XSS vulnerabilities in a video camera monitoring web service that allow cyber-criminals to remotely access user audio/video recording by injecting malicious code.
Now that the new year has started, we are already seeing the first major vulnerabilities with Meltdown and Spectre chip design issues. There are so many connected devices, running a mix of hardware chip sets, modified operating systems, and using a mix of protocols, multiple services and applications – the threat vector for a potential comprise is expanding exponentially. This includes not just the traditional computing devices, such as laptops, PCs and smartphones, but also the smart-home IoT devices which are dramatically increasing in number . The shear amount of variations and combinations has a direct correlation to the discovery of security vulnerabilities and the exploitation of these vulnerabilities by hackers and malware authors. This is only going to get worse.
The number of Internet of Things devices is booming. Gartner predicted that 8.4 billion units were in play last year, and the numbers will explode to 20 billion by 2020. A significant number of these things are ‘insecure by design‘ with fixed or difficult to change settings and the Mirai malware dramatically showed how these devices could be enslaved into a botnet to distribute spam or knock sites off the internet via DDoS attacks.
We see three major issues when it comes to IoT security: privacy, ransomware, and blackmail. As a direct threat, we expect to see ransomware adapted for smart devices, potentially bricking the device – or the home – until a ransom is paid. Secondly, this flood of unencrypted data from smart homes will be captured and misused in a blackmail scenario.
2018 is the year of GDPR, the EU attempt to place privacy control and awareness back into the hands of the individual. Yes, this raises the privacy bar by increasing awareness, but the bar remains too low, as the nature of the internet and its “globalness” will render these laws largely insufficient and useless. While GDPR will cause costs and potentially result in an array of legal cases for high-profile companies, the larger group of individual app developers, web-site owners, and other businesses will continue to consciously – as well as unconsciously – act inappropriately and disregard basic data privacy.
Protecting the individuals’ privacy requires a combination of services, which enable the user (in a way that is easy to understand) to be aware of, and define, the definition of privacy they consider relevant.
The world is going through a massive evolution, as nation states become less powerful and global corporate brands (Apple, Facebook, Google, Amazon & Microsoft) become more powerful. Virtual currency reduces both the influence of a government and their central banks (which are all interested in the economic well-being of their individual countries). While early in its development, cryptocurrencies can be seen as an attack on the nation state. Altogether, traditional nation states are losing power because of these newcomers. This fear of losing power is causing a backlash of laws and protectionist initiatives across various areas; net neutrality, regional sourcing, data privacy, etc.
Overall, as a society and as individual, we are benefiting greatly from these new technologies and services. We can do things faster, better, and cheaper than ever before. At Avira, our goal is to help people best profit from these developments, while ensuring their security baseline continues to improve. To fulfill that promise, we have expanded our portfolio to not only detect and delete malicious threats, but also to prevent unwanted events from happening in both the traditional world of devices as well as within the smart-home.
In late 2017, we launched Avira SafeThings™, our security platform for the IoT. It automatically secures connected devices in the home, thanks to its machine learning and artificial intelligence expertise. SafeThings™ is delivered to the home via the router or the internet service providers, freeing users from the need to be the information security officers for their smart devices.
You can download the SafeThings whitepaper for free.
This article first appeared on blog.avira.com on 18 January 2018