The IoT Lock Up

By Enrique Pavlioglou

Ever since the creation of the Internet, connected devices and security have gone hand in hand. Unfortunately, as security technology advances so do the hackers and malware that infect devices. It’s doesn’t come as a surprise that with the wake of IoT, new security risks are popping up in all of the verticals. Recently UBI and automotive technologies have been scrutinized, since what was once said to be “impossible” is now a reality, i.e. cars can be manipulated wirelessly through interfaces that are standard for some cars—and even some plug-in devices as well.

A little over a month ago Wired showed us how hackers could control a Jeep Cherokee thorough a cell phone’s cellular network that is connected to the truck. They were able to access vehicle functions such as radio, air-conditioning, accelerator, and wipers. However in more recent news, researchers from the University of California at San Diego have revealed how one can hack a car through a small 2-inch dongle that insurance companies use to track a vehicles driving patterns and mileage usage. There was no need for a powerful computer or fancy software to do so; researchers used their phones to send messages to the vehicle. The messages later made the vehicle utilize its brakes. Even though the message only worked at slow speeds, it still opens a door for more questions. How much access to vehicles do hackers have? And how can they use it to their advantage?

Security attacks and breaches are by no means limited to UBI or the automotive industry. Threatpost recently brought to light how Android patched one of its flaws that impacted at least 55 percent of devices. IBM characterized the flaw as “serialization”, this means the vulnerability lies within the platform, and the versions affected were 4.3 to 5.1 (Jelly Bean, Kit Kat and Lollipop). This flaw allows malware to unsuspectingly infect the android device and take control of it without the users knowledge. The malware also allows the attacker to carry out actions as if he or she where the user. The final exploit for hackers will be to acquire information from apps like KeyChain that hold all of the users sensible information including passwords and user names for various account.

IoT is ever advancing. It has a wide variety of uses throughout public and private sectors. All data coming from these devices must be protected adequately. As the IoT advances, security should always be one or two steps in front and always cautious of new threats.