As we look ahead toward the cyberthreats facing us this year, some key challenges will result from the advancements in technology that are becoming part of our daily lives. Ranging from the Internet of Things to online currencies, devices and systems have never been more interconnected. Before we adopt these new technologies, we need to ensure we understand the security implications and have appropriate layers of defense in place.
Below are highlights of several of these new advancements and how they may affect us.
The Internet of Things
What is the Internet of Things? Put simply, the Internet enables connectivity from virtually any end-user device or thing. The latest trend is connecting things such as small appliances, refrigerators, personal medical devices, wearable health trackers and many other items.
One of the most common examples of how the Internet of Things impacts our daily lives is the automobile, which has become a sophisticated computer device. Researchers have demonstrated the ability to hack an automobile’s systems to control the brakes, steering wheel and even shut down the engine. Numerous discussion forums focus on the use of vehicle-to-vehicle (V2V) technology, which will allow vehicles to talk to each other via wireless connectivity.
Bluetooth®, which is a standard feature in many automobiles with options to include a personal hot spot, can allow a modern smartphone to connect to the automobile’s stereo system to receive continuous Twitter® feeds, or a system that may allow a technician to provide assistance in case of emergencies. Researchers have discovered ways to inject malicious codes or programs through CD players or iPod® connectors. So theoretically, an infected song on your iPod or CD, when played in your automobile, can potentially spread malicious code from the automobile’s entertainment network to other components of the automobile without many restrictions.
In another example of how the Internet of Things can impact us, a recent news story suggests electric teakettles and other small appliances were able to exploit unencrypted Wi-Fi® and send data back to foreign servers.
Internet-connected devices that are able to process sensitive personal information tend to be high-priority targets for cybercriminals. It will become increasingly critical in 2014 to protect these devices from unintended or unauthorized connectivity.
A Bitcoin is a digital currency stored in a downloadable wallet on a user’s personal computer or with an online wallet service provider. Each wallet has a unique identifier that allows users to transfer bitcoins to other users’ wallets. Bitcoin is a decentralized, peer-to-peer payment system with no current regulatory authority. It is gaining popularity, with mainstream businesses adopting it as an alternative form of payment or investment.
While the long-term use of Bitcoin is uncertain, at least for the near term in 2014, the increasing adoption and publicity will continue to draw the interest of cybercriminals who target Bitcoin users’ wallets for theft or compromise systems to generate bitcoins via malware infection.
Mobile Transaction Risks
Every new smartphone, tablet or other mobile device provides an opportunity for a potential cyberattack. New features such as near field communication (NFC), as well as AirDrop® and Passbook® for Apple®, will continue to expand in 2014, increasing the opportunities for cybercriminals to exploit weaknesses. NFC and AirDrop allow for similarly configured smartphones to communicate with each other by simply touching another smartphone or being in proximity to another smartphone. This technology is being used for credit card purchases, boarding passes and file sharing, and will most likely be incorporated into other uses in 2014.
Risks of these technologies could include eavesdropping (through which the cybercriminal can intercept data transmission such as credit card numbers) and transferring viruses or other malware from one NFC/AirDrop-enabled device to another.
Before adopting any of the myriad new technologies that are being rapidly deployed, it is important to understand the implications and risks. While interconnectivity can yield many benefits, the risk could outweigh the benefit if the devices, systems and technologies are not properly secured.
Resources For More Information
- Georgia Tech: Emerging Cyberthreats Report
- Sophos: Security Threat Report 2014
- Websense: 2014 Security Predictions
- Symantec: 2014 Predictions
If you have questions about the content of this newsletter or any general security-related questions, please contact Jeremiah Bristow, director of corporate and information security, at 800-537-5427, ext. 4124.
BROUGHT TO YOU BY SHAZAM and SHAZAM SECURE Comprehensive information security systems