This year’s Kaspersky conference was held in Cancun, Mexico and one theme that was constantly resonated during the conference was the reminder of the serious gaps in IoT security. Researchers are finding security flaws with connected gadgets more frequently and this brings to mind a phrase coined by Oleg Šelajev in 2016, “The ‘S’ in IoT stands for security” of course we are all aware that there is no ‘S’ in IoT. As more homes and businesses purchase more connected devices to make life easier for themselves the issue of security still looms over our head.
Juniper research estimates that businesses are likely to spend $134 billion annually by 2022 on cybersecurity alone while the IoT sector will likely grow to 20.4 billion devices by 2020. The growth is an expected and appreciated one but, the addition of more devices simply means that there is likely to be more venerabilities. The threat seems to be growing worse and researchers are ringing the bell of warning but no one is taking heed. Denis Makrushin, a Kaspersky Lab researcher explained, “We demonstrated problems last year… This year, it’s the same problems, but now with huge numbers.”
Security researchers at Kaspersky’s 10th annual summit took their time to explain and show off the vulnerabilities that exist in the connected devices that are beginning to dominate our home and workspaces. Panels by panels detailed how you could hack robots, gas stations, a yacht, a car, industrial control systems and hospital tech. Most commonly, devices that are more venerable are the older devices that people still buy and make use of.
A total of 27,716 open entry points for a hacker was discovered in hospital IoT gadgets. This shows how vulnerable we are as Yury Namestnikov, a researcher, attributes this to a rise in internet-connected devices in hospitals, some of which might not even be medical equipment. Hospital security is a huge concern as it stores sensitive data that are quite easy for hackers to target. It is no surprise that with the rate at which hospitals are embracing connected devices, they were among the first victims hit by the WannaCry ransomware attack, preventing patients from getting urgent care while computer systems were locked up. Namestnikov gives a bit of advice, “If you’re an administrator, you need to decide what kind of stuff needs to be on the internet… You need to make an inventory, what’s connected and what you should protect.”
There are boundless possibilities of discovering security vulnerabilities as Lucas Apa, a researcher from IOActive demonstrated by hacking the Pepper and Nao robots. Ido Naor, a Kaspersky researcher, on the other hand, explains the curiosity of researchers, “As researchers, we walk around the world, and check out everything, marks, logos, different types of devices we’ve never seen before, and it tickles our mind to look for information about it.” After discovering issues with more than 1,000 internet-connected gas stations, Naor says he’s always keeping an eye out.
Researchers are not the only curious about these devices as hackers are also searching for loopholes as well. There are ways to keep up a tight security and they include ensuring that you stay up-to-date on the latest in hacks, breaches, fixes and all those cybersecurity issues.