Smart Homes, Appliances May be Cyber Hackers Next Target
By: Time Culpan, Bloomberg Gadley, Claims Journal, October 2016
that’s the apocalyptic headline we could be reading one day, given the seemingly unassailable trend toward connecting mundane items to the internet. Don’t think it’s too far-fetched, either.
More than $970 billion is expected to be spent on Internet of Things devices next year, according to data from Bloomberg Intelligence and IDC. It’s no mistake that “things” is the chosen noun to describe every and any gadget that can be connected to a network. Few other words encompass the vastness, and “stuff” just isn’t elegant.
As we saw last week, though, connecting things to the internet also creates the potential for huge networks of robots, aka botnets, to be turned into drone armies for anyone with the software tools to take over enough devices. One such tool is called Mirai, a strain of malicious software (malware) that was not only deployed with cunning effectiveness last month to bring down the website of renowned security researcher and journalist Brian Krebs, but was released into the wild for anyone to copy and adapt for his or her own use. And that’s exactly what happened in Friday’s attack.
While the prevalence of flying drones has created a fear that airborne toys could be weaponized, the sheer number of internet-connected devices and the lack of security built into them shows the bigger threat is that almost any object can be turned into a cyber drone. According to Krebs and security firm Flashpoint, the most recent attacks can mostly be traced back to components for digital video recorders and internet-connected cameras supplied by Chinese company XiongMai Technology.
It’s forecast that $972 billion will be spent on the Internet of Things globally in 2017.
I couldn’t tell you whether XiongMai really is at the heart of the vulnerability, but the fact that researchers could trace infected components back to one hardware supplier is a feat of cyber epidemiology that raises an interesting moral and legal dilemma: What responsibility do suppliers have to secure their devices?
A little-known case in the U.S. earlier this year helps solve that question. The Federal Trade Commission sued Taiwan’s Asustek for leaving consumer routers and cloud services vulnerable. Because of this poor security, hackers could (and did) commandeer users’ web traffic. I know, because I was one such victim. Asustek eventually settled the case and agreed to tighten security and be subjected to audits for 20 years.
Suing individual companies for specific weaknesses looks a bit like fighting a forest fire with a water pistol, but it’s better than nothing and at least lets device makers know of their moral responsibility. Even better would be the implementation of global IoT security standards in the same way that technology specifications are in force for the likes of Bluetooth and WiFi. That would help deal with the problem of numerous differing device types and systems that fall under the IoT umbrella.
Already the European Union has got to work on the issue, drafting rules for IoT hacking-defense norms and labeling modeled on the way energy efficiency is rated for household appliances.
Improved standards can’t come soon enough. While hacks could turn devices such as cameras, fridges and toasters into cyber drones, keep in mind that many airborne drones are also a form of IoT. Now imagine if those got hacked, en masse.
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008