This weekend I realized just how much the future of securing the Internet of Things (IoT) will become a critical component to maintain our lifestyle.
CyberPatriot is the National Youth Cyber Education Program created by the Air Force Association to encourage careers in STEM. Each year the program sponsors a contest where students compete in a series of cyber defense exercises that use Linux, Windows OS and Cisco. During the competition, the teams identify vulnerabilities and secure the images.
I mentor the CyberPandas, the Delaware State Champions for the past four years. The Padua Academy where members of the team attends offers classes on cybersecurity, IoT Arduino and IoT Raspberry Pi.
“I am grateful to the Padua Academy administration for having the vision to allow this all-girls school to excel in a field so underrepresented in high school education,” says Fred Stinchcombe, the director of technology at Padua Academy. “This is especially true when you take into account the gender bias so prevalent in technology today.”
You might think the students are learning how to secure IoT. But in reality they’re learning the ethical hacking of IoT devices. This asymmetric approach represents the level an enterprise security department strives to operate with. When practicing offensive security, the security professional can get a better understanding of how best to execute defensive methods.
One of the young ladies told me how she “rickrolled” her teacher by using USB Rubber Ducky, a keystroke injection tool. Rickrolling executes a payload that plays “Never Gonna Give You Up” by Rick Astley on a loop no matter what action is executed on the target’s computer. Her next step will be to use a Wi-Fi Pineapple for her rickrolling trick. This will give her the ability to attack multiple devices at one time. By understanding how to execute a vulnerability at a single level and then on a larger scale she can formulate the best defensive cybersecurity measures for each aspect of an attack. Less than a year from entering college, with the underpinning of the ethics and skills acquired through this type of course offering, she is already steps ahead in becoming a cybersecurity professional.
With the advances in technology and the growth of IoT, the next generation will have cybersecurity skill sets that will surpass what we know today.
Smart, Connected and Convenient
In the near future, the IoT will connect every aspect of our lives to the Internet. According to the latest edition of the Ericsson Mobility Report the Internet of Things (IoT) is set to overtake mobile phones as the largest category of connected devices by 2018. By 2020, Gartner states we will have close to 21 billion IoT devices. That’s three times the amount we currently have today.
IoT devices have made our life so much easier. We can simply reorder our favorite drinking water with a press of a button in our fridge. We can see who is ringing our doorbell and talk to them even if we’re away on vacation. Lights can turn on just the sound of our voice. From a phone in our purse or pocket we can stream music into a hearing aid.
Being social has never been easier. We can exercise with friends globally or virtually share our seat at a concert. Doctors from different hospitals can watch a patient on an MRI machine. They can collaborate and interact with colleagues and the patient in real time. A person can have their medicine or ensure their heart beats at a normal rate without missing a step. Future IoT devices will connect us to the internet through our clothes, driverless cars will take children to the mall, and we can tell the sanitation company when our trashcan is full.
IoT devices are amazing. However, they hold personal information about us that we don’t want to share with others.
Data-Rich: It’s All About You
To do all the things I listed above, IoT devices collect information about our location, our spending patterns, our preferences for products, secure our homes, and, of course, our user IDs and passwords.
According to research by Hewlett Packard Enterprise (HPE), 60 percent of the tested IoT devices raised “security concerns” with their interfaces. The paper also reported that 80 percent of devices either required no password or permitted passwords of insufficient complexity. With so many devices and unknown configurations here are some steps you can take to protect yourself against an IoT attack.
Start Protection at Home
In the home, disable Universal Plug and Play and remote management from your router. This might seem trivial but you’ll be surprised how an attack in your home can occur without your knowledge.
For example, your teenagers have their phones connected to the home Wi-Fi. They’re always on their phones checking social media, especially to see how many followers they may have on a particular application. To make their life easier they download an app that alerts them when they have a new follower or if someone has unfollowed them. Behind the scenes this unsecured application may have malicious code that can do anything from stealing information to compromising your router and turning it into a bot.
How will you know this has occurred? You might not notice right away but your Wi-Fi will be inconsistent by being slow or dropping service. Sometimes the malicious code only remains in the memory of the device and power cycling it will cure the problem.
Protection on the Go
In public, only connect your IoT device to a public Wi-Fi if absolutely necessary. If you have to connect remember to use strong password management and then power cycle the device after disconnecting. If your IoT device becomes infected, your personal information, banking passwords, credit card numbers — any information on the IoT devices — can be compromised. In turn, if you connect your infected device to your home Wi-Fi, other devices that connect to your Wi-Fi can be compromised and so the cycle continues.
There are tremendous benefits of smart technology. As we start using it in most aspects of our lives it is critical to understand how to use these cutting-edge innovations in safe and secure ways. These two tips will help keep your devices protected and your personal information yours.