Last October’s IoT Hack: No Black Swan

Contemporary wireless protocols and legacy systems weren't meant to coexist.

Security breaches these days have become commonplace—almost daily occurrences. It’s a lamentable sign of the times. Still, even by today’s ho-hum standards, one in October of last year proved particularly worrisome.

As far as we know, hackers accessed traditionally less secure devices to cause massive outages. The culprits: DVRs and CCTV video cameras. It didn’t take long before hundreds of millions of people could not access key accounts on sites that included Twitter, Amazon, Tumblr, Reddit, Spotify, and Netflix.

Here’s a heatmap outlining the attacks:

The hacks seemed to confirm the worst fears of industry experts and Internet of Things’ (IoT) skeptics. These newfangled devices that hold oh-so-much promise can also serve as tremendous weapons for bad actors.

Think about it. Those with pernicious motives can get at our technology stalwarts (read: our e-mail accounts, laptops, and desktops). What’s to stop them from accessing our smartwatches, TVs, refrigerators, locks, and even cars?

Answer: Apparently not very much.

If you think that this was a black swan, think again. In fact, expect outages such as these to continue for one very simple reason: design. To this end, as Jeff Bertolucci writes:

Legacy systems, in fact, weren’t designed to identify wireless communications protocols that modern smart devices use to share information.

Organizations face an increasingly complex array of security issues in a BYOD world.

The phrase wireless communications protocol (Bluetooth is an example here) isn’t terribly sexy but make no mistake: it’s a big deal, and you need not be a security guru to understand this. Moreover, it’s precisely these types of disconnects and mismatches that keep Chief Security Officers (CSOs) and CIOs up at nights. Collectively, these types of issues pose significant security risks to enterprises, especially those dabbling with IoT devices. What’s more, it surely deters many organizations from taking the plunge.

Simon Says

Brass tacks: organizations face an increasingly complex array of security issues in a BYOD world. (How simple do the 1990s look by comparison to today?) Adopting best practices such as two-factor authentication sure helps, but there’s no one elixir or magic wand that solves all enterprise security issues.

Still, we must march on. We cannot halt progress because some unscrupulous types wish to cause chaos. At a minimum, recent events underscore the need to establish standards.

If history is any guide, the IoT will never reach complete safety or security. Despite its considerable perils, though, the IoT also portends enormous opportunity—far too much to pass up.

Feedback

What say you?

This post was brought to you by IBM Global Technology Services. For more content like this, visit IT Biz Advisor.

Filed Under



Enjoy this post? Click here to subscribe to this RSS feed or here to sign up for my newsletter. If you know of anyone who wants to buy my publishing company, click here. There's a referral fee in it for you if it works out.



Submit a Comment

Your email address will not be published. Required fields are marked *