opening-skew

Go back

masking

After CES, Sophos considerations on security

Sophos on CES: A great time to be inventive, but innovation must not come at the price of security James Lyne, Global Head of Research, Sophos One of the main themes to come out of CES has been the advancement of the Connected Human. Whilst we can’t commute to work on a Hoverboard just yet, “Sent From My Fridge” emails are now a reality and we can expect to program our coffee machines to have an espresso waiting for us when we arrive home.

We are also witnessing the advancement of “omni-cognisant applications,” the ever present apps which can monitor our every move, and even keep track of how much milk babies are drinking.

As a plethora of start-up app companies compete for our attention and business and consumer boundaries for Internet of Things (IoT) technologies become harder to define, security on these kinds of devices is no longer a “nice to have,” but a must-have. We can no longer assume these systems are secure. In the not-too-distant future, such systems could yield attacks that have a very personal impact on each of us.

In 2014 we’ve seen more evidence that manufacturers of IoT devices have failed to implement basic security standards, so any attack on them is likely to have nasty real world impact. As well as manufacturers taking responsibility for properly securing IoT devices, the security industry also needs to evolve to deal with them. With the already poor security controls of these devices it may be surprising to some that we have not seen more meaningful compromises in 2014. While IoT device flaws are easily exploited and have been relatively widely published so far few of them have translated in to the financial interests of most cyber criminals. However, that is not to say that this will not blindside us and suddenly occur given the rapid evolution of the technology. What’s more, not all attackers are financially motivated and each of these devices is creating a greater bridge from the digital world to the physical.

I’ve personally hacked wireless routers with web attacks such as command injection, CCTV cameras that don’t bother implementing account lockout, and wireless plugs that don’t bother with usernames or passwords and instead explicitly trust the local network.
Security conferences have been filled with demonstrations of these issues but as yet it has not translated into widespread interest from cybercriminals. However, we can expect to see more serious examples outside the proof-of-concept playpen of security researchers soon. Without better security, these devices could be a very real new vector for attack.

It is key that the security industry evolves to deal with these devices, that vendors of such applications quickly recognise the importance of security (just as Microsoft once had to), and that consumers continue to grow their awareness of the issue so that security becomes a commercial requirement, not an afterthought or nag from security pros.

Share it:

closing-skew

Leave a Reply

Your email address will not be published. Required fields are marked *

Skewed-grey-square

NEW BUSINESS INQUIRIES

JOIN OUR TEAM?

MEDIA INQUIRIES?

Do you want to increase the effect of your communications and the impact on your business?

Do not wait. Contact us now.

By opting in (I agree) I acknowledge the Sound PR Privacy Policy (provided below) subject to the terms of the article 13 of the EU Regulation n° 2016/679 laying down provisions for the protection of my personal data from Sound Public Relations Srl and, knowingly:


to the processing of my personal data for the purposes indicated thereof.

Privacy Policy

Are you resourceful, proactive, results oriented and looking for a position in which to grow and develop your talent?

Join our team. Look at our open positions or directly send us your resume.

Upload your CV (Max 1MB)


By opting in (I agree) I acknowledge the Sound PR Privacy Policy (provided below) subject to the terms of the article 13 of the EU Regulation n° 2016/679 laying down provisions for the protection of my personal data from Sound Public Relations Srl and, knowingly:


to the processing of my personal data for the purposes indicated thereof.

Privacy policy

Want to learn more about Sound PR and / or our customers?

Do not wait. Contact us now.

By opting in (I agree) I acknowledge the Sound PR Privacy Policy (provided below) subject to the terms of the article 13 of the EU Regulation n° 2016/679 laying down provisions for the protection of my personal data from Sound Public Relations Srl and, knowingly:


to the processing of my personal data for the purposes indicated thereof.

Privacy Policy