Evolving Our Security in 2016
With new technologies and products being developed on a continuing basis, at almost rapid speed, it’s important that we be able to adapt accordingly. This idea is no more important than in the security of these technologies, when countless amounts of our personal data can become susceptible to hackers, thieves and all sorts of cyber-criminals.
Let’s take a look at some of the areas we’ll need to focus on with greater emphasis in 2016:
Internet of Things
While the buzz around the Internet of Things (IoT) has been around for a while, in 2016 we’re set to see a significant increase in IoT adoption. With IoT there’s an understanding that any device can be connected to the Internet, whether phones, coffee makers, washing machines, web cams, fridges, thermostats, wearable devices and almost anything else you can think of. But IoT connectivity also applies to machine components, for example, a jet engine, oil rig drill or power plant pump.
To date, most consumer IoT devices have been selling in the hundreds of thousands as connected devices, sensors or controllers while enterprises are buying IoT in larger quantities for utilities such as smart meters and smart grids. This upward trend is set to continue, and some analysts have predicted sales upwards of one billion devices within the coming 12 months.
Certainly vehicle connectivity is one rapidly growing IoT area, and it has implications across telematics, automated driving, infotainment and mobility services. But the connected car is already a reality, and in-vehicle wireless connectivity is rapidly expanding from luxury models and premium brands to high-volume midmarket models, and researchers have already proven how IoT-loaded vehicles can be hacked. In fact, last year, vulnerabilities led to vehicle recalls for some major manufacturers.
It’s important to note that as companies build out their IoT ecosystems, whether for the consumer or business market, connectivity and security standards are almost nonexistent. Most of these projects involve customization and add to this the fact that there isn’t one dominant technology service provider in the IoT space and the approach to standards is at best fractured.
And of course all of this has implications for security. In fact, during 2016 we’re set to witness more examples of security vulnerabilities related to IoT. This is inevitable. The lack of standardization means IoT is an incredibly fragmented space and one in which network security has not been a priority for device manufacturers.
As a result, there are issues such as data that is not encrypted, insecure web interfaces and not enough software protection. In a sense, the security issues faced everyday by IT teams such as network, application and mobile security are all combined in IoT devices. If IoT plays out as expected, with billions of devices chatting to each other and a lack of security protocols, it’s going to result in major vulnerabilities.
Thanks to these factors, IoT is going to be the new target for hackers, and you can expect to see a lot of hacking endeavors aimed at IoT devices. This won’t just be hackers flexing their coding muscles on new challenges but hackers also attempting to penetrate networks using IoT devices as points of entry. There is also the potential for hackers to attempt to create IoT botnets. In fact, we’ve already seen one instance of a compromised IoT CCTV network, so don’t be surprised to see it happening more frequently.
Biometric technology is also becoming more commonplace. One sign of this is the biometrics system embedded into the Windows 10 operating system.
Windows Hello allows you to log in with your face, eye or fingerprints. However, to use Windows Hello, you need hardware enhanced with biometric capabilities. That said, its inclusion in Windows 10 means that it is becoming a standard for PCs, laptops and even mobile phones.
Passwords are the most widely used means of accessing PCs, laptops and smartphones, but as consumers recognize the ease of biometrics, the newer technology will become more commonplace. In the past, industry players such as Apple have installed fingerprint biometrics in their devices, and it’s also been possible to use drawings and fingerprints on phones running on an Android platform.
But adoption has largely been slow because finger scanning can sometimes be frustrating if your screen or hands are dirty. It’s sometimes easier just to revert to passwords. But as the technology becomes more cost-effective and easier to use, expect to see wider uptake, especially around facial recognition technology.
Biometrics has already gained ground in government buildings and businesses. In fact, it is now common to walk into a government agency or corporate environment and expect to see the use of facial biometrics, eye scanning, body scanning cameras or use of smart cards embedded with biometric information.
While this has actually been the case for several years in the consumer arena, there has been resistance with people widely considering the technology invasive and intrusive. However, as biometric systems become more responsive and easier to use, more people will see the benefits and consequently adopt these powerful security systems.
This brings us back to biometrics in Windows 10 — its inclusion signals the beginning of significant uptake of biometric technology among consumers.
Smart watches and wearable technology such as fitness-tracking wristbands have already made their mark, but these inroads are set to become even deeper during 2016.
Smart watches are here to stay, and their use is going to become more commonplace as architectural designs and processing power increases. But smart clothes will also gain a foothold.
Smart shirts have been available from companies like Adidas for some time. However, they have been aimed at professional athletes to measure heart rate and respiration by connecting to a smartphone via Bluetooth.
But regular garment manufacturers are also beginning to express interest in the technology. Ralph Lauren has already produced the Polo Tech smart shirt while smart sports bras and t-shirts and smart socks have also been released aimed at the casual sports market.
