With the arrival of the age of IoT where an increasingly number of devices are connected to the Internet, the issue of cybersecurity has gained more importance. The recent distributed denial-of-service attack all but underscored the urgency of protecting devices against cyber threats.
With the arrival of the age of IoT where an increasingly number of devices are connected to the Internet, the issue of cybersecurity has gained more importance. The recent distributed denial-of-service attack all but underscored the urgency of protecting devices against cyber threats.
That’s the argument made by Wu Ming-feng, Director of Network Security Research and Development at Chunghwa Telecom, during a smart city exhibition where cybersecurity also generated much enthusiasm.
It goes without saying cyber threats have become a more imminent than ever, given more and more devices are connected. According to Gartner, the number of connected devices will reach 20.8 billion by 2020. That data was confirmed by Wu, who said that there are more IoT devices than we think, citing IP cameras, vehicles, game consoles, smart TVs, printer/fax machines, and various healthcare measuring/monitoring devices as examples.
With these devices connected to the Internet, if not properly protected they can be easily broken into by intruders, most of whom have two primarily objectives: to extort money out of users, and to interrupt the operations of an entity, Wu said. Some of the nightmarish examples he cited included a transportation system that was hacked, with the hacker threatening to make the mass rapid system go free of charge if a ransom in bitcoins was not paid. Worse, a hotel that has gone smart and automated was hacked, with guests locked in their rooms. The owner in this incident caved in to the hacker’s demand and paid a large ransom.
Then, there was the DDoS attack against a US Internet performance/management company at the end of last year, when network devices were used as robotic attackers. The result was a shutdown of service on various websites including Amazon and Netflix.
According to Wu, vulnerabilities in IoT devices that hackers can exploit include weak username/passwords, backdoors, and flaws in a device’s web-based management interface and firmware. But it’s not just the vendors; rather, it’s a combination of the vendor’s lack of prudence and the user’s lack of awareness that lowers the threshold of launching a DDoS attack, he said.
For vendors, they should make best efforts to make their devices as secure as possible, he said. “One way to do this is to firmly establish an update mechanism in place. While the DDoS attack itself was a big problem, a bigger problem was the situation was not fixed quickly in time, enabling the attack to repeat itself,” he noted. “Also, firmware protection is important, since firmware is often the weakest point in a device that hackers exploit.”
He also urged device manufacturers to follow the guidelines already published by the United States and Japan on protecting IoT devices against cyberattacks. Another way is to conduct penetration tests such as the ones offered by Chunghwa Telecom, he said.