10 of the Top IoT Security Worries for 2017
The scope of the Internet of Things is quickly advancing, opening up new ways for hackers to steal or modify data, deny operations, and cause other types of havoc.
January 12, 2017
![IoT Security IoT Security](https://eu-images.contentstack.com/v3/assets/blt31d6b0704ba96e9d/blt5b07ab2d6a01fa6f/63abe9ff0210b84d2167924a/ThinkstockPhotos-622184706-4.jpg?width=700&auto=webp&quality=80&disable=upscale)
HYWARDS / iStock / Thinkstock
The next wave of ransomware attacks will not hold our files hostage but target IoT devices, says software engineer and Techcrunch contributor Ben Dickson. McAfee agrees. In a recent report, they state: “We are certain that ransomware will readily migrate to IoT, as it has proven to be a relatively easy way for criminals to make money.”
Late last year, we got a taste of the damage that DDoS attacks could inflict after hackers first knocked security blogger Brian Krebs’ website offline and then later brought down a chunk of the internet thanks to an attack on Dyn. More recently, cybercriminals added DDoS capability to FireCrypt Ransomware. It is likely that hackers will step up IoT-fueled DDoS attacks in 2017—especially since such attacks are relatively easy to launch, hard to detect, and can do considerable damage.
Financially minded hackers don’t necessarily want to inflict catastrophic damage on their victims; they just want to get paid. It is possible, however, that hacktivists or terrorists could cause extensive damage by setting their sights on IoT-related targets. Potential targets could include dams, voting machines, water treatment plants, or the power grid. Forrester predicts that we will see a severe IoT-related breach in 2017.
In 2017, we may see artificial intelligence begin to gain ground as a hacking tool. Last year, DARPA staged an AI hacking tournament to coincide with the DEFCON and Black Hat Events. This year, expect AI continue to make further gains in both cyber-offense and defense. As Marc Goodman, author of “Future Crimes” told the New York Times: “The thing people don’t get is that cybercrime is becoming automated and it is scaling exponentially.”
Following the 2016 presidential election, concerns are high concerning the potential of nations to launch cyberattacks and interfere with democracy. McAfee notes that rogue nations have already launched attacks on connected SCADA systems. IoT devices will become increasingly attractive targets for cybercriminals. “During the next two to four years, we will see more instances of IoT devices used as gateways to data and intellectual property theft, critical infrastructure disruption, and other major attacks,” according to McAfee Labs. “Many new IoT devices coming to market have weak or no security.”
Systems thinking is gaining ground in management as well as in hacking. This could be bad news for the internet of things industry, which, to date, has largely focused on the security risk of cybercriminals targeting individual devices. But targeting a single self-driving car or industrial machines doesn’t do much to inspire hackers to attack, McAfee Labs states in their 2017 Threat Predictions report. “As a result, attackers will often prefer going after the control plane for IoT devices.”
“It’s a bird; it’s a plane. No, wait! It’s a hacked drone!” Apparently, it’s not too difficult to knock a drone offline, as the security expert Michael Robinson explained at DEFCON back in 2015. But until now, the risk of hacking drones has received relatively little attention. For years, terrorists in the Middle East had been the victims of drone strikes rather than the perpetrators of them. But in 2016, reports surfaced of terrorists using consumer drones as weapons, loading them with bombs or using them to deliver chemical and biological weapons.
For years, security experts like Jay Radcliffe and the late Barnaby Jack have warned of the hacking risks of connected medical devices. Now, the risks are becoming more apparent. For instance, in August last year, the security firm Medsec disclosed a flaw in St. Jude Medical’s pacemakers that were later verified by FDA. In addition, hackers are beginning to put a greater focus on hacking medical devices that store patient data.
In 2017, expect thorny legal questions and a lack legal precedent to give way to IoT-related lawsuits. The technology certainly poses many questions. Who is to blame, for instance, if a self-driving cab kills a pedestrian? The maker of the software? The company operating the car? What if the pedestrian was jaywalking during the time of the accident? The internet of things also raises a whole host of privacy and data-ownership questions. For instance, Arkansas police think that data collected from Amazon Alexa may help solve a murder, but Amazon is reluctant to share that data. Can Amazon withhold that data?
One of the greatest promises of the Internet of Things lies within the industrial and healthcare realms, but those industries have comparatively little experience with IP technology. Rookies who lack experience with internet security are doomed to repeat the history of internet security, using insecure strategies when connecting their products, according to McAfee Labs.
One of the greatest promises of the Internet of Things lies within the industrial and healthcare realms, but those industries have comparatively little experience with IP technology. Rookies who lack experience with internet security are doomed to repeat the history of internet security, using insecure strategies when connecting their products, according to McAfee Labs.
Don’t expect the media frenzy swirling around Internet of Things security to die soon. Just this week, Computer Weekly posted an article titled “secure IoT before it kills us” and Mashable warned that your smart fridge is going to “make our IoT security nightmare so much worse.” While many headlines concerning IoT security are overwrought, there are very real risks. Here are ten:
About the Author(s)
You May Also Like