If there is a cyber war, we all know who’s at default
Are we at cyberwar yet? There’s been enough warnings, says freelance technology writer, Nick Booth. Iran is reportedly on the brink of war with the US and China is sending waves of state-sponsored hackers straight to the front line the minute they graduate from Malware School.
There’s an overwhelming consensus that the world’s Internet of Things (IoT) networks are massively vulnerable and minimally protected.
My brain’s memory is spilling over with more Internet Security Threat Reports of 2019 than I can process, so I’ll just stream the headlines as they whiz past.
Symantec says routers contain 75% of all infections, five times more than the next most likely turncoat, the connected camera, which are five times more likely to be hacked than last year.
Sensors are insecure, too
Sensors are not to be outdone in the insecurity stakes. Whether they are taking temperatures, measuring printers or just monitoring the population, these dumb devices are doing a great job for the wrong side.
Instead of fixing the problem, however, everyone is answering questionnaires.
Irdeto’s survey of 700 global enterprise decision makers confessed that only 7% of them felt they had everything they need to be secure and 80% had been breached in the last 21 months.
The most scandalous statistic is that 80% of device makers worry their products aren’t secure enough to withstand a cyberattack.
Will nobody take responsibility? Isn’t technology supposed to be the industry of creative solution providers? How come there is such a lack of creativity in solving the basic problems?
One of the biggest gaps in any IoT is usually caused by default password syndrome, reports Keiron Shepherd, senior systems engineer for security vendor F5 Networks. So what are we doing to rectify that behaviour and encourage people to make password changes?
Not a lot.
The device makers seem to be doing everything they can to help the service saboteurs. They publish their vulnerabilities online and the Cyber Creeps can even enjoy the services of a specialist search engine, which gives them all they need to know about every model of router, camera or sensor.
They can get default passwords, details about models that are no longer being supported, IP addresses and geo-locations. Good grief: it’s practically cybercrime as a service.
Surely, it’s in the gift of the IoT industry to put the same amount of energy into crime prevention. Why don’t they set up a Cyber Police Force?
Policing in the Middle Ages
Policing goes back to the Middle Ages, when a volunteer identified trouble and called for help from everyone. This ‘Hue and Cry’ system is half-formed already. There’s plenty of crying in the modern global village, but not much hue ‘can do’.
The problem is that honest vendors who declare their vulnerabilities get to look worse than the dishonest ones who keep quiet. At the moment, no good deed goes unpunished, and the IoT players need to get together to change this, says Shepherd.
This is an inventive industry. There must be initiatives we can think up to galvanise the public. Why not give them a prize if they have demonstrably changed the password on their kit? Or devise some witty campaign slogan that at least raises awareness of identity theft in the Internet of Things. “Don’t be a global village ID IoT.” That would make an evocative cyber war poster.
The author is freelance technology writer, Nick Booth.