Symantec's Take on the Risk of Things

Image Source:

Smart door locks that can be opened remotely without a password. Potential vulnerabilities of hundreds of millions televisions to fraud or even ransomware. A recall of 1.4 million cars to help prevent vehicle takeover.

These are just a few of the highlights presented in “The Internet of Things" section of Symantec's 2016 Internet Security Threat Report.

Pointing to an increase in proof of concept attacks as well as attacks in the wild, Symantec's analysts concluded designers and manufacturers will have to address fundamental security challenges if the IoT industry is going to deliver on the much ballyhooed $2 trillion in potential economic benefit.

Symantec's own research teams reported that:

  • Hundreds of millions of internet-connected smart TVs are potentially vulnerable to click fraud, botnets, data theft, and even ransomware
  • Multiple vulnerabilities were found in 50 commercially available smart home devices they analyzed, including the door lock that could be opened remotely without a password

The report also cited other IoT security risk highlights from the past year:

  • Researchers have found potentially deadly vulnerabilities in dozens of devices such as insulin pumps, x-ray systems, CT scanners, medical refrigerators in implantable defibrillators
  • Fiat Chrysler recalled 1.4 million vehicles after researchers demonstrated a proof of concept attack where they managed to take control of vehicle remotely
  • In the UK thieves have hacked keyless entry systems to steal cars

The security outlook for IoT unfortunately is not that good, the report’s authors concluded. They expect to see more stories like these in the coming year, affirming that proof of concept attacks are invariably followed by real attacks. They go on to speculate that it may even get to the point that IOT devices become the preferred route for attacking an organization, and potentially the most difficult for incident response staff to recognize and remove.

The answer to protecting people and organizations against the security risks introduced by IoT, according to the study, will require a multilayered, holistic security approach that will need to involve an entire ecosystem of cooperating partners, much like the IT security industry has today.

The members of the Smart Card Alliance agree with this view, and have responded by creating the new Internet of Things Security Council to help move the industry forward. Like its other organizations, the Council will provide a forum where all the stakeholders can work together to solve the privacy and security problems facing IoT, and to create an effective ecosystem that can bring together all of the different layers of technology and services that will eventually be required to deliver workable and effective solutions to these problems.