Kontron (News - Alert) recently announced a new hardware and software security platform for Internet of Things (IoT) environments. It uses multi-layer encryption and real-time analytics to secure all points across the network and detect rogue devices as they attempt to connect.
This announcement comes at an opportune time, given that the IoT is growing at a rate that outpaces efforts to secure it even adequately. A report commissioned by AT&T (News - Alert), for example, found that in the past two years, vulnerability scans increased in IoT devices by 458 percent!
One of the more alarming stories of IoT vulnerabilities happened back in July. Wired senior writer Andy Greenberg volunteered to test drive a Jeep Cherokee while researchers Charlie Miller and Chris Valasek hacked into Uconnect, an Internet-accessible system available in recent models of Fiat Chrysler vehicles.
Miller and Valasek were able to remotely control the Cherokee’s air conditioning, radio, windshield wipers, and transmission, obscuring Greenberg’s view of the road and disabling the vehicle in the process. Later hacking attempts caused the brakes to be disabled and the vehicle ended up in a ditch.
IBM’s (News - Alert) X-Force, a team of ethical hackers, recently hacked into the building automation system (BAS) of a so-called smart building occupied by a business with multiple offices across the U.S. The vulnerabilities that the team exploited would have given them access to all the BAS units of the company and its branch offices.
As a result of their testing, the team came up with a fundamental list of security procedures, like avoiding storage of passwords in clear text form, which BAS operators should follow to reduce the possibility of future breaches.
In light of these IoT horror stories, the typical dismissive responses might be to avoid driving cars with Uconnect and that the worst a hacker can do by compromising a BAS is to crank up the A/C a little. Such ‘head-in-the-sand’ attitudes won’t solve problems. If a hacker can compromise a BAS, it’s conceivable that they could access a company’s regular computer network and steal all kinds of valuable information.
If there is anything to be learned from Kontron’s announcement and these stories, it’s that the time to secure the IoT is now. The future is an exciting one for automated homes and self-driving vehicles, but these are still networked computing environments. They can be hacked just as easily as the server at the office can be when the effort to secure them is lax.