The Internet of Things (IoT) promises to make life easy, but Panda calls it “the next cyber security nightmare” and CSO ranked “the Internet of malicious things” as the number one threat for 2017. Shortly after the NotPetya ransom-worm, the first ever WIFI-worm was unveiled: broadpwn!
On July the 27th Nitay Artenstein demonstrated the first successful WIFI-worm attack at the Blackhat USA 2017 event. Broadpwn used a vulnerability of the Broadcom WIFI chipset which could potentially impact over one billion smartphones. Luckily both Google and Apple released a patch before public disclosure (ignorance is bliss).
Immediately another WIFI-related scoop came to mind, a practical joke published on July the 18th by Purple, a WIFI marketing and provisioning company. 22.000 people accepted a free WIFI EULA without reading and committed themselves to 1,000 hours of community service, like cleaning toilets at public events (is ignorance really a bliss?).
Combine the agility (by air) of the broadpwn worm with the eagerness of people seeking free WIFI, and the IoT suggests a gloomy outlook of titanic ignorance proportions. But is it really that dark? Let’s have a look at what positive influences can be expected from legislation, law and the increasing insights of the (IT) industry itself.
According to Bitdefender, a Swedish governmental outsource blunder exposed sensitive military data, and the names, addresses and photos of people in the witness protection program. Maybe the resignation of two Swedish ministers and the recent targeted ransom-worm attacks on critical infrastructure are a wakeup call for politicians.
When both the general public and government show little concerns about privacy and security, there is little incentive for smart product vendors to adopt their procedures, protocols and software to the security standards required by the cloud and the Internet of Things.
So our last hope is the (security) industry itself. In our Pi-hole blog we have already noted that antivirus software vendors have partnered with hardware vendors. Tencent and Tesla have taken this partnership a step further. Tencent now owns five percent of the Tesla shares and helps Tesla to improve the security of the car control systems of the Model X. Maybe these cross-industry alliances are the way to tackle the security challenges of the IoT. After all, it makes sense when IT is an integral part of a smart product, IT-security also has to be an integral part of that smart product.