Read news from:
Austria
SHARE
COPY LINK
PRESENTED BY SEAVUS

Will the Internet of Things rewrite the rules on cyber security?

There’s been lots of hype about the benefits of the Internet of Things (IoT), but ignoring the risks that come with it could have disastrous consequences.

Published: 13 October 2017 09:50 CEST
Will the Internet of Things rewrite the rules on cyber security?
Photo: Pixabay

Not too long ago, the idea of communicating with your kitchen appliances or hopping in a self-driving car may have seemed like science fiction.

But the promise and potential that comes with connecting more gadgets online means that just about anything with an on/off switch can be connected to the internet and a remote controlling device over the same network.

By 2020, more than 50 billion devices are expected to be connected to the internet, meaning our world will become increasingly ‘smart’ as the Internet of Things (IoT) permeates into more parts of more people's lives.

We can already adjust the temperature and lighting in our homes from anywhere in the world; remote diagnostics can be performed on aircraft engines in real time; our cars can warn us of traffic problems and provide alternate routes.

And while all these connected devices may simplify our lives and streamline companies’ production and distribution, it also gives rise to a myriad of new security threats that have the potential to disrupt people’s online lives in new and frightening ways.

“There are no devices that can’t be hacked, it’s just matter of time and dedication,” warns Blagoj Kupev, an embedded systems designer with Scandinavian IT services and software development consultancy Seavus.

Data breaches

And as more systems and devices get connected, more sensitive corporate and personal information gets stored online, meaning an increased potential for hackers to cause serious harm.

Earlier this month, for example, it emerged that a data breach at US credit rating company Equifax may have left the sensitive financial data of up to 143 million Americans exposed.

And in Sweden, revelations that the country’s Transport Administration (Transportstyrelsen) ignored rules about data security resulted in the departure of the agency’s head and two ministers.

High-profile data breaches often involve capable hackers who are able to penetrate complicated security measures at major companies or public bodies.

Photo: Pixabay

But as the number of devices connected to the internet continues to multiply, so do the number of pathways open to nefarious individuals or groups looking to cause harm.

“If you make a cheap, unsecure device that requires users to set up their own security measures, you may sell more devices to more people. But the problem is these people may lack the knowledge to set things up correctly,” Kupev explains.

Even purchasing a high-end smart appliance with lots of security features doesn’t mean things can’t go wrong if users do not know how to use it properly.

“If your router is easily hackable, someone could then easily get access and hack into your smart oven, turn it on, and potentially start a fire in your house,” he continues.

The weakest link

Last year more than 900,000 routers in Germany were knocked offline by cyber-attack experts believe was at attempt to infect the routers with malware. While the attack didn’t result in any smart ovens getting hacked, the incident demonstrated an important principle that Kupev says everyone must remember in today’s connected world:

“The Internet of Things is only as strong as its weakest link – and it’s those weak links that are often subject to attacks”

Part of the problem, says Kupev, is that current cybersecurity approaches and strategies were designed for a time when anyone involved in computing device security likely had a certain level of technical knowledge.

“Now we have to make things usable for ordinary people,” he says. “The Internet of Things requires making it possible for consumers, rather than IT professionals, to be the first line of cybersecurity defence.”

At Seavus, Kupev and his colleagues specialize in designing systems and interfaces that are both secure and easy to use.

“We focus on embedded devices – anything that you can imagine being a part of the Internet of Things – to ensure secure communication between the devices and the network – and that devices always have predictable behavior,” he explains.

Photo: Pixabay

Despite having capable teams of programmers and rigorous testing procedures, many companies – be they retailers, manufacturers, or service providers – still have a hard time seeing the potential vulnerabilities in their own systems.

“There are a lot of companies who think ‘this will never happen’ and then they come back to us six months later saying ‘it happened’,” says Kupev.

The challenge, he explains, is being able to look at things from a different point of view.

“Often a client’s view of things can be quite narrow because they’re used to looking at things from the same perspective,” he adds. “Our job is to help them look at matters from a different angle and uncover vulnerabilities they would have otherwise missed.”

To illustrate his point, Kupev tells the story of an engine maker that invested heavily in ensuring a device’s “regular” communications systems are secure.

“They did magnificent work in securing Ethernet and other standard interfaces, but no one thought about the GPS system that was part of the engine control system as a possible target for hackers.”

No instructions required

Another example that illustrates Kupev’s “weakest link” and “user-friendly” principles involves payment terminals with a system that required service personnel to have special cards to activate the terminals’ service mode.

Since staff kept losing the cards, the company simply turned off the card function and allowed service access without card authentication, exposing the system to serious security threats.

“There are a lot of ‘side entrances’ into systems and devices that people assume are secure but which may not be that secure,” he says.

“We help identify holes in clients’ systems so they can see where the design needs to be improved and then we propose how they can fix it.”

Kupev believes both companies and consumers need to take greater responsibility for ensuring devices are secure and that sensitive data remains safe from hackers and other cyber-threats.

“The arrival of the Internet of Things means that more people need to be aware of what sort of data can be exposed,” Kupev explains. “There are simply lots more devices connected in new ways that are producing more data that can provide a lot of insight into our daily routines.”

First and foremost, companies need to do more to make setting up security features foolproof for the most technically illiterate consumers.

“The key is creating systems and instructions that are easy to follow so that people can set up devices and have control over what data those devices create and how that data is used,” he says.

“You have to make devices user-friendly so everyone can get the setting right even without an instruction manual.”

This article was produced by The Local Client Studio and sponsored by Seavus.

TECH

Danish government party demands ban on messaging app Telegram

The senior party in Denmark’s coalition government, the Social Democrats, says it wants to ban the messaging app Telegram in Denmark.

Published: 4 June 2024 06:47 CEST
Danish government party demands ban on messaging app Telegram

Abuse in the form of “shaming” (Danish: udskamning) is frequently directed at women with Middle Eastern backgrounds within large Danish groups on the app, and the Social Democrats therefore want it blocked in the country, equality minister Trine Bramsen and Mayor of Odense Peter Rahbek Juel said in an interview with newspaper Berlingske earlier this week.

“We have unfortunately seen some terrible examples and a lot of examples of the social media Telegram in particular being used to humiliate young ethnics [minorities, ed.] – particularly young women – and to shame them, well aware that it could have the consequence that their families exclude them or even do worse,” Bramsen said to news wire Ritzau.

The party also wants to clamp down on videos that intentionally provoke “negative social control”, they also said.

The Social Democrats have long held that people from minority backgrounds who live in Denmark can be subjected to social control, for example by parents, families or peer groups, which prevents them from fully engaging in society.

Bramsen and Juel said that criminal punishments should be raised for sharing images or videos where there is an “expectation” that they could result in “serious consequences related to negative social control”.

The party shared what it considers to be some of the offending content with Berlingske. It said this was posted by “apparently Danish boys and girls as well as young people with non-Danish ethnic heritage”. The examples come from a Telegram group with over 10,000 members.

Bramsen said that a ban Telegram would “to a greater degree” be an EU matter, but that she still wants to block the app in Denmark as soon as possible.

“Against other types of … illegal content, it’s possible to put up some filters. It will be a case for the courts in the end. But we must, through legislation, ensure that the right laws are in place,” she said.

“I don’t think we can look the other way as platforms are used for crime again and again and put young people’s lives in danger,” she said.

“You can ask yourself the obvious question of whether we should transfer the same legislation that applies in the physical world where you can close places down and apply bans on assembling at places where crime is repeatedly committed,” she said.

Telegram was launched in Russia in 2013.

SHOW COMMENTS