A man walks into an agency and unknowingly sends network passwords to hackers with his “smart” shoes.
Mrs. Andrews looked through her “smart” camera lens at the White House; she didn’t know a hacker in Asia was doing the same.
Mr. Jones didn’t know that his Pentagon audience also included criminals in another state, who recorded everything he said with his ”smart” watch.
Today, these three scenarios sound futuristic. But if expert predictions pan out, the market for wearable technology will explode over the next three years, bringing about the age of the Internet of Things and everyday cybersecurity issues like the aforementioned. And thanks to a recent Symantec finding, hackers aren’t waiting for popular adoption before using what’s already on the market to spy.
You think BYOD is bad now? Hold tight.
What is the Internet of Things?
Kevin Ashton coined the term the Internet of Things in 1999. It references the next evolution of the internet when everyday objects are networked to the web and each other. Samsung’s Smart Thinq Refrigerator is one; Sony’s SmartWatch is another. Manufacturers are creating internet-connected cars, clothes, appliances, houses, and soon every physical thing will be accessible through the internet (thanks to these and others like them). And that access is the concern.
What’s So Smart About “Smart”?
Calling an object smart is equivalent to calling your computer dumb when it doesn’t do what you want it to do. Both, however advanced, still rely on its user operating it properly to work. A smart device is only as smart as its user, and only as protected as its user and manufacturer allow it – just like a computer.
The term smart hides how uniquely dumb our technology still is. Smart is a synonym for intelligent, and intelligence depends on learning. Your devices don’t learn (yet). They rely on your ability to use them, and updates to fix issues.
Before phones became the first mainstream, fully enabled internet thing, people never had to worry about their phone getting hacked.
We must begin treating everyone of our internet-enabled things like computers, which means we must consider cybersecurity when purchasing and using them because the dawn of the Internet of Hackable Things is already here.
Symantec recently found a worm specifically created to target devices connected to the internet called Linux.Darlloz. It exploits a known PHP vulnerability and appears to only infect Intel x86 systems. However, it’s not what this worm is capable of that’s important; it’s what the next one and the one after that and the thousands after those that are important.
As the rate of connected devices rises exponentially, the number of hackable things does too. We need a new mindset to address this shift in behavior. If agencies are not already focusing on educating their employees about the dangers of cybersecurity, they need to. And if they have not considered mobile device management and endpoint security, they need to.
Symantec made a few recommendations to protect against the Linux.Darlloz worm that I think are best practices for this burgeoning BYOD enterprise. They recommend the following steps:
- Verify all devices are connected to the network
- Update their software to the latest version
- Update their security software when it is made available on their devices
- Make device passwords stronger
Our future is the Internet of Things. However, if we aren’t able to secure basic computers and networks, are we ready to face this bigger threat?