Cyber-attackers and security researchers focused on finding and attacking vulnerable devices on the broader Internet of things in 2013, a trend that will only accelerate in the coming year, according to security experts.
The rapid adoption of network-connected devices by consumers and businesses will make the so-called Internet of things more attractive to vulnerability finders and cyber-criminals bent on mischief.
From TVs to thermostats and from medical devices to home security, a range of devices are being connected to the Internet and exposed to risks for which they might not be ready, vulnerability management firm Rapid7 said in an email statement to eWEEK.
“This is only set to continue—we’re already seeing network-enabled toasters, kettles, fridges and much more emerging,” the company stated. “Unfortunately, researchers have found time and again that security issues abound on embedded devices, and they are typically very poorly patched.”
Attacks against embedded devices have been rare so far, but security researchers have noted that recently the pace of attacks has accelerated. In November, for example, Symantec posted a brief analysis of a worm, dubbed “Linux.Darlloz,” that targeted a variety of Linux distributions with evidence of variants created for chipsets that are normally found in home routers, set-top boxes and security cameras.
A major problem is that security is usually an afterthought during the creation of embedded devices. Companies are more concerned with getting the product out the door and not whether the design of the product can be exploited to compromise the user’s data, according to Rapid7.
In most cases, engineering teams do not collaborate well enough with other teams in the same company nor with users among their customers, Phil Packman, general manager for security enablement at telecom giant BT, said in a blog post. That lack of communications leads to bad designs and missed opportunities to secure their products, he said.
“It is often hard for the engineer to ‘connect’ in the course of his day job, and an external attack can seem quite unlikely,” Packman said. “On the other hand, clients who rely extensively on automated control systems with remote monitoring can easily see how this risk is very real for them, carrying with it consequences that don’t bear thinking about.”
Considering how pervasive Internet-connected devices are in our lives, one company claims that 2014 will see the first murder carried out using such a device that was compromised by a cyber-attack.
In its predictions for 2014, Internet Identity, a brand-security company, posited that companies and consumers will see the dark side of the Internet of things by 2015, with hackers learning how to cause chaos in people’s home in the next two years.