Stacey on IoT | Internet of Things news and analysis

Internet of Things

  • Home
  • Analysis
  • Startups
  • How-To
  • News
  • Podcast
  • Events
  • About
  • Advertise
  • Speaking
    • Facebook
    • RSS
    • Twitter
    • YouTube

The IoT is vulnerable — hackers just need a business model

November 26, 2019 by Stacey Higginbotham 1 Comment

— You won’t see next year’s security threats coming until you’ve been hacked.

Concerns about vulnerable connected devices in enterprise and industrial settings have recently been widespread, but for the most part, any hacks have been relatively small and committed by nation states. The Stuxnet virus is one example. However, once a business model emerges that can turn an attack into profits, the danger will explode.

That is the conclusion of a new report from Trend Micro, which is based on its predictions for the coming year. TrendMicro already did a deep dive into risks that will come from hackers figuring out how to monetize the IoT back in September, but it still ranked highly in its 2020 predictions list. Other predictions affecting the IoT involve serverless computing and the threat of supply chain attacks via home workers.

Hackers have already found a business model for enterprise and industrial networks, although currently they primarily attack computers. Hospitals, school districts, and companies fall victim to malware that runs on their computer systems and freezes access until the victim pays a ransom. If hackers can figure out how to apply ransomware to more connected devices, consumers might see their thermostats stop working until they or the thermostat vendor pays a ransom. In the manufacturing world, data theft is already a big concern, but imagine the ability to hold a company hostage with the threat of damaging sensitive connected equipment.

Another IoT-related worry for organizations is the proliferation of containers and serverless computing architectures. As I’ve pointed out in prior columns, serverless computing provides the right economics for IoT because instead of keeping a server always on and configured to receive sensor data and then react to it, an organization can spin up an AWS Lambda or Azure Functions whenever a sensor reports, take an action on that data, and then spin back down. Using a computing instance as needed, and only as needed, makes more sense for the IoT.

In a similar vein, containers also provide the ability to quickly scale a software application up and down as needed. A recent survey found that slightly more than half of the containers used by an organization (54%) only exist for five minutes or less. So what’s the security issue? According to TrendMico, both serverless computing and containers are tough to configure (based on the conversations I have with developers, this is true). Meanwhile, the risk of configuration errors leading to vulnerabilities is high and only getting higher as more companies adopt these ephemeral architectures.

Of particular interest to me, because I work from home and because and it’s something I’ve already been thinking about, was this idea that home-based workers will act as a source of potential risk based on their own insecure networks or compromised devices. According to the report, “Connected home devices serving as a gateway for enterprise attacks is an unavoidable development considering how employees may find these devices (e.g., smart TVs, speakers, and assistants) convenient for work use as well. Enterprises will have to decide on what information security policies to implement to deal with such scenarios.”

Having an employee use a virtual private network to access corporate files is fine for protecting computerized data, but if someone can target a valuable employee and hack their smart speaker to listen in on phone calls, that’s a new level of risk. Perhaps high-level employees will get the SCIFs (Sensitive Compartmented Information Facility) found in government buildings.

The report offers plenty of other risks to worry about and also a few suggestions for how to mitigate them, but it makes for good reading if you’d like to add a bit of doom and gloom to your holiday.

Want the latest IoT news and analysis? Get my newsletter in your inbox every Friday.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: Analysis, Featured Tagged With: security, trendmicro

Sponsors



Become a sponsor

Subscribe to Blog via Email

Enter your email address to receive notifications of new posts by email.

Comments

  1. Nischala Agnihotri says

    November 27, 2019 at 10:35 pm

    serverless computing provides the right economics for IoT because instead of keeping a server always on and configured to receive sensor data and then react to it, — what you said here is so true! Even better now we should lean towards distributed and edge computing using decentralized communication networks for IoT.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IoT Podcast

Listen to the latest episode of the Internet of Things Podcast. Just press play!

Sponsors

Become a sponsor







Get Stacey’s free weekly Internet of Things newsletter

  • This field is for validation purposes and should be left unchanged.

Recent Comments

  • Michael Rada on Podcast: Hacking sensors and securing medical devices
  • Jon Smirl on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Lawrence K on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Hugo on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart

Stacey on Twitter

Tweets by gigastacey
Copyright © 2023 SKT Labs, LLC · Privacy Policy