• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Internet of Things — or Internet of Cyber Crime?

Internet of Things — or Internet of Cyber Crime?

  • Posted on:February 29, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
2
The Internet of Things needs effective cyber security solutions, too.

Gartner estimated that at the end of 2016, there will be around 6.4 billion connected objects in use — things like smart refrigerators, smart thermostats, wearable fitness gadgets and even dog collars that let consumers know how their pets are doing. By 2025, there will be 20.8 billion objects making up the IoT. In addition, the Industrial IoT is enhancing efficiency and productivity, effectively transforming the way companies do work.

These smart technologies are keeping people connected and helping to make business easier for the industrial sector. However, no matter how useful the IoT may be, there are still those who would try to exploit vulnerabilities within the system. There are several important ways the IoT is behind in terms of cyber security. Targeted attacks against devices within the IoT are entirely possible.

The problem with smart TVs

These vulnerabilities can exist anywhere within the IoT — even consumers' own living rooms. Trend Micro researchers found earlier this year that some Android-based smart televisions are susceptible to attack via third-party apps that people download onto their devices. These apps contain a backdoor that allows hackers to install other malicious apps and malware onto the system. Since most smart TVs operate using an older version of Android, they still contain the fatal flaw that allows this to take place.

The easy solution to this problem is to avoid installing third-party apps and to invest in effective security software. Since hackers rely on their ability to lure consumers to downloading these apps directly onto their smart TVs, it's important to remember not to fall for these types of social engineering tricks.

Another issue with smart tech: Passwords

A problem that arises within the IoT space is the question of authentication and password use. According to Dark Reading contributor Marilyn Cohodas, it may be possible to have mutual authentication between devices and users, but the solution to this issue may be complex.

"Context-aware security, new gateways and middleware were three measures [LG Mobile Research] said could help facilitate the 'chain of trust' necessary to support IoT," Cohodas wrote.

However, the solution isn't going to be simple. Passwords and authentication issues continue to plague the IoT. Most recently, the app for the popular electric car the Nissan Leaf had to be deactivated due to its inherent vulnerabilities. The NissanConnect EV app allows car owners to control the atmosphere within their vehicles, along with other capabilities. According to Wired, the app's susceptibility was first disclosed by security researcher Troy Hunt, who was able to remotely control a car's heated seating and steering wheel, along with air conditioning and fans.

The issue here is that the app doesn't hide usernames, and the passwords associated with the accounts are more often than not the VIN number that is easily locatable on the vehicle. In other words, it's a simple task for hackers to crack into the app and potentially take charge of the car.

"Anyone could potentially enumerate vehicle identification numbers and control the physical function of any vehicles that responded," Hunt wrote.

This is a troubling consideration. There are tools in the works that will hopefully help to curb the ability of hackers to gain access to the increasingly smarter vehicles that line the roadways.

IIoT security

Yet another area for concern lies in the Industrial Internet of Things. This is the counterpart to the consumer-driven IoT: the connected web of devices that manufacturers and distributors use to streamline supply chain management and develop their businesses. It also encompasses critical national infrastructure, including the power grid, hospitals and the transportation sector.

"The Industrial IoT is much more demanding than the consumer IoT, and breaches are more consequential," said Gerardo Pardo-Castellote, Chief Technology Officer at Real-Time Innovations, a company that focuses on . "In the IIoT the volume of data is larger and the systems require protecting real-time data in motion. This task gets increasingly harder as the systems grow in size and complexity."

In other words, security of the IIoT is almost more important than that of the devices utilized by consumers, because the global economy and marketplace – not to mention health care and the power grid – is beginning to rely on these technologies to function in the most efficient manner. If the devices were to be compromised in any way, the consequences could be catastrophic. It all comes down to the need for effective cyber security within these areas and making sure vulnerabilities are patched up.

Smart TVs, consumer vehicles and the Industrial Internet of Things are all important applications of smart technologies. Malware and other malicious apps that could potentially cause vulnerability within the Internet of Things will no doubt increase as the IoT continues to grow. Security solutions that can negate these kinds of targeted attacks are more important than ever.

Related posts:

  1. Cyber crime: The $2 trillion problem (Part 1)
  2. Identifying and containing new cyber security risks in the Internet of Things
  3. What does global cyber crime look like?
  4. When cyber crime isn’t just about money

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.