Three Cyber-Security Challenges of the Internet of Things (IoT)

Three Cyber-Security Challenges of the Internet of Things (IoT)

The Internet of Things (IoT) is in every facet of our everyday existence, and they’re not going away anytime soon. It has become a revolutionary concept but also a security minefield. It is estimated that by 2020 there will be more than 50 billion web-connected devices all of which represent a portal to the network which can be hacked or compromised giving access to our most intimate moments and information. Many connected devices in any one system grants access to many points of entry for nefarious purposes. IoT comes with many benefits offering one integrated information system aimed at improving the quality of life and driving new business models. However, along with those benefits are also security challenges that IoT faces.

Here are three cybersecurity challenges of IoT.

Updates & Patches

Devices need to be updated regularly to remain up to date with cyber-threats. When the device is left unpatched the risk of a cyber-attack increase. Only 49% of companies offer remote updates for their smart “things.” Many of the people who develop low-end devices do not have the funds to give continuous device support. Leaving the consumer vulnerable to an unsupported device that is only as secure as the day purchased, containing security defects, and left fending for themselves against cyber threats. At the same time, the IoT vendors may not be technically savvy enough to develop such security updates.

Lack of Experience

Devices are more than often created by consumer goods manufacturers not PC hardware or software businesses. Many lack the experience of knowing how to properly secure devices and keep them safe from prying hackers. The main hindrance to designing secure IoT products is the fact that there is a shortage of experienced security experts who specialize in IoT.

Device Awareness

Being aware of all the IoT devices on the network especially a corporate network is the first step in applying the necessary cyber security measures. Many of these devices remain unmonitored within enterprise environments not seen as a threat to the network but the reality is that this opens a gateway for cyber-attacks. This leaves a hole in the network that needs to be secured becoming a vulnerability that can easily be exploited because these devices are the weakest link and are not secured.

The Dangers of Internet Connected Toys

Smart toys are pretty cool but they also come with some inherent cybersecurity vulnerabilities that could lead to your or your child’s sensitive information being exposed or even worse, a hacker interacting with your child. Internet connected (IoT or smart) toys like CloudPets, Hello Barbie, and Cayla have recently hit the news for all the wrong reasons; they’ve been hacked.

An unsecured MongoDB led to the exposure of voice recordings, pictures, and account information for the CloudPets line of IoT stuffed animals. Over 2.2 million recordings were accessible and due to poor password security requirements, over 800,000 accounts reportedly were vulnerable to being hacked. So far, following the disclosure of the vulnerabilities by a cybersecurity researcher, the maker Spiral Toys has downplayed the severity of the incident but reportedly as of 2/28/17 has filed a breach notification with the California Attorney General.

In mid-February, Germany banned a doll called “My Friend Cayla” and urged parents to destroy the doll due to hacking concerns. The connected doll was classified as an “illegal spying device” as interactions with the doll were recorded and transmits the information to a voice recognition company. It is believed that the Bluetooth connection on the dolls were insecurely implemented which could lead to hackers being able to interact with children.

These are just two of the recent examples but they are not at all isolated. The Hello Barbie doll allegedly could have been turned into a surveillance device due to security vulnerabilities. A Fisher Price stuffed animal teddy bear also was found to be vulnerable to leaking sensitive information. And what parent could forget about the 2015 VTech data breach that exposed the data of 5 million parents and children?

And it not just smart toys that are being hacked and affecting children. There have been numerous stories of parents being woken in the middle of the night by strange voicestalking to their children or even strangers watching them through hacked baby monitors. The stories of hacked baby monitors are not new but what is worrisome is that many parents still do not take basic precautions like researching if the systems are vulnerable to hacking before purchase or even failing to change the username/password.

So enough with the doom and gloom, what can parents do to allow their children to still have the latest and coolest toys without sacrificing security? It is important that parents do not ignore the dangers of internet connected toys simply because they are toys. IoT devices are continually being hacked to attack (5000 IoT devices attack university) or collect information on their owners (spy agencies plan to use IoT vulnerabilities to spy).

