Internet of “Things” a Playground for Bad Guys/Gals
People love the Internet of Things.
We must because we connect anything, everything – computer, tablet, phone, smart TV, door, thermostat, car, pacemaker, electric meter, bank, coffee shop, train, plane, you name it … it’s connected.
Heck, we have more than twice the things connected than people on the planet and by 2020, we’ll have more than 50B of them doing something.
The industry is so great they’ve put tremendous computer power at the edge.
That never-outta-your sight smartphone has more power than my first computer-- a GPS, tons of apps, cameras, probably 8GB of storage.
And it’s only getting better.
Or worse if you’re brave enough to go to events like Black Hat and find out what hackers, whackers, cyberthieves, white/black/grey hat guys/gals can do.
Merrill observed, “Everything has a weakness.”
No, we’re not talking about what government surveillance crews like the NSA (National Security Agency) and other global security agencies are doing, that’s old hat (sorry for the pun).
At this year’s Black Hat gathering, the NSA boss, General Keith Alexander, was brave enough to stand up and give their version of the story.
Batter Up - Gen. Keith Alexander, head of NSA, gave a keynote at Black Hat that drew everyone’s attention. Frankly, I would have worn a lot of protection, including the mask and cup.
Made me think of a little bunny rabbit surrounded by a pack of hungry wolves.
He did O.K. in front of a less-than-friendly crowd, explaining their surveillance and monitoring activities.
Packed Crowd – General Alexander’s presentation at Black Hat was clearly one of the best attended sessions at this year’s conference with very minor disruption. Of course, things like eggs, tomatoes and water balloons were checked at the door. The attendees were dubious but courteous as he outlined his agency’s side of the story.
And as long as you didn’t think too much about it, NBD.
Compared to the rest of the event’s sessions, a “little” government surveillance almost seemed benign.
There were a lot of “holy crap” sessions and tricks the researchers showed off (with glee) that would bother you and me; but the meat of the event was all of the DDoS (distributed denial of service) activity that is going on and things the really black black hats were doing to steal information (including yours) that could be turned into cash.
With everyone – companies and individuals – jumping into the cloud, DDoS attacks have become a growing problem.
Hackable – Basically, if it’s a device that is connected to the global Internet, a good – or bad –hacker will find a key to get in. The most disruptive is the increased DDOS activity that is on the increase. Of course, harvesting personal data and tapping into bank funds also does an increasing amount of damage on a worldwide basis.
Automated tools have improved and botnets of computers can be rented and put in the hands of unscrupulous attackers.
Merrill got mad and said, “It's time for an ass-whupping.”
A lot of the security researchers talked and showed how they could take control of almost any system (internet-connected thingie) in minutes.
What we got out of it was, if someone says their system, service, network, cloud is secure, take it with a grain of salt because if “they” want to get in they will because security tools and patches only handle the problems folks know about, not those that evildoers are working on right now!
The researchers at the event talked about issues post mortum or if the company they told about the problems didn’t fix them.
You know, “Oh we have outstanding security and place our customers’ safety first, so there’s no problem.”
Most of the folks at Black Hat probably would have received a Letter of Marque back in the middle ages.
License to Hunt – No company or government says they’ve given hackers the same Letter of Marque that privateers received in the middle ages. Of course, none have said they haven’t either; they just hire researchers to sniff for stuff.
You know roam the Internet looking for issues, problems and “neutralize” them.
It’s amazing (and scary) what they can do with – and to - an ordinary smartphone.
Most Vulnerable – Today’s gotta’ have smartphone just keeps getting better and better, more indispensible and a whole lot more vulnerable to attack. Few people have robust virus and security software like that available from Kaspersky, which has robust solutions for all platforms/devices. But all security companies are always one step behind the bad guys and have a big job discovering all of the holes companies leave in their products as they rush to market.
Got your online banking on your phone? BAM!
Got your mobile billfold on your phone? BAM!
Your SIM card that controls everything? BAM!
For a few bucks, they can get a really cheap computer, some sensors, WiFi adapters and can use it to pickup/track/monitor any wireless traffic, including your calls to harvest your unique identifiers, account details, connection history, you name it.
Got a fentocell in the house to boost your reception and connect stuff to the outside world? BAM!
Well, that ticked me off because we just had our service provider connect everything possible to move into the 22nd Century with a connected home.
Connected Home – The images connected devices and service companies provide of your connected home are wonders to behold. You can monitor your kids/pets, even when you’re not home. You can lock doors, turn on lights, adjust the temperature and just about anything you want to do. Of course, it turns out that a halfway decent hacker can do the same thing like open doors, unlock windows…just about anything if you have weak to non-existent security.
We’re not as connected as we want to be; but it’s a start.
Hackers can “manipulate” any of the new marvelous gadgets; i.e., the heat/air conditioning, lights, door locks iNet-connected toilets, refrigerators, stoves and yes, that new smart TV of ours.
Yeah, that great online video enjoyment and two-way communications set can be used against you.
Even with the TV set turned off, a hacker can tap in and see what’s going on.
Graham commented, “See this is why we're not watching TV.”
When the Korean hacker was asked how to block the nosey or perverted person, his response was “just unplug.”
Wait! Do you know how long it took me to set-up, program and tune everything?
The next big thing that technology wants to control is your car. O.K., a lot of it already is if it’s of recent vintage.
Computer on Wheels – Today’s computerized cars have over 100 microprocessors in them and the count keeps going up. They’re all for your increased enjoyment and safety. They’re all hackable as well.
We’ve read that about 60 percent of the cost of today’s auto is electronics so that’s a lot of targets for a big hunk of metal that can hurdle down the road at 60+ mph!
According to IHS Automotive, there are as many as 100 microprocessors, making them rolling computers.
The security researchers showed how they could control brakes, speed, steering, you name it through your Bluetooth connection, GPS, streaming music or friendly OnStar service.
The researchers tried to reassure us that car hacking was a pretty inefficient way to attack us, but I’m not sure I’ll get in one of Google’s driverless cars any time soon.
And if I see a driverless truck barreling up behind me … I’m pulling way over!
Merrill agreed and said, “The nerds were right.”
Face it, anything can (will) be hacked given the right incentive or malicious nature.
Manufacturers to do a better job of focusing on how they can build robust, really robust, security around all of those sexy bells and whistles they’re adding.
Of course, the security folks and manufacturers have a tough job. That’s why every company you can think of was displaying/advertising for good hackers and lurking through the halls at Black Hat.
They’ve gotta’ protect your computerized gimmick and make it delightfully simple for you to use.
That isn’t easy because I don’t know about you, but I’m not the sharpest pencil in the box.
People just don’t like all those security steps, so they design their own “shortcuts” which means they disable it.
That’s when Morgan commented, “The book says they're probably very good problem solvers. They'll find a way in.”
No wonder corporate security folks hate your nifty BYOD that perfectly blends your office/home lives.
Heck, even the FBI has their own on-going internal intruder program!
It’s also why the Black Hat researchers will never be out of a job and will always come up with cute hacks to brag about/show off … next year.
As Merrill said, “It's like War of the Worlds.”