Smart gadgets are everywhere now: smart bulbs shine in our houses, household appliances can be controlled with the help of our smartphones. The Internet of things is not a concept anymore. It is around us. It makes life easier for many people. But still we have to pay a high price for using it. Threats to privacy and information security are becoming challenges for our society.
The security of the Internet of things became a main topic for hackers’ conference Def Con in Los Angeles. About 15,000 leading security experts gathered to discuss ways to improve information security in a changing world.
During last few months experts managed to find flaws in all kinds of connected devices. So called “program holes” have been found in everything: in smart PlayStations, door locks, solar panels, cars and even sex toys.
Nowadays there is much evidence that cyber offenders have already started to realize the whole potential of the Internet of things. At present one of the most popular ways to change connected devices is DDoS-attacks.
Infected gadgets start to send requests to some specific web-site, making it overwhelming it with traffic from multiple sources. Earlier only online connected computers can be used for such attacks. Then connected printers, smartphone and other devices, having Internet access joined the group. But now even smart bulbs can participate in such attacks. Moreover, smart bulbs are much easier to hack than computers. In general, cyber offenders now have a powerful DDoS-weapon in their hands.
Though cyber offenders can use connected devices to reach their aims, the devices themselves are unlikely to become a target for offenders. Maybe, hackers could try to hack household appliances and demand ransom to unlock them. But according to experts, such actions are too risky and need a lot of resources. According to Raimund Genes, a director of European branch of Trend Micro, such separate attacks can be launched to catch public attention but not for profit.
The threat of the Internet of things can be understood if we consider connected devices as a part of one ecosystem. “Your mobile phone is a part of a chain of such apps, cloud services and other connected devices. Vulnerability of any part of this chain can result in a collapse of the whole system”, explains Daryl Hyland, a cyber-security researcher from Rapid7.
Many companies producing devices for the Internet of things do not take questions of security too seriously. Sometimes they intentionally ignore weak sides and do not release updates for their soft. However, usual users have not encountered a problem of bad security yet. Nonetheless, business has already suffered such consequences.
At present big offices install in their offices smart systems of lighting and heating. Such systems can help to reduce the usage of many resources such as water and electricity. It is supposed that the devices for big enterprises should have higher level of security, than the devices for usual users. But unfortunately it is not the case. Rapid7 made a lot of research concerning connected devices used by big business. All these devices have the same security problems as gadgets for usual users.
They may be the first target for hackers, seeking access to corporate information.
Whose fault is it?
Cesar Cerrudo, a security engineer in IOActive is sure that start uppers have to be blamed. According to him, little young companies, creating new gadgets, as a rule do not pay enough attention to the questions of security. Very often they are in a hurry to release the product that why they do not have time to develop security soft.
As a result, many gadgets appear at the market with flaws that were known even before the release. Moreover, for such flaws developers have already created some additional apps. That is, what developers should have done, they should have paid more attentions to the problems of security. To improve the product is always easier from the very beginning at the stage of device development. That is why after a few months of product release such holes remain.
Will the Internet of thing become safer? Probably yes. But only in case most developers will become more responsible in the questions of security.