In a rush to deploy more wearable devices and sensors, manufacturers of smart devices are neglecting the security threats facing an Internet of Things that is largely unprotected, cautioned a panel of cyber security experts last week.
Millions of such devices may be deployed in the years ahead – possibly even as human implants – without enough safeguards, which makes it costly and difficult to secure them afterwards, they stressed.
One way to make things harder to crack? Have tougher government regulations, said Raimund Genes, the chief technology officer of Trend Micro, one of the experts speaking at the CloudSec conference in Singapore last week.
He likened this to requirements for cars to have airbags as a form of protection for consumers. A tougher regime could make manufacturers and other network vendors tighten up security, for example, by encrypting the data sent between devices and protecting the back-end servers storing the data collected from these devices, he argued.
Right now, he said, the industry is focused on low cost and getting new devices out fast, without enough thought for securing them. He brought up the example of Wi-Fi-enabled baby monitors that are often used with their default passwords, allowing anyone nearby to spy on what’s going on at home.
Indeed, in a recent BBC test of such smart devices at home, it found that a number could easily be accessed by a determined hacker. As more connected vacuum cleaners, climate controllers and security cameras come online, the potential for break-ins looks likely to grow in the years ahead (read our commentary).
One worry is that hackers could steal sensitive information and ask for ransom in return for not exposing it. Though individuals could potentially be harassed into payment, as some malicious mobile apps have shown, the big targets are companies and governments holding important data on millions of users.
“It’s not a question of whether they can enter (a network), but how soon and how fast they can enter,” said Madan Mohan Oberoi, director of the Interpol Global Complex for Innovation in Singapore.
Law enforcement agencies have to prepare for situations where organisations are told to pay up or face a cyber attack, the same way they have drawn up plans to deal with kidnappings, he added.
Another expert on the panel, Bob Flores, a former chief technology officer at the Central Intelligence Agency, said there will be more attacks on industrial computer systems that could disrupt an economy drastically.
Instead of trying to poison a city’s water supply, terrorists could attempt to cut off the water to affect citizens seriously as well, he said. In the same way, he added, they could turn to cyber attacks to target a country’s economy besides trying to cause massive casualties like with the 9/11 attacks.