IoT security sucks, here’s how to fix it
When most people think about the IoT, they think about their smart appliances. The typical home has at least one connected device in it, be it a thermostat, a television, or an appliance. Given that perception, it might be easy to dismiss the idea of a ransomware attack as harmless. After all, it’s rather unlikely that a hacker will be all that interested in preventing you from accessing your refrigerator or coffee maker.
When most people think about the IoT, they think about their smart appliances. The typical home has at least one connected device in it, be it a thermostat, a television, or an appliance. Given that perception, it might be easy to dismiss the idea of a ransomware attack as harmless. After all, it’s rather unlikely that a hacker will be all that interested in preventing you from accessing your refrigerator or coffee maker.
The thing is, though, that the IoT extends well beyond household appliances. Everything from urban transportation systems to medical equipment to utilities and even our cars are connected to the internet. Should any of these systems be locked down due to ransomware, the consequences could be dire.
We’ve actually already seen one ransomware attack on the San Francisco Municipal Transportation Authority late last year. Over Thanksgiving weekend, hackers locked more than 2,000 computers in the SFMTA system, and demanded 100 bitcoins (about $73,000) in ransom to provide the encryption key. In the meantime, the downed network meant that all the rail system’s payment terminals were down, and would not accept any payments from riders.
So, while residents and visitors received free rail rides all weekend, the city lost more than a million dollars in revenue. City officials never revealed how they solved the problem and got the network back online (many suspect they simply paid the ransom) but the attack made it very clear that the IoT is in danger from nefarious individuals.
In the end, the major victim of the SFMTA attack was the city, which lost revenue. No one was injured, and riders were actually relieved to have a reprieve from fares for a few days. Experts note, though, that not all IoT ransomware will be as comparatively innocuous. For example, in 2003, a major electrical blackout in the northeast caused more than $6 billion in damage — and that wasn’t even the result of hackers.
Imagine the damage that an intentional attack on the electrical grid or other utilities might cause. Hackers could conceivably shut down entire cities, cause major vehicle accidents, or even put the lives of hospital patients in danger if they were to prevent access to computer networks and data. Read more…