Here are a few things that parents can do to help secure their family and smart toys against hackers:

  • Immediately change the username and password of the device, if possible.
  • Review what personal information you share about your family. The less the better. Share only what is required.
  • Use privacy settings to adjust who has access to data.
  • Turn off location tracking or restrict as much as possible
  • See if there is a way to disable two-way communication
  • Tell your children to inform you of any unusual interactions with their toys. Talk to your children about sharing personal information, even with their toys.
  • Use strong passwords. Don’t trade ease of use for security.
4 IoT Trend Predictions for 2017

4 IoT Trend Predictions for 2017

The Internet of Things (IoT) allows for every day devices to be connected to each other via the Internet. With each passing year, it appears as though we grow closer and closer to a world that is inherently connected– and 2017 is no exception. Experts have many predictions and expectations for what the new year will bring to the IoT world; here are four of the most hotly discussed of these predictions:

Government Acceptance and Regulations

Business and consumers are expected to be the largest areas of growth when it comes to IoT adoption and implementation; However, it is predicted that governments will be the second-largest sector to adopt IoT ecosystems during 2017. With the changing of presidential power in the United States later this month, and President-elect Trump’s planfor tackling cybersecurity threats, it is likely that at least within the next four years, some approach on the government end will be made to try and protect against the intrinsic security flaws of IoT devices. Many cyber security professionals are urging these government officials to require higher levels of strong security built into these vulnerable devices.

Virtual Reality

Virtual reality (VR) was made widely popular among consumers in 2016 with wearable headsets that allowed you to become semi-immersed in a virtual world, just by looking around with a pair of goggles on your head. This area of IoT is expected to have a shift from growth that focuses on these wearable hardware devices to developing more software–primarily in regards to content creation.

2017 is said to be the year that top-level content creators will try and make this semi-immersive experience even more captivating and realistic than ever before. While primarily seen in the gaming industry thus far, the tourism industry is expected incorporate VR technology into their marketing strategies–allowing customers added benefits to their experiences while on their trips and in previewing future trips as well. This is just one of the advancements of digital marketing, another area of IoT that is expected to grow greatly in 2017.

It is expected that consumer use of these wearable devices, especially those with a connected smartphone adaptability component, will skyrocket alongside these expected software advancements.

Artificial Intelligence

While, to most of us, Artificial Intelligence (AI) sounds like something far off into the future, it is a component of the technological world that is already impacting our lives today. Smart cars, GPS, Virtual Personal Assistants like Siri and Alexa, and almost any other household smart devices fall under the broad category that is modern AI. Because these devices are connected through the Internet, experts have some predictions for Artificial Intelligence that are likely to affect the IoT world. These predictions are best stated by Code42 chief security officer and chief privacy officer, Rick Orloff:

“There is a big distinction between artificial intelligence (AI) and artificial general intelligence (AGI). The former is akin to your GPS finding the best route to the airport, with the latter being associated with actual intelligent thought, which ties into robotics. As we rely on artificial intelligence to handle more tasks and both these categories evolve, we’re going to see a huge demand in 2017 for security skills applied to AGI, AI, and robotics, even more so when you combine AGI and robotics. The need for better real-time data correlation to improve the service stack as well as the security stack will become a critical skill set.”

-Rick Orloff, CSO/CPO, Code42

Smart Cities

Smart cities are those cities that integrate technology, specifically IoT, solutions into the overall management of their assets–including schools, hospitals, power plants, and many more integral players in the community. According to the Internet of Things Institute, Singapore is currently the smartest city in the world for its use of IoT technology to run its operations. Along with other IoT related phenomena, smart cities are expected to be on the rise across the globe in 2017. There is predicted to be a special focus on investment models to support the implementation of city-wide energy efficient systems, according to Analysys Mason.

These smart cities are excellent in using technology to allow their citizens to collaborate, but it is not a challenge-less process. Ruthbea Yesner Clarke, global director, Smart Cities Strategies at IDC, had this to say in regards to the growing popularity of these IoT-run towns:

“The awareness of the potential of Smart Cities has grown exponentially over the past year. States, provinces, counties, cities, and national governments realize they can positively alter the lives of millions of urban residents with the technology and data-driven opportunities digital transformation provides. This transformation is not without challenges, as a broad ecosystems of partners must work together to implement complex initiatives, and this will affect the entire program life cycle from policies and regulation to worker training and process improvements.”

-Ruthbea Yesner Clarke, global director, Smart Cities Strategies at IDC.

exhibition

While all of these advancements in the IoT realm of the technology world are exciting, one major flaw that is expected to continue is the hacking of IoT smart devices. This will bring about infinite new approaches, solutions, and business models in the fight to keep these devices protected. Among many other ways which will develop alongside their growing threat counterparts, here are a few ways in which you can protect your home against IoT threats.

  1. Turn off remote access to your devices when not in use–When at all possible, turn off remote access to your IoT devices. By leaving a device active while not in use, you are leaving it extremely vulnerable to use in a cyber attack, such as DDoS or even ransomware.
  2. Change all device login credentials from their default settings– Change your usernames and passwords to something hard to guess rather than leaving them vulnerable by using the same, basic credentials that came installed on your devices when you bought them. This is likely the same password used on similar devices, and using such passwords make them even more vulnerable to attack–once hackers figure out the password to one default device, they’ll be able to infect and take hostage any other device left in its default settings.
  3. Update your systems early and often– Stay on top of your system updates so that your network is well-protected. Activate fully automatic updates if it is hard for you to remember to update frequently, as it is for many of us. By doing this, you will never be behind in securing your devices with the most up-to-date protections.
  4. Research. Research. Research. Before you bring any connected devices into your home, you need to do your research to learn about the devices’ security features. As more and more consumers become cognizant of the security flaws that come installed in smart devices, such as vulnerable backdoors, manufacturers will need to begin taking note and creating these devices with security in mind. Until that time, protect yourself by doing a simple Google search to find out if your desired device is right for you.

Hailey R. Carlson | Axiom Cyber Solutions | 01/05/2017

The Internet of Things Security: Hacking Healthcare

The Internet of Things Security: Hacking Healthcare

One of the greatest technological achievements to date by far is the creation of the Internet. Not only did its emergence shake the entire world, effectively changing almost every aspect of our lives, but it has connected us all not only as a nation, but as a globe. Starting out with computers the size of walls and evolving to the laptops and smartphones of today, the Internet has become involved in more things than most had ever imagined. The most recent and rapidly-expanding Internet-related development is what is known as the Internet of Things.

The Internet of Things (IoT) is a term coined in 1999 by Kevin Ashton, executive director of the Auto-ID Center, that is used today to describe the network of physical devices which are embedded with technology that enables them to collect and exchange data via the Internet. Devices connected through IoT are commonly referred to as “smart devices” or “connected devices,” and they include a wide-range of numerous items, ranging from baby monitors, to cars, to kitchen appliances, and even light bulbs. Anything connected to the Internet falls under this broad category of the Internet of Things, so it is safe to say that IoT affects more areas of our lives than we may have once thought.

While it is an incredible feat that so many different and unique things are now connected via the Internet, IoT can also be an incredibly dangerous thing.

IoT Vulnerabilities, Real World Threats

As we have come to know all too well, when it comes to the Internet, anything that can be hacked, will be hacked. And while it may be an inconvenience to have your favorite social media site shut down because of a cyber-attack, or a major setback for a company’s image if they experience a data breach caused by phishing, IoT threats are different because they can have real-life, physical repercussions–a far greater and more lethal risk than any other cyber-threat.

Last year, hackers were able to remotely hack into a Jeep Cherokee’s Wi-Fi-enabled entertainment system, giving them access to the entire car–including its dashboard functions, brakes, and the car’s transmission. From across the country, these hackers were able to play with the car’s various features including the air conditioning and sound systems, and then suddenly, these hackers were able to cut the car’s transmission as it was going 70 mph down a major highway. While these ‘hackers’ were actually just researchers, Charlie Miller and Chris Valasek, testing their car-hacking research on a well-aware driver, the thought that in a similar situation, the Internet of Things could possibly be used by malicious actors to hurt or even kill a driver or other unsuspecting victims is terrifying to say the least.

IoT threats in the Healthcare Industry

Car hacking is not the only real-world, physical threat driven by IoT, as the healthcare industry has found a few IoT-related vulnerabilities of its own.

As more and more modern medical devices are being developed, they are adding to the collection of connected devices encompassed by IoT; however, many healthcare professionals have found that with these more advanced devices, comes more advanced cyber-threats as well.

One of the most recent and notable of these is the threat to Johnson & Johnson’s Animas One Touch Ping insulin pump. This insulin pump is special in that it is equipped with a remote control so that users do not need to remove their clothing to give themselves a dose of insulin. The problem with this is that the wireless connection between the remote and the pump is unencrypted, and consequently, highly vulnerable. Because of this, the pump can be hacked within a 25-foot radius of the user, and with the right radio equipment, a hacker can take control of the pump and trigger unauthorized insulin injections.

Not only does this threaten a specific device, but in some cases, it gives hackers access to the entire hospitals’ system. Similar to the car hacking instance, this not only poses immediate cyber-threats, but it could have deadly repercussions, as different diabetes patients need varying levels of insulin at different times. A malicious person could hack into these insecure devices and literally kill someone, so it is time that the healthcare industry started taking medical device IoT security more seriously.

IoT Security Tips for Healthcare

The IoT threats detailed above were caused primarily through security issues. The issue? There were no security defenses put in place to protect against any sort of attack. This is a serious problem and though it will take further research to make IoT security air-tight, a few tips to help enhance healthcare security for IoT medical devices include:

  • Conducting a secure boot–A secure boot is making sure that when a device is turned on, none of its configurations have been modified. This step helps to ensure that no tampering took places while the device was not in use.
  • Utilizing encryption–As we saw with the Johnson & Johnson insulin pump, a lack of encryption left patients lives literally in the hands of hackers. Encryption is an essential step that makes it that much harder for cyber-criminals to attack.
  • Implement authentication for devices–If authentication is used, device access is limited and device-to-device communication undergoes intense scrutiny. This makes it more difficult for a security flaw to go unnoticed.
  • Educate patients and staff–Though it affects such a huge portion of our lives, 87% of people have not even heard the term ‘Internet of Things.’ Education is really the greatest tool we have in our arsenal, so it is important to inform patients and staff of the very real risks of IoT security.

Security threats such as these make the Internet of Things seem like a terrible thing, but this advancement in technology is an excellent way to keep us all connected through items we would have never thought possible. Though this may be the case, it is important for these devices to be well-secured so that we can truly enjoy our connectivity.

Hailey R. Carlson | Axiom Cyber Solutions | 10/28/2016

Image Source

IoT: The Internet of Things, or the Insecurity of Things?

Everything is connected in 2016, it seems. What many people do not know is that this connectivity of everything through the internet is called IoT, or the Internet of Things. Any device connected to the internet is considered an IoT device. There are the connected things you’d expect like smartphones, tablets, laptops, and even gaming consoles, but there are somewhat less conventional devices as well. These are the things that a few years ago, we’d never have imagined would be connected to the internet—like cars, drones, solar panels, toys, and more—anything made with built-in Wi-Fi capabilities and sensors is a part of the IoT.

Cars

While it is amazing that so many things are now connected via IoT, this also means that all of these devices are vulnerable to hackers. For example, vehicles have become a big target by cyber-criminals recently because many newly released cars have on-board Wi-Fi.

Last year, Charlie Miller and Chris Valasek were able to remotely hack into a Jeep Cherokee’s entertainment system which allowed them access to dashboard functions, steering, brakes, and transmission—all while it was going 70 mph. Hackers were even able to hijack a big rig’s accelerator and brakes just last month!

In addition to on-board Wi-Fi, automotive leaders and innovators like Tesla have implemented an autopilot feature on their newest Tesla S model. While this is an amazing feat that gives us some insight into the future of transportation, in May of this year, a Tesla S in autopilot mode failed to detect, and consequently ended up cutting off, a tractor-trailer, running it off of the road and killing the driver. Though this was of course accidental, researchers at universities in South Carolina and China have found that they could trick the car’s autopilot sensors into thinking objects were present when they weren’t or made them fail to sense real objects that were there. Were they malevolent, they could have caused accidents that could have killed several people. This is why IoT security is so important.

Solar Panels

At this week’s BlackHat conference in Las Vegas, experts plan to discuss the growing security threats to IoT. Security researcher, Frederic Bret-Mounet, scheduled to speak on Friday, has been able to hack into his own solar panels.

Had he been malicious, Bret-Mounet realized that he could have overheated the panels to the point of being knocked offline—or worse, installed spyware which could have watched and listened to all that he and his family did in the privacy of his own home. This is something many people would not expect needed protection because they are unaware of the cloud connectivity of these devices.

Medical Equipment

As scary as it might be to think of your car, big rig, solar panels, or toys being hacked, it is even more terrifying to think of what malicious people might do to connected medical equipment. A Kaspersky lab researcher found that he was able to hack into a hospital’s Wi-Fi and utilize that connection to get into an MRI machine. “It was scary because it was really easy,” he explained. He goes on to say how a hacker could have changed a person in the hospital’s system to be categorized as ‘well’ when they are in fact still very ill, or vice versa. The fact that human being would do this is reprehensible, but that fact remains that the IoT of the medical devices on poorly-secured networks is leaving people not only vulnerable to cyber-attack, but could have fatal, life-changing consequences as well.

Protecting your IoT devices

While IoT security threats can be intimidating as they threaten every Wi-Fi enabled aspect of our lives, there are still a few things we can do in our own lives to help better protect against such attacks:

  1. Do your research before purchasing IoT products—Many people just buy what looks nicest or is most affordable when it comes to buying a new item with a variety of different options to choose from; however, when it comes to buying an IoT product, looking into the security or lack thereof in a product could be the difference in having peace of mind or worrying about your family’s household security.

