IoT Security: Real-World Exploits Unleashed
In December 2016, the Internet of Things (IoT) industry got hit with malware, called the Mirai botnet, that took over household cameras and launched a massive distributed denial-of-service attack. Since then, IoT has been inextricably tied to security.
At the upcoming Channel Partners Conference and Expo in Las Vegas, April 17-20, Syed Zaeem Hosain, CTO of Aeris, an IoT services company, will tackle this challenging topic. As part of the IoT conference track on April 18, in a session called “IoT Security: Real-World Exploits Unleashed,” Hosain will explain just how far we’ve come – and not come – since the Mirai botnet.
Hosain will take a global view of the problem: IoT product companies overseas giving security short shrift in order to meet budgets and project launches. He describes cyberattackers with IoT in their sights not as individuals in a basement but state actors with lots of resources at their disposal.
In a Q&A with Channel Partners/Channel Futures, Hosain gives a sneak peek into the insights from his session.
Channel Partners/Channel Futures: What’s one of the surprises coming out of your session?
Syed Zaeem Hosain: I think there are two things that will impact growth and potentially limit growth of IoT solutions around the world: security and scaling. You’ve seen the massive predictions – billions of connected devices in the next 10-15 years – which is certainly possible. But if we don’t look out for the security aspect of deploying all these devices, a misconfigured device or a breached device taken over by a hacker could cause havoc for all of us.
At scale, the problem becomes worse.
If you recall back in December 2016, close to a half-million unsecured video cameras in people’s homes were taken over by a malware that created a denial-of-service attack against mainstream companies like Amazon and Netflix and others.
CP/CF: Have we come far in securing IoT devices since then?
SH: Yes and no. From a yes perspective, the awareness of this as a major issue has grown dramatically. Four or five years ago, people were asking, “What the heck is security?” in the context of IoT. Now, at every other conference, there’s something to do with security for IoT. We have come a long way.
The only problem is that the growth is so large that you still have players, particularly overseas, that are manufacturing products without thinking about security up front. If you think about security after you’ve released your product, it’s too late.
If you take over a car or some product with IoT capability, medical devices, in particular, then you can have an impact on one or more people. If it causes a fatality, it would have serious impact on IoT.
CP/CF: Are we going to see another headline-grabbing IoT security breach this year?
SH: That’s a big concern. I made a brash prediction about six months ago, which has yet to come true but could happen this year. If you look at the connected car and IoT devices, you might see a malware attack that basically tells the driver of the car, “Pay me money or I won’t start it for you.” This would be another wake-up call for the industry.
CP/CF: I understand you’ll be talking about how easy it is to hack into IoT devices.
SH: Unfortunately for a number of devices, it’s pretty easy. Luckily for anything of consequence, it is perhaps not as easy as it might have been. The enterprises we work with are very concerned, very serious about this.
CP/CF: How can channel companies help protect their customers?
SH: It’s a good question. It’s important to realize that we’re all part of the ecosystem. IoT is not an isolated technology but has an impact everywhere. People who are in this space, from developing products to supporting the development, need to think in terms of security.
From a channel partner’s perspective, service providers need to look at their own capabilities. One of the takeaways from the session will be for attendees to want to go back and examine what they’re doing and see what could happen if IoT was attacked. A hacker isn’t just some simplistic person sitting in a basement somewhere but state actors — governments with hundreds of people toiling away at breaking in.