photo RSMAtnWebAdRed13.jpg

The Computer Corner

Key

By Charles Miller

On several occasions, I have joined the chorus of professionals who are raising alarms over the Internet of Things (IoT) and its vulnerability to hacking. It is already happening that users suddenly find their Internet connection not working, and when the problem is located, it is discovered that their refrigerator or garage door opener had been hacked and was being used by a botnet to send out tens of thousands of spam emails every day.

As Internet-connected devices become increasingly ubiquitous, they also become susceptible to evolving and complex cyber threats. One of the most hilarious, or ominous—depending on your point of view—is the recently-revealed software bug in the LG SmartThinQ app that permitted hackers to remotely take control of the homeowner’s Hom-Bot vacuum cleaner, driving it around the house while using its video camera to spy on anything in the device’s vicinity. While fastidious owners think the autonomous vacuum is busy cleaning, in reality, it could be inventorying their valuables before a robbery. Check out the video at https://youtu.be/BnAHfZWPaCs.

Earlier this year, a bipartisan group of US senators introduced legislation, the “Internet of Things Cybersecurity Improvement Act of 2017” that would establish minimum cybersecurity standards for products purchased by the US government. The bill proposes to leverage the federal government purchasing power to improve the security of IoT devices by requiring all items sold to the government meet certain minimum standards of security. Sellers would be required to provide the following written certification about their product: (1) does not contain any known security vulnerabilities or defects listed in the National Institute of Standards and Technology’s (NIST) National Vulnerability Database; (2) uses industry-standard technology for communication and encryption—no secret or proprietary protocols; (3) does not have hard-coded and unchangeable passwords; and (4) is capable of receiving “properly authenticated and trusted” patches and security updates provided by the manufacturers.

That last provision is the biggie. For far too long, the manufacturers of IoT devices have gotten away with a sell-it-and-forget-it attitude. Because of this practice, there are billions of smartphones and other IoT devices that will never be updated and in many cases cannot ever be updated to protect against newly-discovered security vulnerabilities.

One manufacturing industry website was quoted as writing, “Contractors should keep an eye on this proposed bill, because if it becomes law, it will impose new, potentially onerous obligations on contractors.”  English translation: If this bill becomes law, then manufacturers of IoT devices will be forced to do what they should have been doing already: caring about the safety and security of those who use their products.

Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 044 415 101 8528 or email FAQ8 (at) SMAguru.com.

 

Comments are closed

 photo RSMAtnWebAdRed13.jpg
 photo RSMAtnWebAdRed13.jpg

Photo Gallery

 photo RSMAtnWebAdRed13.jpg
Log in | Designed by Gabfire themes All original content on these pages is fingerprinted and certified by Digiprove