海角大神

Skip to footer
Passcode
Modern field guide to security and privacy

We need cooperation to secure the Internet of Things

The processes and technologies to prevent digital malfeasance like the Mirai botnet are largely clear 鈥攊f we can work together

|
Michael Bonfigli
Jeremy Rowley fields questions from the audience at Passcode's Security of Things event on October 27, 2016.

It鈥檚 a common sentiment of internet-connected device owners and even some manufacturers that the security of an individual device isn鈥檛 so important.

After all, you might think, if it鈥檚 just a few commands being transmitted from my phone to my air conditioning unit to change the temperature in my house, in the grand scheme of things, what can a hacker really do with that?

Quite a bit, actually. 聽

Individual unsecured devices, especially consumer-facing ones, aren鈥檛 so dangerous by themselves, but they become more dangerous as a swarm. We witnessed just such a swarm on October 21, with the Mirai botnet assault on a portion of the Internet鈥檚 phone book (also known as a domain name server, or DNS) that shut down the internet on the East Coast. 聽

When individual devices aren鈥檛 secure, hacking into a large number of devices becomes as easy as hacking into one device.

But a large portion of the threat can be mitigated if companies and developers follow security best practices, many of which are well established and can be practiced today.

What鈥檚 hard isn鈥檛 the practices 鈥 it鈥檚 the coordination and cooperation necessary to succeed.

On a high-level, there are a few easy fixes: devices need unique identifiers; they need authorized users; the two previous data points (users and devices) need to be connected; packets of information sent between devices (air conditioner) and controllers (your phone) need to be cryptographically signed; and any updates to a device鈥檚 most core software (known as firmware) need to be similarly signed by the manufacturer as well.

By maintaining the security of the lanes of communication from users and developers to devices and thus cooperating across the Internet of Things ecosystem, hijacking individual devices becomes much more difficult and it becomes nearly impossible to take over a fleet of devices en masse.

Of course, all of this requires a key consideration on the part of device companies working in the Internet of Things: hard-coding good cybersecurity. The layers of security are undone if hackers discover device specifications that override security, such as hard-coded back doors or unchangeable default usernames and passwords.

The good news? These kinds of practices are being put in place now as the next generation of devices is being developed, spurred on by events like the Mirai botnet (the Chinese manufacturer whose devices formed a large base of the botnet ).

A future where manufacturers and developers implement security procedures from the design stage through production isn鈥檛 just around the corner 鈥 but it is my hope that it鈥檚 coming sooner than many think.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
海角大神 was founded in 1908 to lift the standard of journalism and uplift humanity. We aim to 鈥渟peak the truth in love.鈥 Our goal is not to tell you what to think, but to give you the essential knowledge and understanding to come to your own intelligent conclusions. Join us in this mission by subscribing.
QR Code to We need cooperation to secure the Internet of Things
Read this article in
/World/Passcode/2016/1102/We-need-cooperation-to-secure-the-Internet-of-Things
QR Code to Subscription page
Start your subscription today
/subscribe