It’s true that in the animal kingdom there is safety in numbers. But in the Internet of Things (IoT), where billions of devices are expected to be connected within the next decade, the sheer volume of devices isn’t expected to mitigate the security risk. In fact, given that many devices may share the same codebase or hardware design, the numbers will simply increase the risk.
This is the reality of creating a more connected world; it will become easier to infringe personal space both in the real world and online. To some extent modern society has little choice; it needs that level of connectivity.
2 Comments
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Researchers uncover BrickerBot-powered botnet attacks that are designed to brick poorly secured Linux-based routers and other IoT devices
Rash of in-the-wild attacks permanently destroys poorly secured IoT devices
Ongoing “BrickerBot” attacks might be trying to kill devices before they can join a botnet.
https://arstechnica.com/security/2017/04/rash-of-in-the-wild-attacks-permanently-destroys-poorly-secured-iot-devices/
Tomi Engdahl says:
Security expert Peter Neumann discussed the government project he works on that aims to pave a road to provably secure systems. He is a principal investigator for the Defense Advanced Research Projects Agency on CRASH (Clean-Slate Design of Resilient, Adaptive, Secure Hosts), a program that aims to build self-healing systems resistant to cyber attacks.
Such systems are sorely needed. Even today’s devices using a hardware root-of-trust such as ARM’s TrustZone are liable to side-channel attacks or fault injections based on monitoring a system’s power use or sending disrupting energy pulses.
“The IoT cannot possibly survive in the long run if there is no security… There’s no hope if we continue on the path we’re on of putting more and more things online that can be compromised either directly or through the network they are on,” he said, calling companies that advertise they can secure the IoT “a fantastic fraud” and “all smoke and mirrors.”
The CRASH program has developed a formal spec for a 64-bit MIPS system that uses special instructions so “if you don’t have right credentials, you can’t get at an associated object, which might be an entire database or app,”
Even if it’s successful it’s not bulletproof. “You still face key management issues, denial-of-service attacks and insider misuse like a Snowden attack, which is one of worst problems of all,” he said.
Source: http://www.eetimes.com/document.asp?doc_id=1331567&page_number=2