Skip to content

OPLIN 4cast #515: IoT security

Posted in 4cast

This is supposed to be the year the Internet of Things (IoT) becomes the big new thing in our lives. But over the last few weeks, as many people anticipated, it has become the big new scary thing. On the evening of September 20, a distributed denial of service (DDoS) attack on the Krebs on Security website was one of the biggest such attacks ever seen, and it was done by using internet-connected devices in homes and businesses that were very easy to hack and control. Then on the morning of October 21, many popular websites were impaired by another DDoS attack using poorly-secured IoT devices that targeted Dyn, a major provider of the DNS services that allow web servers to find each other. These two attacks got the attention of everyone who has to deal with internet security, and everyone agrees that the problem is appallingly lax security features on many internet-connected devices. The question is: Who’s going to fix this?

  • Security is fast becoming the achilles heel of consumer Internet of Things (Forbes | Janakiram MSV)  “When an average consumer buys a connected device, the user manual guides her through the typical process of connecting and configuring it. There is very little emphasis on protecting and securing the device and the network. Most of the consumers don’t even change the default username, password, and the wireless key of the connected devices. What’s important to understand is that this device can potentially become the back door to the home network providing access to the PCs, printers, televisions, and refrigerators, and other appliances. Once a hacker gains access to your network, he can remote control each of the connected devices to make them a part of an orchestrated attack.”
  • Cybersecurity experts call for ‘internet of things’ standards in wake of massive attack (Mercury News | Ethan Baron)  “While consumers have a responsibility to buy safe devices and to set strong passwords, companies making connected devices must develop standards so their products are ‘secure by design,’ Anscombe said. Some of those standards could govern password strength, level of encryption and data sharing. ‘The best way for any industry to have standards is actually to self-regulate,’ Anscombe said. ‘When governments become involved and have to force regulation, what you find is the regulation doesn’t allow for innovation.’”
  • Why businesses need to secure connected devices to win consumer trust (Fortune | Jeff John Roberts)  “The issue now is whether the government should do more to regulate the Internet of things (IoT), or if we can instead trust companies and the market to solve the problem. You won’t be surprised to learn companies favor the latter approach. ‘With a brand comes responsibility, and hacking is a quality and reliability issue,’ said Sami Nassar, the VP of NXP Semiconductors, who spoke at an event on Monday in New York, hosted by NASDAQ and the National Cyber Security Alliance. Nasar pointed out that in the United States, security standards typically emerge as a result of major companies defining a network ecosystem and requiring other companies to meet those standards before they can enter it.”
  • FCC holds off on security mandates for Internet of Things (Morning Consult | Brendan Bordelon)  “At issue is whether the FCC’s Open Internet rules restrict internet service providers’ ability to block insecure Internet of Things (IoT) devices from their networks and whether the commission should mandate greater safeguards. But the commissioners generally believe the Open Internet order already gives ISPs sufficient leeway to protect their networks from vulnerable internet-connected devices without additional regulations or standards. And, according to FCC officials, there isn’t much of an appetite to issue any new mandates now.”

Articles from Ohio Web Library: