Concern over IoT security rises after recent attacks

1 min read

At the end of last year, Intel’s 2017 security report painted a grim picture, warning the New Year would see the world confronted by botnets, malware and international cyber-attacks.

At the time, it was accused of promulgating doom and gloom, but perhaps its critics were wrong. The warnings turned out to be prescient in light of the recent ransomware attack that affected organisations around the world.

It’s been suggested that the WannaCry hack could make similar attacks more likely in the future, especially if countries developing and stockpiling so called ‘cyberweapons’ do little to protect them from being stolen and turned against their own populations – WannaCry is believed to have been developed by the US National Security Agency.

While this hack dominated the news, a less well reported incident – at a cybersecurity conference in The Hague – left its audience reportedly stunned.

Reuben Paul, an 11 year old ‘cyber ninja’ from Texas, surprised himself and an audience of security experts when he hacked into their Bluetooth enabled devices, then manipulated a robotic teddy bear.

The toy was connected to the cloud via Wi-Fi and Bluetooth. Using a Raspberry Pi connected to his laptop, Paul scanned the assembled audience and downloaded numbers and various other details. Using the Python computer language, he then hacked into the toy bear to manipulate its lights.

All of which suggests the IoT is a lot more vulnerable than many realise. The vision of the IoT is of billions of connected devices. But little, if any, attention has been paid to how these devices’ security might be kept up to date. Situated ‘at the edge’, devices with out of date security will provide the ‘attack surface’ which hackers exploit.

What’s needed is more standardisation, long term support and, crucially, an infrastructure in which security is managed centrally, with updates rolled out automatically, removing the user from having to do updates themselves.

If we’ve learned one thing from WannaCry and from Paul’s demonstration, it’s that much remains to be done in securing the Internet – whether that is through greater integration, more centralised updates or standardisation of infrastructure solutions.