A HP study found 70% of common Internet of things gadgets can be attacked through a hack.
More than two-thirds of the Internet of things (IOT), which is already here (../index.php?option=com_content&view=article&id=136024:Internet-of-things-is-already-here&catid=260), can be hacked. While this is an issue most commentators shrug off because not all devices allow access to valuable information, others say hardware provides an entry point into a core network, and the security threats are already here.
Recently, HP played around with IOT devices, and found 70% of the most commonly used of these gadgets contain serious vulnerabilities. Its study, Internet of Things State of the Union Study (http://fortifyprotect.com/HP_IoT_Research_Study.pdf), uncovered privacy concerns, insufficient authorisation, a lack of transport encryption, insecure Web interfaces, and inadequate software protection.
Reuters (http://www.reuters.com/article/2014/08/06/us-cybersecurity-hackers-cars-idUSKBN0G603220140806), Chrysler and
Some people have even taken to hacking IOT devices, with blogger (http://blogs.mulesoft.org/5-internet-of-things-you-can-hack/)
However, John Eigelaar, director at Keystone Electronic, says the implications of a device being hacked are, generally, minute, unless the device contains vital information or serves an important purpose, such as a smart meter that can be made to turn off power, or information gleaned via a hacked TV that allows people to reverse-engineer a victim. "It is an issue that devices can be hacked, but the severity [of the attack] must be seen in conjunction with the hackability."
Perkins says there are at least four areas of attack: the device and associated hardware and software, the network which the device uses, the gateway from the device world to the services world, and the service itself. He says, as one moves outwards from the service to the endpoint, the threat grows, although there are exceptions to this rule. "If I have sensors that participate in providing critical data to air traffic controllers and I lose enough of those sensors, the lives of people in the air and on the ground might be at risk."
However, says Perkins, companies developing products and services for IOT devices need to be aware "they're letting a genie back out of the bottle if they aren't careful". He notes the security threats are real now. "We avoid trying to sound like Chicken Little because our clients have heard it many times before, but the pace and spread of this technology is definitely concerning, and the rush to make money will almost assuredly exceed security common sense."
Segev notes that if hackers gain access to devices, "it is another hole in the dam wall that allows someone to attack" the core network. Adding devices to a network gives hackers a reason to go after the hardware, he notes.
Eigelaar says systems and devices are coming in now with embedded device configuration, which will aid security. He notes technology is now moving in a direction where security can be implemented as the risk of hacking becomes more of a concern.
Most Popular Stories
- Alabama House Speaker Arrested on Felony Ethics Charges
- 'Fury' Blows 'Gone Girl' Out of the Box Office
- Turkey to Help Kurds Reach Fight in Kobani
- Microsoft's Cloud Platform Shines
- German Intelligence Blames Ukraine Rebels for MH17
- ISIS Seeks to Expand Terror War
- Perez Leads Push for Obama's Job Proposals
- 2016 Camaro Shrinks, Moves to Caddy Platform
- Prius Drivers Battle Stereotypes
- Clinton Rallies Early Vote for Landrieu