At this year’s CES it became clear that just about any electronic device can be connected to the Internet. As good as this sounds, each device creates a vulnerability which needs to be addressed, writes DAVID EMM at Kaspersky Lab.
At the end of 2016 the world discovered just how vulnerable indiscriminately connected ‘Internet-of-Things’ gadgets could be, when hundreds of thousands of smart domestic and city devices were press-ganged into forming massive global botnets and used to attack the internet. These devices were often worryingly easy to hack, released by manufacturers with only basic security, default passwords and no ability to upgrade their software, and then inadequately protected, if at all, by the consumer.
Nevertheless, as can be seen at this year’s major consumer electronics show, CES2017, over the next decade pretty much everything, from the functional to the frivolous, is likely to come with an app and wireless capability. And the world needs to be ready for this.
· Firstly, when it comes to the devices themselves, it is vital that individuals, organisations and manufacturers understand the security threats posed by malware and other attacks – and start to design-in security from the start, and implement basic protection measures before the device is connected.
· Secondly, the world needs to prepare for fact that the ‘crime scene’ of tomorrow will be the Internet-of-Things. The recent demand for Amazon to release data collected by its Echo Dot in order to assist in a murder enquiry (Amazon has refused to comply), highlights the growing role of connected devices in criminal investigations. Such voice-activated software, including similar offerings by Google, LG and more, will be on proud display at CES. It is worth bearing in mind its potential ability to capture conversations taking place near the device; and if your access credentials are weak you have no idea who else might be listening in.
· The integrity of such systems will be increasingly critical. Some developers are already starting to experiment with software that can add to or alter voice recording, a ‘Photoshop for voice’, as it were. In the world of cybersecurity, there is never time to stand still.
Connected devices offer much that is beneficial, remarkable and entertaining – and which will make the world a happier, healthier, more productive place. But, left unprotected, they can also make us more vulnerable to others whose intentions are less honourable. Don’t let them in.
* David Emm, Principal Security Researcher at Kaspersky Lab