But wearable products aren’t just about fitness. Recently German logistics company DHL carried out a pilot program with Japanese technology maker Ricoh and German wearable tech company Ubimax. This involved providing DHL warehouse staff with smart glasses rather than the usual hand-held product-picking devices. The result was a 25% increase in efficiency over the trial period.
Disney has also become a pioneer in wearable technology by using RFID wristbands to enable visitor entry into its resorts and theme parks and even for purchasing services by linking it to a credit card. The battery-powered “MagicBand” is bought at the Disney Store and includes customization options. Apparently Disney is planning to spend $1 billion on the system.
It’s also interesting and important to note that common business tools such as Salesforce have also developed apps for smart watches. Truck manufacturing giant Scania is urging drivers to adopt smart watches, Fujitsu has developed wrist-based devices for field workers and smart watches are replacing pagers in some US hospitals.
All of these developments point to one thing; 2016 will be the year when smart wearables start to become mainstream, especially in the business world. But like other IoT products, wearable devices are hackable, and the weakest link in the wearables space is the mobile device.
Wearables tend to link to a mobile device over Bluetooth. This short-range spectrum is used to send and receive data between the wearable device and the mobile. This makes the mobile a prime target for hackers.
Hackers typically gain access to the data on your mobile through apps loaded with malware. Hackers can use these malicious apps to make phone calls without your permission, send and receive texts and extract personal information.
They can also, due to the wearable, track your location through GPS. Once hackers have access to a mobile device, they have a lot of control and a profusion of information that can be exploited.
In one way or another, drones have dominated the headlines for some time, whether used for spying on celebrities or evaporating terrorists. But their usage is now expanding beyond the predictable.
The ready and cost-effective availability of depth perception cameras now means they are easily added to ‘”domestic” usage drones expanding the footprint. These cameras allow drones to navigate around obstacles and crowded areas without bumping into anything. ‘”Real sense” technology from Intel senses when there’s a building or object that needs to be navigated, and the drone accordingly alters its course.
Some news outlets are using them to great effect to report from war zones with graphic and compelling images. Drones are now being introduced into agriculture to take photos of plants and using learning technology to detect unhealthy crops. Construction companies are using drones and robots to create 3D models of terrains. Some sporting events are regularly covered by drones, and there’s also a drone that requires no flying at all. You just throw it in the air, and it follows and records you.
We’ve all heard about Amazon and Google’s plans for drones, and both companies are talking about one-hour shopping deliveries from the time of order via drones.
The recent Consumer Electronic Show at Las Vegas, always a weathervane for new developments, was full of drones on display, and you can’t walk past a gadget retailer without seeing a raft of different spec drones for sale. Even drone manufacturers are being tipped for stock market growth by investment analysts.
Without a doubt, 2016 will be the year of drones, but drones are hackable because essentially they are flying computers.
One way to hack a drone involves intercepting its navigation system. Communications links can be jammed, which disconnects a drone from its controller, and then it can be made to switch to autopilot. It can then be sent the wrong GPS coordinates, tricking it into believing it is somewhere other than where it is. Intercepting data links from the drone is also easy to do if the feeds are not encrypted.
Delivery drones could be hacked to steal their cargo or the machine itself. A drone could be redirected and tagged with a tiny broadcasting camera, allowing a hacker to spy on sensitive commercial information. And of course, drones can be used for criminal activities too. Researchers developed one drone that successfully stole Amazon, PayPal, and Yahoo credentials from mobile devices while testing it in London.
But today there are few systems in place to detect and intercept drone attacks or stop hacks. Given the increasingly popularity of drones, we can expect to see some high-profile drone hacks in the coming 12 months.
Ransomware is set to accelerate pace in the coming 12 months. According to some analysts, instances of ransomware during 2015 grew significantly. Typically ransomware locks down a user’s system and demands a ransom to de-crypt the data. These types of attacks in the recent past have generally been spread through phishing emails, but the signs are that attacks are becoming more targeted, aimed at businesses, gamers and those with digital wallets.
It’s a worrying trend given that ransomware is one of the most pernicious, insidious and successful forms of attack used by hackers. Victims are often paralyzed into giving in to the hacker’s demands when their computers effectively seize up and they are unable to access their data, whether its business information or personal files such as photographs.
Even the FBI conceded last year that it had a tough time protecting the public against the Cryptowall ransomware virus, which in a previous incarnation was known as CryptoLocker. But new variants and strains are emerging all of the time.
Eastern European cyber mafias are typically behind the ransomware plague, and interestingly, they appear to test their code in Europe before launching it into the US and Canada. It won’t be surprising if they begin specifically targeting companies that don’t want their business disrupted or their intellectual property compromised.
(About the author: Paul Lipman is the CEO of BullGuard)