CYBER
Edition-1-Inside-Cyber-March-2017.compressed
Edition-1-Inside-Cyber-March-2017.compressed
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Steps to<br />
SAFEGUARDING<br />
THE IOT<br />
Our world is becoming more connected than ever<br />
as the Internet of Things (IoT) has evolved from a<br />
sci-fi ideal to a reality in our homes and cities. Who<br />
could have predicted that our connected car could<br />
think for itself, and dolls could hold a conservation<br />
with a child? As crazy as these ideas sound, they<br />
are now squarely within the realms of possibility.<br />
There is a catch, however. Unlike laptops or smartphones, IoT<br />
devices are often lacking when it comes to cyber security, with<br />
manufacturers swept up in the drive to impress us all with new<br />
and exciting WiFi wizardry. Their expertise simply does not lie<br />
in IT. Consumers tend to care even less for cyber security and<br />
in many cases will sell their password for a bar of chocolate,<br />
[1] and so we quickly come to understand both the incredible<br />
potential and the serious insecurities of the IoT. But why does<br />
this matter?<br />
Hacking the IoT<br />
What many people don’t realise is that by connecting a device<br />
to a computer network, it is instantly transformed from a<br />
simple gadget into a gateway attack vector. Your WiFi-enabled<br />
kettle or talking Barbie provides opportunities to get inside the<br />
network boundary, helping attackers gain access to personal<br />
data. The network is only as strong as its weakest component,<br />
and this is increasingly likely to be an IoT device.<br />
Ruthless commercial pressures are also to blame for bringing<br />
insecure IoT products to the market before they are robust<br />
enough to fend off hacking attempts. And this carries a<br />
significant safety risk. Take the Jeep Cherokee case for<br />
example: Just last year, two hackers demonstrated remote<br />
access to vital functions (including brakes and steering),<br />
leading to 1.4 million vehicles being recalled in order to patch<br />
the software. [2]<br />
The IoT army<br />
While an individual’s motivation for securing connected<br />
devices might be focused on their personal safety and<br />
security, we recently witnessed an even greater threat to the<br />
internet as a whole.<br />
Distributed Denial of Service (DDoS) attacks are by no means<br />
new, but these are now being taken to a whole new level by<br />
hackers using the IoT. This is exactly what happened on<br />
the 21st October 2016, when Dyn (a large DNS provider)<br />
was attacked, wiping out major websites including Twitter<br />
and Amazon across the East Coast of the United States. [3]<br />
Malware known as Mirai was discovered as the cause, and<br />
this is where it gets interesting. Mirai continuously scans<br />
the Internet for IoT devices and attempts access via known<br />
factory default usernames and passwords pulled from a<br />
database. If successful, it then conscripts these devices to<br />
join botnets and bring about powerful DDoS attacks like never<br />
experienced before.<br />
Although documented hacks and DDoS attacks have so<br />
far been either high-impact and focused or disruptive and<br />
widespread, what if the next targets were both high-impact and<br />
widespread? Imagine the chaos caused by breaking hospital<br />
infrastructures, power stations or air traffic control centres.<br />
Recent attacks have highlighted how the IoT’s vulnerabilities<br />
can be exploited in unexpected ways, and as a society we<br />
cannot afford to ignore these warning signs.<br />
28<br />
28