Symantec's Take on the Risk of Things

Image Source: https://www.flickr.com/photos/yusamoilov/

Smart door locks that can be opened remotely without a password. Potential vulnerabilities of hundreds of millions televisions to fraud or even ransomware. A recall of 1.4 million cars to help prevent vehicle takeover.

These are just a few of the highlights presented in “The Internet of Things" section of Symantec's 2016 Internet Security Threat Report.

Pointing to an increase in proof of concept attacks as well as attacks in the wild, Symantec's analysts concluded designers and manufacturers will have to address fundamental security challenges if the IoT industry is going to deliver on the much ballyhooed $2 trillion in potential economic benefit.

Symantec's own research teams reported that:

  • Hundreds of millions of internet-connected smart TVs are potentially vulnerable to click fraud, botnets, data theft, and even ransomware
  • Multiple vulnerabilities were found in 50 commercially available smart home devices they analyzed, including the door lock that could be opened remotely without a password

The report also cited other IoT security risk highlights from the past year:

  • Researchers have found potentially deadly vulnerabilities in dozens of devices such as insulin pumps, x-ray systems, CT scanners, medical refrigerators in implantable defibrillators
  • Fiat Chrysler recalled 1.4 million vehicles after researchers demonstrated a proof of concept attack where they managed to take control of vehicle remotely
  • In the UK thieves have hacked keyless entry systems to steal cars

The security outlook for IoT unfortunately is not that good, the report’s authors concluded. They expect to see more stories like these in the coming year, affirming that proof of concept attacks are invariably followed by real attacks. They go on to speculate that it may even get to the point that IOT devices become the preferred route for attacking an organization, and potentially the most difficult for incident response staff to recognize and remove.

The answer to protecting people and organizations against the security risks introduced by IoT, according to the study, will require a multilayered, holistic security approach that will need to involve an entire ecosystem of cooperating partners, much like the IT security industry has today.

The members of the Smart Card Alliance agree with this view, and have responded by creating the new Internet of Things Security Council to help move the industry forward. Like its other organizations, the Council will provide a forum where all the stakeholders can work together to solve the privacy and security problems facing IoT, and to create an effective ecosystem that can bring together all of the different layers of technology and services that will eventually be required to deliver workable and effective solutions to these problems.

Featured
Making Connected Health Safe and Secure Under Smartphone Control
Making Connected Health Safe and Secure Under Smartphone Control

Solution providers must go beyond mobile devices’ inadequate built-in security mechanisms while also ensuring the necessary “always-on” connectivity for reliably exchanging safety-critical data and commands between smartphone apps, the IoT devices and the cloud.

IoT Deployments of Any Size Can Now Be Protected with Pre-provisioned Hardware-based Secure Elements
IoT Deployments of Any Size Can Now Be Protected with Pre-provisioned Hardware-based Secure Elements

The IoT has massively broadened the potential threat landscape for the entire market. To mitigate this vulnerability, industry best practices dictate that the authentication model of the connected device be strengthened using a secure element that has been configured for storing private keys and handling crypto-algorithmic secrets. Unfortunately, due mostly to supply chain logistic constraints, this approach has been challenging to onboard for most small-to-medium sized deployments.

Is the Internet of Things Safe?
Is the Internet of Things Safe?

If you like Sci-Fi movies you can probably name a couple of films where robots went rogue. People have worried about the use of Artificial Intelligence (AI) and robots for decades now. As the Internet of Things (IoT) grows more popular it brings a whole new debate to the table. Is it safe?

The Secure Technology Alliance, formerly the Smart Card Alliance, developed this website to provide information and resources on the Internet of Things.

 

We want to hear from you

What do you want to know about the IoT security? Let us know what you think using the online form, and follow our activities on Twitter and Facebook!