The following is excerpted from How to Make 2017 the Year of IoT Security, a recent article by William H. Saito published on Forbes.com.
Late last year, popular internet services such as Netflix and Twitter were temporarily taken down amid a massive distributed denial-of-service (DDoS) attack that involved hackers deploying malware to simple webcams that many of us use without thinking. Authorities in the U.S. and U.K. were investigating the Mirai malware used in the attack to create a botnet, an army of zombie devices commanded by hackers. In fact, the Mirai code is still available online, allowing those with only modest technical skills to continue disrupting internet services on a major scale.
IoT threats aren’t limited to things around us – they’re also inside us. The U.S. Food and Drug Administration (FDA) recently confirmed the existence of flaws in implants and transmitters made by a major U.S. medical device company. These transmitters are connected to the internet and designed to automatically monitor patients with implanted cardiac devices while they’re sleeping. The FDA disclosed that the transmitters have security vulnerabilities that allow them to be hacked in dangerous fashion.
Matthew Green, who teaches cryptography at Johns Hopkins University, pointed out that the devices don’t use strong authentication. He also speculated on the nightmare scenario of hackers accessing thousands of these devices and simultaneously sending commands to shock the hearts of unsuspecting patients. He suggested the only remedy would be a costly firmware fix.
I really believe that if we don’t focus on security, IoT will mean the “internet of threats,” or worse, the “insecurity of things.” That would be a disaster for the burgeoning IoT industry, which is expected to be worth some $1.7 trillion by 2020, according to IDC. We have to make 2017 the year of IoT security.
Read the full article on Forbes here.