The FBI is worried by rapid diffusion of the Internet of Things devices, according law enforcement smart objects could represent a serious threat for cyber security, and more in general for the society.
Security experts are aware that Internet of Things could be abused cyber crooks for criminal activities and use principal vendors to adopt security by design in order to produce smart objects resilient to cyber attacks.
The FBI’s public service announcement, published on September 10, highlights that Internet of Things poses opportunities for cyber crime as explained in the following statement from the Bureau.
“As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors. Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.” states the announcement.
The announcement has raised a heated discussion on the responsibility for the exploitation of such kind of devices, it seems that the FBI attributes the responsibility for the security of these devices on the consumer.
“Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router” states the announcement.
Recently we have discussed several flaws that could be exploited by attackers to conduct illegal activities. Crooks are able to exploit home routers, fridges and baby monitors to carry on illegal activities, crimes that could impact million of users worldwide. I wrote an interesting analysis, titled “How Hackers Violate Privacy and Security of the Smart Home” to explain how Internet of Things could be exploited to hack modern smart home.
Smart objects could be hacked in different ways and for different reasons, they could be affected by vulnerabilities such as the “UPnP vulnerabilities” recently discovered, or they could be simply poorly configured (e.g. adoption of unchanged default passwords)
Every Internet of Things devices is insecure if it is not properly deployed and configured, for this reason the FBI invites end-customers to get smart objects away from the Internet.
“Isolate IoT devices on their own protected networks” states the announcement in the section dedicated to the Consumer Protection and Defense Recommendations.
I personally consider very important the advisory issued by the FBI, but probably is is not so clear when dealing with attribution of responsibility. It is clear that we cannot pretend that every final customer becomes a Tech savvy, so we must improve the security by design making Internet of Things more reliable and resilient to cyber attacks.
Let me close with the recommendations for the customer’s securtiy included in the announcement:
There is no time to waste, Internet of Things devices are already surrounding us, we must improve their security before hackers exploit them.
(Security Affairs – Internet of Things, cybercrime)