In 2016, attacks against vulnerable IoT devices featured prominently in the daily news headlines. Hundreds of thousands of IoT devices were used to build botnets and wage some of the largest DDoS attacks against organizations ever seen. Well, until a few weeks ago.
In other news, connected consumer devices ranging from teddy bears to webcams and home routers were found to be vulnerable with active compromises that exposed consumer personal information. The fact is that cyber attacks against or leveraging vulnerable IoT devices are rapidly increasing.
At this yearâs TNW Conference, cyber-war veteran, Mikko Hypponen, spoke about the dangers and benefits of living in a smart device-centric world. From the largest ransom trojan to date to why all youâll be forced to buy a smart dishwasher, hereâs what the computer security expert has to say about the Internet of insecure things.
Itâs my party and Iâll cry if I wanna
Itâs been a busy week for Hypponen and his colleagues over at F-Secure. The WannaCry epidemic is was the single, largest outbreak of DDoS trojan. While these types of cyberattacks have been a major headache in the past, to date, they had never before affected so many in such a short amount of time.
This exploitation of device vulnerabilities is the perfect example of the biggest issues with IoT devices. Though patch information was made released earlier this year, only a handful of affected companies actually fixed the issue. Many others did not.
On the plus side â if thereâs one â is that when youâre hit by a non-ransom trojan, you donât know. With ransom trojans, as the name implies, there is a ransom along with the hijacking. Unfortunately, what the common person sees as a âhackâ isnât the whole story. As Hypponen pointed out, when we casually see a display thatâs not currently in working order, employees are looking at a much bigger problem.
As you can see from the image below, WannaCry spread globally like wildfire, affecting over 150 companies worldwide.
As a traditional ransom trojan, hackers drop a component that encrypts files and demand payment to release the information.
As information and data became more sensitive, hackers began selling this info to the highest bidders. What made WannaCry so devastating was that hackers have since realized that the highest bidders of stolen data is usually the owner of said information.
This means industries from car manufacturers to hospitals to banks are now being targeted.
The burdens and benefits of blockchain
The first successful trojan was linked to a PO Box in Panama. Not too stealthy. However, with the advent of cryptocurrencies, modern trojans can now use these digital assets to make it hard to follow ransom attacks.
Hypponen stresses, however, that âthis does not means bitcoin is bad. Bitcoin is just a tool.â Similar to hard-cash, it can be used for both good and bad.
But he also isnât a bitcoin fanatic â understanding that itâs not bitcoin that will change the world, but the blockchain the currency is built upon.
Hypponen says that blockchain is the real innovation. While it may seem pretty obvious once people understand it, what makes it so innovative is because is âwasnât obvious until after it was invented.â
Blockchain is just a way to structure data. The coding breakthrough, consisting of series of transaction blocks, allows competitors to share a digital ledger across a network of computers without need for a central authority. No single party has the power to tamper with the records. And those transactions are public forever.
But blockchain has only just begun to be explored, and potential applications to the Internet of Things and smart systems are vast, as the new data structure enables IoT devices to participate in transactions.
When your toasterâs more intelligent than you are
Some people hate the idea of everything becoming âsmartâ as they fear that every day household appliances will become a privacy or security risk. Unfortunately, theyâre not too far off. As time passes and more and more devices become connected to the network, it becomes more difficult to simply isolate or disconnect them.
But there wonât be any other options.
According to Hypponen, âin a decade, when you buy a toaster, it will be an IoT toaster. No one needs to know when their toast is ready.â The reason for this connectivity purely benefits the manufacturer.
The ability to collect data â how and how frequently products are used, how often they fail, etc â this is whatâs valuable. Itâs not extremely valuable, but itâs more valuable than the price of turning objects into smart devices.
Be smarter than your stove
Your traditional dishwasher already has vulnerabilities; connect it to the internet and be prepared to encounter very untraditional issues.
Why? Because developers are humans, and humans make mistakes. Humans are also lazy and uninformed.
Manufacturers expect users to configure everything from the time to a new password, but we donât. We donât read manuals, we donât update security patches. There are also a plethora of questions left unanswered.
We donât know how long the Cloud backend will be here. We donât know how long the company will be around to pay their AWS bills.
Not to raise alarm here or anything, but Iâm unable to turn off my #IoT oven ever since #s3 went downâŠ
Itâs getting kinda toasty in here
â P̶̻ÌÌŻÌRÍOÌ„@ °.âą ?? (@_pronto_) February 28, 2017
Despite the doom and gloom that could come with IoT, weâre just now on the dawning of the IoT age and thus can shape it into a more secure form of what we see today. But we must start preparing now.
We donât care about smart toasters and we cannot rely on manufactures alone. If you canât secure the device itself, you must secure them from the network via new hardware and a secure Wi-Fi, separate for your IoT devices.
Get the TNW newsletter
Get the most important tech news in your inbox each week.