As the number of IoT sensors and devices increases, so does the number and variety of threats to the networks they are connected to. Given the fact that many of these devices are not properly secured, security failures are almost inevitable. But the consequences of such access might be larger than what we previously imagined.
For example, researchers have found that devices like smart sprinklers and air conditioners can serve as backdoors for hackers. Using these access points, attackers can then infiltrate home or office networks to gain access to sensitive data or even control of compromised devices. These security threats have the potential to cause significant commercial and societal damage.
The roundup below presents news of critical IoT security issues, including the large-scale ramifications of relatively small, unsecured devices, the increasing importance of quantum computing and the legal implications of inevitable hacks.
Researchers from the Ben-Gurion University of the Negev recently published a paper asserting that it is possible for bad actors to create a botnet of irrigation systems. According to the paper, attackers could use malware to attack vulnerable IoT devices and take control of irrigation systems. Once they have control of the systems, hackers could activate the sprinklers and cause water outages, leading to financial and societal damage. Read more.
At the Usenix Security conference in Baltimore last month, researchers from Princeton University demonstrated how an IoT botnet of high wattage home devices such as air conditioners and water heaters could take down an entire power grid, causing mass blackouts. Although the scenario is not possible today, the researchers argued that this kind of attack will become practical as connected high wattage home devices become more ubiquitous. Read the whole story on Wired.
Jim Clarke, Director of Quantum Hardware at Intel Labs, recently expressed his support of the National Quantum Initiative Act currently making its way through Congress. In his post published last month, Clark emphasized the need for research communities to come together under the same objective and expressed his support for the U.S. bill, which would establish a government program to support quantum computing research and development. Read Clarke’s full post.
At Black Hat USA 2018 in Las Vegas last month, the attorney who represented plaintiffs in the infamous 2015 Jeep hack spoke on the legal implications of IoT security issues. According to Ijay Palansky, partner at the law firm Armstrong Teasdale, plaintiff attorneys are anticipating hack-related lawsuits as more consumer IoT devices are rushed to release without adequate security. Read the possible claims against IoT devices it the full article on Threatpost.
The FBI Internet Crime Complaint Center issued a public service announcement last month regarding cyber threat actors using IoT devices as a means of exploiting computer networks. The PSA points out that IoT devices in developed nations such as the United States are particularly susceptible to these attacks, as they provide an entrance to networks that would otherwise block suspicious IP addresses. For a list of comprised device symptoms as well as prevention tips, read the full PSA.