2018-09-01
Topic: IoTSecurity

Internet of Things... lacking the thing called 'security'

Internet of Things (IoT) devices are simply small computers which can send and receive data over a network, such as the Internet. Everyone's perception of what IoT is depends on what they are exposed to – at home (smart fridges, robotic vacuums), in industry (manufacturing controls and sensor systems), or even a FitBit at the gym.

The benefits of quality of life and efficiency in business and government services is tremendous and so it’s not surprising that the number and different types of these devices is growing exponentially. You may not realize how much IoT has already penetrated your life until one of your device’s security has been breeched.

These devices or 'things' are rushed to market because of the competitive landscape. They have high appeal to the user because they solve a problem. Unfortunately the ingenuity of the creators often lacks mature, battle tested, security expertise.

Example: In 2016, the infamous Mirai botnet was used to orchestrate a large-scale attack on more than 300,000 IoT devices including video recorders, web cams and routers. Unlike other malicious botnets, Mirai only targeted IoT devices. This impaired DNS servers and ended up stalling business operations of multiple companies including Twitter and Amazon. A large number of American businesses were without internet services for a period after the attack and it should have served as a major wake up call to the cyber security community and the corporate world.

The alarming thing is that it only took a list of 61 default passwords (which were not changed by their owners) for the attack to take place. Developers who are actual security pros would never allow a device to function or even ship with such a glaring vulnerability.

Among cyber security professionals surveyed by Pwnie Express in the aftermath of the Mirai incident, 84% agree that the event changed their view on IoT malware and threats. However, Adam Glynn of PriVerify stated, “incidents like this have happened continually for over a decade and if anything have multiplied over the past 2 years since the Mirai incident.” The seasoned team of experts at PriVerify understand the landscape and are uniquely equipped to turn around this trend.

The PriVerify Solution

Foundation First. Instead of leaving the biggest challenges to afterthought, PriVerify already has built its Simple Extensible Comprehensive Foundation (SECF) and is delivering service to a number of platforms, already in its 3rd production release.

PriVerify is built for enterprises and businesses who use IoT and Linux in general (cloud or on-prem) who value the integrity of their data. Learn more or contact the experts directly.

Topics

© 2021 PriVerify Corp. All Rights Reserved.