What are the security risks of a connected world?
Our homes. Our bodies. Our cars. All of these things will communicate with the wider world in order to better anticipate our personal needs and increase convenience. Our bodies, for instance, will likely be connected through embedded medical devices that strive to make us healthier. Self-driving cars will be on the roads, making navigation safer.
With so much technology in our lives, software flaws could have incredible consequences. Flaws and cyber-hackers could cause health issues, traffic accidents, and more.
If these devices were isolated, that would be one thing. But everything will be interconnected (and much technology already is). Once something connects to the Internet, it opens itself up to attack. Therein lies the issue: The millions upon millions of devices that make up the Internet of Things are being developed and released at a faster rate than our ability to secure them. Internet devices are often kick-started into existence because of their “cool factor” but without an eye towards security.
There have been numerous studies where security researchers have found flaws in Internet of Things (IoT) devices. These range from home-security systems to door locks to baby monitors. Unfortunately, there are likely more IoT devices for sale today than there are security researchers. This technology is even moving beyond “things” to other areas in which human life and public safety will take center stage.
And the stakes are only getting higher. Consider this fictitious example: In 25 years, most of us will travel around busy cities in autonomous vehicles. While a “robot” takes us to meetings, we are free to communicate with colleagues, read up on the news, or just relax as our autonomous vehicle speeds through special highways and tunnels to our destination. In this environment, let’s pretend a well-known politician becomes enamored with such vehicles and announces he takes them wherever he goes.
Now let’s say this politician has some worldviews that don’t align with certain members of society. One group in particular decides to fund research that would target him as an individual, and it just so happens that they find a minor flaw in the systems that operate the autonomous vehicles.
The risk is obvious.
How can we go about solving this problem?
We can all play a role, starting now.
Learn more about the technology you adopt. Consumers should be equipped with basic security knowledge so they can make informed decisions about the devices they incorporate into their daily lives.
Learn how to update your device and make a habit of checking and applying updates on at least a monthly basis. Some devices have an “auto-update” feature, while others wait for you to give the device the “OK” before installing.
Finally, vote for security with the money you spend on this emerging technology. Purchase products from companies that have a strong commitment to security. Such companies have published information on their website and explain how they work with security researchers who find and report security vulnerabilities.
You want to live in a world where security issues are taken seriously by the device manufacturers and not brushed under the rug waiting for an accident to happen before addressing.
Nicholas J. Percoco is Vice President of strategic services at Rapid7. In his role, he leads a team that advises customers on how to mitigate and respond to threats using data driving analysis that empower more relevant, timely, and impactful decisions. Over the past decade, he has presented security research with a focus on custom malware, mobile devices, and data breach trends, to audiences all over the world, including a Keynote at RSA Conference 2013, TEDx Naperville, DEF CON and Black Hat. Prior to Rapid7, he founded and ran SpiderLabs at Trustwave and security practices at both VeriSign and Internet Security Systems. Outside of the business world, he is the co-creator of the I Am The Cavalry movement, and creator of THOTCON – a hacking conference in Chicago. You can also find him on Twitter as @c7five.
