My friend Marc Rogers, the eminent security consultant, was quoted the Guardian talking about his predictions for information security and cybercrime in 2014.
The ongoing development of the internet of things will continue to impact cyber security in 2014, as attackers now have more potential entry routes to sensitive governmental, corporate and personal data than ever. Mundane objects – such as thermostats and fridges – which were once completely unremarkable from a security perspective, have suddenly become the guardians of sensitive data, ranging from sensitive financial information to detailed telemetry about personal aspects of our lives.
I think he’s right on the money. More and more domestic objects are being connected to the Internet – often without the users or manufacturers thinking about security.
Recently, LG came under fire for spying on users of its Smart TVs. As well as sending sensitive personal information without permission, it is entirely likely that the TV contains software flaws which could make it an attractive target for attackers. TVs are now powerful computers with sophisticated Operating System – and yet they rarely receive security updates.
Talking to Marc, I joked that my new solar panels were connected to the net – who knows what a malicious user could do with those!
Well, today I received the instruction manual for my panels’ Internet connected monitoring unit.
Brilliant! So, anyone who can get on to my WiFi network will be able to monitor my panels.
Now, that in itself isn’t a huge security risk. All the attacker will be able to see is how sunny it is and how well my panels have been performing.
But, suppose there is a security flaw in the software which monitors the panels that – let’s say – forces a change in the voltage, or changes the frequency or amperage. Could a sufficiently determined hacker cause damage to my property?
Could the firmware of the unit be hijacked to launch attacks – either on my network or externally? Or be recommissioned into a spam sender or bitcoin miner?
For the moment, the manufacturer is providing software updates – but what happens if they go bust and leave open a critical security hole?
In part, this is mitigated by having a strong firewall and WiFi password – if attackers can’t get in to your network, it’s a lot harder for them to exploit vulnerabilities. Of course, if someone plugs an Ethernet cable directly into my homeplugs, I’m screwed!
Companies should have a duty to ensure that the Internet of Things is as secure as possible.