Page 35 - Cyber Warnings
P. 35
open to attack, but they can be used as tools for attacks of a much grander scale. It was
reported that ransomware was used to lock or unlock doors at that hotel in Austria, and the
attackers demanded a ransom in bitcoins. The ransom was eventually paid, and it turns out their
key card management system was indeed unavailable for a bit. It created a lot of
inconvenience, but no one’s hotel room actually became a temporary jail cell and no one was
held captive.
Now think about the very, very near future, with the massive use of remote controlled devices,
providing energy to homes, light, controlling cars, even getting access to airplane systems? A
zero-day threat could cause potential damage to a whole city infrastructure. It reminds me of a
“Two and a Half Men” episode where Walden and his partner develop software that causes a
blackout across the entire country. Could this happen in the future? What about “Person of
Interest,” where Finch uses smart camera exploits and even laptop cameras in public coffee
shops to spy on people? Are these really farfetched, or are they just around the corner?
IoT already represents a tremendous step forward in innovation, making our life easier, smarter,
and connected. But both the typical consumer as well as the world’s largest companies must not
only acknowledge and learn about the associated risks, but they should also put processes and
precautions in place to avoid misuse. Possible steps include:
• Remote controlled devices should not allow a product to begin functioning before a user
changes the “factory set” administrator name and password.
• Firmware updates or app insertion should have a well-controlled system behind it,
preventing unauthorized access.
• Eventual failures and attack detection should lead to an automatic safe mode, for
example some form of manual or altered mode.
The hype surrounding IoT is huge, but the attacks surrounding IoT will undoubtedly become the
bigger news maker. After all, when a lakeside resort nestled in the Alps hits the headlines for
IoT related ransomware, it shows anything can be up for grabs. IoT is clearly going to become
one of the new elements of crime. Makers of IoT devices and related systems must play a
strategic role in educating the general public on both the benefits and the risks we take as the
world depends more and more on connected devices.
About the Author
Alexandre Cagnoni is CEO of McLean, Virginia-based Datablink
(www.datablink.com), a global provider of advanced authentication and
transaction signing solutions.
35 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide