Alarm Bells Ring for Unsecured Connected Devices
A hot topic at the annual Black Hat cybersecurity conference in Las Vegas this summer was the increasing risk companies are facing with the Internet of Things (IoT). The key takeaway was summed up by Black Hat founder Jeff Moss, who told Agence France-Presse (AFP) that "almost none of the Internet of Things device-makers have any real security teams. It is sort of a gold rush to market."
The example on everyone's lips was a software glitch that allowed hackers to gain control of a moving Jeep Cherokee. The dramatic incident was symbolic of the larger fear that defenseless, "smart" devices could cause a chain reaction of attacks in whole cities or neighborhoods, shutting down power grids, water treatment plants and other infrastructure targets. Not to mention the fact that data stolen from connected devices can be used to learn about people’s lifestyles, and that embedded cameras could be activated to invade privacy.
A key part of the problem is that most smart appliances don’t get get software updates, even though the products are typically designed to last up to ten years or more. This gives hackers plenty of time to identify and exploit potential vulnerabilities. "A million of anything is trouble," Moss told AFP. "A hundred million is a disaster."
While Fiat Chrysler Automobiles recalled nearly 1.5 million U.S. cars and trucks after the Jeep hack and provided a software patch to fix the problem, consumers are right to be nervous about future threats.
Just days after the Jeep story, Hewlett-Packard announced a study that revealed significant vulnerabilities in 10 tested smartwatches.
Until companies get serious about security, the explosion of connected devices provides a smorgasbord of easy targets for hackers. According to a report by AFP, "smartwatches could pose special risks because they may store sensitive information such as health data, and could connect to cars and homes to unlock them."
Avnet understands the importance of security.
At Avnet, we believe that security is one of the six key attributes of effective Intelligent Systems, along with identity, connectivity, manageability, user experience and analytics. Because it's so critical to the future success of our industry, we take great steps to minimize vulnerabilities while maximizing data intelligence. Intel Security's McAfee Embedded Control Software product is the most compelling for an OEM who builds or manages a fixed-function device and wants to prevent unauthorized changes or malware attacks. It is a simple, light-weight software technology to make devices immune to attacks or accidental updates. This Dynamic White-listing technology is ideal for the "Things" in the IoT by only allowing the device to perform its intended function. This is NOT an anti-virus so there are no performance or resource burdens. Ideal for devices for retail, medical, industrial control, office equipment, gaming, automotive even Military & Aerospace. This is security that is Built-in – not Bolted on!
