Podcast: How to secure the Internet of Things
Loading...
For anyone who had trouble getting onto Twitter, Netflix, or Spotify last week, you can thank the vast number of insecure devices that connect to the internet.
On Oct. 21, unknown cyberattackers took control of vulnerable electronics such as digital video recorders and web-enabled cameras and used them to direct malicious internet traffic at Dyn, a company that provides a critical piece of the internet’s infrastructure. The culprits pulled this off by using a program known as Mirai, which can hijack connected devices.
For cybersecurity experts who have been warning about vulnerabilities in the so-called Internet of Things, the Dyn attack is just the beginning of problems associated with insecurities inside connected gadgets.
Last month in Boston, Passcode and The Security Ledger hosted the Security of Things forum to explore the challenges of securing nearly 30 billion connected devices – from home electronics to cars – set to come online by 2020.
But despite a spate of potential software flaws in connected devices, those gadgets can make life easier for people with medical conditions.
"Anybody who's spoken with someone who suffers from diabetes and spoken to them about the way that a connected insulin pump has improved their life would not want to throw cold water on any of this," said Robert Silvers, assistant secretary of Homeland Security.
Yet many of those devices are running on old code, with flaws that date back decades, according to Kevin Fu, chief executive officer of the healthcare cybersecurity startup Virta Labs.
"Some of the problems in medical devices have been baked in ten years ago," he said. "We’re living with that technical debt, we’re living with that legacy, and we’re going to have some hokey solutions in the meantime."
One of those solutions, according to independent hacker Travis Goodspeed, is to break old school hackable devices, like Texas Instruments calculators or Tamogachis.
"The tricks themselves don’t die," he said. "Junk hacking, the hacking of things that officially don’t matter, allows us to talk about the mechanism that allowed it to happen while stepping back from the moral aspect."