Smart Does Not Always Mean a Wise Solution

Digitization and informatization are the two most inclined words of modern times. They affect more or less all areas of life of ordinary people. Modern technologies are no longer the privilege of a limited group of geeks. The availability and ease of use of technological gadgets over the last decade has brought about the revolution in mass expansion of devices regardless of the consignee. Mobile smartphones, high-performance notebooks or smart watches – they represent only the tip of the iceberg.

Having a device that can be considered as modern or “smart” is no longer a problem today. However, the society cannot be blamed for – such solutions help us at work, make everyday activities easier for us or simply make rest and fun more accessible. It is quite impossible to stop the development of particular systems and services. Can we unanimously agree on the fact that the term “innovation” also includes “trust”? Can something modern be at the same time “secure”?

Internet of Things

The Internet connection is nowadays an essential part of every modern device and is becoming a certain standard about which nobody wonders but automatically counts on it. This argument is a precondition for creation of a huge network that is somewhere in the middle of the global Internet and is growing exponentially. In summary, this network is called the Internet of Things which is clearly a very distinctive name.

Simply said, the Internet of Things (IoT) means the interconnection of devices which have the Internet connectivity. As a result IoT includes everything what is actively connected to the Internet and uses the network explicitly not only for operation but mainly for communication with other devices. IoT is a fantastic tool in the optimal configuration. It helps, facilitates, entertains or even makes decisions.

Cyberparadoxes or How a Hacked Fridge Can Harm Us

Let us have a look at the situation if we try to make devices for compromise or abuse from the “perfect” device. Honestly, how many of us on purchase of the smart devices think about their protection besides their design, functions or the price. Taking advantages of modern technologies is one thing but on the other hand there is their security and trust in their operation as required by purchase.

If we imagine how many devices are connected to the network and for what purposes they are used, we can get interesting facts. Nowadays, so called smart solutions are used in every area of our life. Either there are smart homes with smart fridges plugged in, smart bulbs attached or smart TVs connected to the Internet. However, the connectivity is not the major problem of these devices. But there is the famous phrase – “the security was not the requirement in the process of development”.

What shall happen if we break the optimal IoT settings in an ordinary smart house? A smart fridge can be used as an example. It provides the service not only in the form of properly set temperature for food compartments but also in the form of display of the foodstuffs missing in the fridge via the touchscreen before going shopping. There is a set of functionalities which look like very useful. But what shall happen if a malicious code infiltrates into this fridge? The fridge functionalities shall change; it will not display anymore what to buy in the shop because the touchscreen will ask to pay ransom. We shall say “That’s bad news” but how to move on now. And what to do if the temperature control fails to work because of such malware? External temperature is getting closer to 40 degrees and there are perishable foodstuffs in the fridge… And it was a very simple example.

Imagine that someone unauthorized hacks your alarm system. Or without your knowledge the attacker will go through video records from your camera system and will share the pictures from the interior of your house on the Internet. The same applies to smart TV with the video camera and connection to the Internet, wireless speakers or webcams to the computer. Do you think that it cannot happen to you? Do you think that you are not an interesting target for hackers? Most likely or rather for sure you are wrong. Cybercriminals do not choose their victims in IoT. They just attack.

Even more alarming fact is the possible abuse of individual IoT devices. By using scripts which are on darkweb today in hundreds, the attacker can reconfigure settings of individual devices and join them into a huge botnet, handle them altogether by a control server and use them for various purposes – such as DDoS attacks or malware distribution. In most cases the owner of the device does not even know about it.

Don’t Panic!

Though it seems from the above mentioned that the future of IoT is much darker than is declared by manufacturers of devices, it does not have to be so bleak. It is sufficient if customers force manufacturers and developers to be more responsible. It is a long and complex process because becoming aware that the investment in future means also investment in future of individual devices is quite slow. What can we do as individuals if we want to use all conveniences of modern technologies and at the same time trust that our devices are secure?

There are many recommendations which can be summarized in several points:

  1. When buying IoT devices the users are lured by their design or technological maturity but first of all the security of individual devices should be evaluated. Encrypted data transfer, the option for setting of user privileges or several-factor authentication are parameters which first should be taken into account.

  2. If you are not sure about the choice of the device, ask. Ask experts, vendors, users. The internet is full of reviews for a large number of products. If you buy such a device in a store, try it on the spot, especially, if it meets at least the basic security requirements.

  3. If you have decided to use a secure and technologically mature device from IoT portfolio, remember that it is the user who is often the biggest vulnerability. Change your default passwords and use all the security features offered by your device.

  4. 4. An important predisposition for the proper functioning of any device connected to the Internet is correctly configured home network. A high-quality router, encrypted connection and properly defined user privileges are the basis without which the secure functioning is impossible.

What to say in conclusion? Being associated with the IoT environment and choosing a suitable device for both private and company purposes is difficult. But getting the right product is not an impossible goal. Cyber security is not an instant drink being sold by 10 pieces in a box. It is a constant advance in activities and services that require the expertise. As modern technologies are available, so the security knowledge is available. Therefore, we cannot ignore the fact that our security on the Internet is as important as our physical security in a real world. Remember that when you once drive your smart car. A smart home or a smart company cannot be built on stupid devices, can they?

(Author: SK-CERT)

« Späť na zoznam