Video baby monitors are a big concern in this area. These sorts of monitors are gaining popularity because they allow parents to watch their babies from almost anywhere to make sure they’re getting a good night’s sleep. But if this monitor were to be insecure, hackers—or worse, predators—could potentially watch or even talk to your baby. This is why it is so important to make sure that the IoT devices you are buying are secure.

  1. Do not use the default settings—Though this might take some more time than some like to put into their new product purchase, changing from the basic, factory-installed default settings makes it harder for hackers to get into your IoT products. Simple steps like these could mean the difference between being secure or being hacked.

 

  1. Use secure Wi-Fi connections—Free, public Wi-Fi, though convenient, is rarely properly-secured. Using your IoT devices on this kind of network could result in higher likelihood of cyber-attack.

 

  1. Turn off your devices when not in use—Devices that are allowed to run all the time, even while no one is using them, not only drains their battery lives, but can result in an insecure connection for hackers to be able to attack. This is one of the easiest steps a person can take, and yet it is one that is often overlooked. If your device works without an internet connection as well, simply disconnecting it from the internet when those features are not needed can do the same thing for your IoT security.

 

  1. Password protect anything and everything you can—Though passwords are not the only line of defense which should be taken in securing your IoT devices, adding in this extra security step makes hacking into your devices that much more difficult.

The Internet of Things has connected so many new and unique devices, but it has also exposed them to a myriad of new attacks. Staying informed on the latest IoT news and what hackers are coming up with are some of your greatest defenses in cybersecurity. To find out more about how to protect the things you hold near and dear, contact us at https://axiomcyber.com/ or (800) 519-5070.

Hailey Carlson | Axiom Cyber Solutions | 8/5/2016

Image Source

Cyber Criminals Are Now Targeting Your Kids

In today’s world, most parents are aware of the various predators that are out to harm their children. Now, parents can add cyber criminals to that list of concerns. While these criminals won’t physically harm your children, they can ruin your children’s credit and finances before they’ve even had a chance.

In 2015, 17.6 million Americans in the United States were victims of identity theft according to the Bureau of Justice Statistics. A majority of identity theft is due to data breaches committed by cyber criminals. The FBI ranks cybercrime as one of its top law enforcement priorities, and President Obama has recently proposed a $14 billion cybersecurity budget.

A data breach in November involving children’s toymaker, VTech, exposed 6.5 million children’s data. Approximately 3 million of those children were in the United States. The cost of VTech’s breach has reached approximately $116,000,000. Children are just as vulnerable to identity theft as adults. The fallout from data breaches affect so many individuals. Not only are the customers victim to having their personal information stolen, they also have to worry about their children’s personal information being compromised.

This past week, Wi-Fi-enabled toys from the Fisher Price line named ‘Smart Toy’, have been diagnosed with a security vulnerability, as well. Hackers had the ability to access children’s names, birthdays, gender, and more personal information. Fisher Price has since announced that this vulnerability has been remediated and no longer poses a problem. However, with the IoT (Internet of Things) well on it’s way and being implemeted into children’s toys, these security risks will only become more and more of an issue.

Can you imagine your child having an expensive utility bill in another state, or a drivers license, or even a foreclosed home in another state? It begs the question, when’s the last time you checked your children’s credit reports? It’s no surprise that these cyber criminals are interesed in stealing your children’s identity. You couldn’t ask for a better setup. What could possibly be better than a sparkling clean credit report for those criminals who want to start over financially?

Even worse, it can take years and years before you get any inkling of wrongdoing. More often than not, these cyber criminals are never caught. And the risk doesn’t decline after a few years because this is not something that just goes away. Social security numbers last a lifetime and identity theft for both adults and children is something that needs to be constantly monitored.

The youngest victim in identity theft was only five months old. A report done by Carnegie Mellon’s Cyber Lab, reported that out of the 40,000 children caught up in a data breach, 10.2% of those children had their Social Security numbers compromised. This statistic is 51x higher than the 0.2% of adults who were affected.

What can you do to help your child? The Federal Trade Commission (FTC) recommends looking out for the following scenarios.

1. Be turned down for government benefits because the benefits are being paid to another account using your child’s Social Security number.
2. Get a notice from the IRS saying the child didn’t pay income taxes, or that the child’s Social Security number was used on another tax return.
3. Get collection calls or bills for products or services you didn’t receive.
The majority of data breaches occur from cyber criminals who are hacking and phishing for data. Once that data is sold, you and your family are at risk for identity theft.

For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom