EXPERT OPINION
Should we really care about hackable dolls and insecure fridges ?
The world of the Internet of Things ( IoT ) is growing , with more and more of the appliances and objects we regularly use now able to be ‘ connected ’ in some way . But while the ‘ rise of the machines ’ remains a futuristic distant threat , Adam Jaques , Technologist for Pulse Secure , argues that we do need to be concerned about the vulnerability of data when it comes to IoT .
Adam Jaques , Technologist for Pulse Secure t ’ s all very scary
I isn ’ t it ? Dolls can now surveil our children and pacemakers can be hacked . If you ’ ve seen Maximum Overdrive , a Stephen King 1986 horror B-movie in which the world ’ s home appliances rise up and start attacking their owners , you ’ ll have a good idea of the kind of climate in which the IoT is so often talked about . In short , with great fear and paranoia .
And , to be generous , there may come a day when we have to face down our own electric shavers as they try and cut our throats but , for the moment , maybe let ’ s just take a deep breath .
There is definitely a lot to be worried about when it comes to the IoT , but not in quite as terrifying a way as we ’ re often told . We all know that the IoT is weak . Moreover , there ’ s very little impetus to make it stronger either . The European Union Agency for Network and Information Security recently published a paper that said it found almost no regulation regarding IoT : ‘ no level zero defined for the security and privacy of connected and smart devices ’ and ‘ no legal guidelines for IoT devices and service trust ’.
The globalised manufacturers who produce so many of the cheap , rushedto-market IoT goods in countries prized for their cheap labour costs and low regulatory bar are not likely to start thinking about cybersecurity any time soon . At a consumer level , many are at best clueless about the weaknesses in their connected doorbells and , at worst , indifferent .
But the things that are most likely to penetrate those insecure devices are often not looking to exploit their functionality but the retrievable data within . White hat hackers love to break stuff . When the talking Cayla Doll arrived in stores in 2015 , it didn ’ t take long for pen-testers to hack it and replace its inbuilt friendly patter with something a little more brusque .
The possibilities contained in that example were certainly scary but not entirely representative of what people really should be worried about when it comes to IoT .
Often these examples don ’ t get past proof of concept . ‘ Imagine if ’ cases can be interesting , but sometimes do more to impress than inform us of the immediate dangers we face . The truth is less exciting . What works for any other www . intelligentciso . com | Issue 02
41