the hackability."

World Wide Worx MD Arthur Goldstuck notes, while there is a danger in security vulnerability, the trivial should not be overplayed. He says just because something is possible, does not mean it is probable, as very few hackers will waste time attacking basic devices. The biggest danger is a loss of confidence in a company if there is a breach and it is not seen to take it seriously, he adds.

Earl Perkins, research VP at Gartner, notes devices that have consumer-centric uses that are non-threatening represent low-risk concerns. "I do worry about the high-risk, high-impact devices and the uneven security approaches providers take for them, and we believe that concern is legitimate."

Perkins says there are at least four areas of attack: the device and associated hardware and software, the network which the device uses, the gateway from the device world to the services world, and the service itself. He says, as one moves outwards from the service to the endpoint, the threat grows, although there are exceptions to this rule. "If I have sensors that participate in providing critical data to air traffic controllers and I lose enough of those sensors, the lives of people in the air and on the ground might be at risk."

Happening now

However, says Perkins, companies developing products and services for IOT devices need to be aware "they're letting a genie back out of the bottle if they aren't careful". He notes the security threats are real now. "We avoid trying to sound like Chicken Little because our clients have heard it many times before, but the pace and spread of this technology is definitely concerning, and the rush to make money will almost assuredly exceed security common sense."

Segev notes that if hackers gain access to devices, "it is another hole in the dam wall that allows someone to attack" the core network. Adding devices to a network gives hackers a reason to go after the hardware, he notes.

Eigelaar says systems and devices are coming in now with embedded device configuration, which will aid security. He notes technology is now moving in a direction where security can be implemented as the risk of hacking becomes more of a concern.


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: ITWeb


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters