The IOT or Internet of Things refers to devices that we connect to the
Internet besides computers, phones and tablets. Examples include
refrigerators, thermostats, light bulbs, etc. Here's the article.
radioworld.com
Get Ready for the World of the IoT
By Paul McLane
“It’s a sunny March morning in 2023. … As you get into your car you are
presented with an urgent message. Your car has been immobilized and you
need to pay 4 Bitcoin in ransom.”
The world will have 50 billion connected devices by 2020. What does this
really mean for individuals and society? Talking about this at the NAB
Show will be Gary Davis, chief consumer security evangelist for Intel
Security Group. We called him for insights; text is edited for brevity.
RW: Give us a little bit of insight into what you will speak about.
Davis: We’re basically bringing online about a million devices per hour
right now; and one of the challenges we’re seeing from a security
perspective is that most of those devices are being brought online
without any thought about security.
I met with another journalist at CES who said they bought a connected
toaster, and within 20 seconds of connecting that toaster, it was called
and someone tried to access it with its username and password. In our
own labs we bought a DVR and had that same thing happen within 60
seconds, where somebody called the device, they tried the default
username and password, tried a couple different options, got in and then
tried to place malware.
These devices coming online with little concern or little thought put in
for securing these devices is opening it up for some challenges.
RW: Most of the people listening won’t be directly in a position to
change the design element of the product. So is the message mostly about
user awareness?
Davis: Sure. The most simple thing you can do is when you activate that
new device — actually two things. First of all, in most cases that
device was built five, six months, maybe a year ago, and there’s been
some sort of firmware update since then. In a lot of cases, these
firmware updates include security patches. So apply any firmware updates
when you install the device.
The second thing you should do is set up a complex password. If you do
that, you’re going to make it orders of magnitude more difficult for a
bad guy to get access to it.
And don’t use the passwords that are typically used in every breach.
Believe it or not, the top 10 passwords have never changed over the past
several years, when there’s been a major breach.
RW: I imagine you speak to a lot of professional audiences.
Davis: I spend a lot of time at industry events where the audience are
device manufacturers or people from that domain. For example, we know
they’re solving for time and market convenience, but we say, “When you
build the devices, if you put some security discipline into your
development methodology, doing things like encrypted communications,
requiring a password reset,” if they do those four or five things
there’s less likely to be the headline in a Wall Street Journal, New
York Times article saying “Device X was hacked and here’s what you need
to do.”
RW: It’s remarkable that, in our own technical business, instances we’ve
heard about of ransomware or hacks of air chains and emergency alert
boxes are often traced back to the simple failure to change a password.
Davis: Yep. It’s that simple. That has been the bane of security
forever. That simple password change requirement, even if you look back
to the Mirai Botnet that took down a big chunk of the East Coast a
couple months ago. That continues to grow, using that exact same method
I talked about before, they’re crawling the internet constantly; as soon
as they see a new device they try a default username and password; if
they get in they install the Mirai malware, and the next time there’s a
botnet attack, that device is going to be used as part of the attack.
Most consumers don’t want to be a part of that. If they knew they had a
thermostat or a security camera that was involved in attacks, they would
do all they can to make that not happen. If they would just do those, it
would ease their minds to know they are not supporting malicious activities.
RW: The scope of what’s coming is probably hard for us to appreciate.
The first device I think of for internet connectivity outside of the
traditional computer has been my thermostat. Where else will these
sensors and devices be in our lives?
Davis: They will be virtually everywhere. That’s what’s happening right
now. It’s everything from light bulbs, to TVs, to refrigerators, to
toasters, to ovens, to every device that you use in your life is going
to have the ability to be connected. And for the simplest devices that
are online, it’s going to make it that much easier for the bad guys to
do whatever they want. That’s what as an industry we need to work on
right now, to make sure that doesn’t happen.
Imagine every single device that you interact with having the ability to
be connected. This situation is exacerbated in 2020 when 5G comes
online. Right now, it is hard for someone to come in and take large
amounts of data out of a business or home; but once everything is
connected using 5G, you will have almost zero latency. You have 1
terabit per second speeds; the amount of data they can pull out quickly
is going to make it really hard for businesses or consumers or small
businesses to properly defend if they are under attack.
RW: Among the audience may be some who work on industry groups like
NAB’s Pilot department, which deals with technology, or the National
Radio Systems Committee. What role do organizations like these have in
trying to get the industry around a standardized approach?
Davis: There’s a lot of groups that are coming online today that are
really trying to build something as simple as a checklist. You know, one
of the more popular discussions we’re seeing today is basically a
security equivalent to Energy Star. When you go into Lowe’s or Home
Depot, you see an Energy Star-compliant refrigerator or stove or washing
machine; you pay attention to that. You know that if you buy that,
you’re going to save some money because you are using a more
energy-compliant or energy-saving device. We’re looking at similar
things for securing your devices, a simple checklist: Here are the 10
things you should do in order to earn the certification.
RW: What else should we know?
Davis: We’re going to look at this from the volume of devices that are
coming online and how exposed those are and some use cases we’ve seen
where these devices have been basically hacked. We’re going to be
talking about some examples from Def Con, which is basically a hacking
event tied to Black Hat.
The other threat is really around this idea of the amount of activity
going on in any given day. For example, we have our Global Threat
Intelligence Network, and we take almost 50 billion queries every day.
That’s more than Facebook, Twitter, Instagram and LinkedIn combined. We
have this massive threat intelligence, and this is how we can tell with
certainty there are three to four new pieces of malware every second of
every day. It’s because we have this rich data set that we’re drawing from.
So we’re going to talk about all these devices coming out, to the tune
of a million per hour; and then you’re countering that with a volume of
activity that is security-centric. I’m going to draw the intersection
between what happens when those two things collide, and talk through the
impact to consumers and businesses alike.
The session “2020: Life With 50 Billion Connected Devices” will be held
on Thursday of the NAB Show as part of the BEITC Conference.
--
You are invited to visit the moderator's Web site at WWW.DavidGoldfield.Info
for additional resources and information about assistive technology training
services.
To unsubscribe from this list, please email
blind-philly-comp-request@xxxxxxxxxxxxx with the word unsubscribe in the
subject line.
To subscribe from another email address, send email to
blind-philly-comp-request@xxxxxxxxxxxxx with the word subscribe in the subject
line.
To contact the list administrator, please email
blind-philly-comp-moderators@xxxxxxxxxxxxx