508,031 active members
2,450 visitors online
Register for free
Login Register
WIBU-SYSTEMS Blog

Tis the Season to be Wary

December 2016
21
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Tis the Season to be Wary

With just a few shopping days left before Christmas, the retail frenzy is at its height. Judging from the plethora of products touted in all of the sales flyers and commercials, it seems that this is the “smartest” season of the year. It is hard to ignore that more and more products are connected via the Internet, from smart thermostats and lights to beverage containers with an app that remind you it is time for a drink - all programmable from a phone, tablet or other connected device. As so many have predicted, the IoT is here and here to stay. Depending upon which analyst organization you follow, it is anticipated that there will be billions of connected IoT devices operating in the global ecosystem within a few years.

As consumers readily scoop up the new generation of smart gadgets, you have to wonder how many truly understand the potential dangers that exist in these very powerful devices, many of which are small enough to fit in the palm of your hand. We in the industry, of course, understand the potential vulnerabilities in IoT devices and the many ways in which nefarious actors can use them for malicious purposes, exposing personal and private data, IP, and critical infrastructure to cybercrime.

A December 2016 report released by the Institute for Critical Infrastructure Technology (ICIT), Rise of the Machines: The Dyn Attack Was Just a Practice Run, provides the gory details of many of the most recent cyber-attacks and further warns of the potential mayhem that awaits us.

“Each device vulnerable to adversarial compromise, inflates and bolsters the exploitable cyber-attack surface that can be leveraged against targets, and every enslaved device grants adversaries carte blanche access that can be utilized to parasitically entwine malware into organizational networks and IoT microcosms, and that can be leveraged to amplify the impact and harm inflicted on targeted end-users, organizations, and government entities,” warns report co-author James Scott, Sr. Fellow, ICIT.

In many cases, as pointed out in the report, negligently developed IoT software and hardware is responsible for creating vulnerabilities in these devices and exposing them to attacks. And the problem will only get worse as more manufacturers rush to develop IoT devices to carve out their share in the rapidly emerging market and stay competitive. The ICIT report reasoned that “Device manufacturers do not include security-by-design due to lack of time, expertise, and economic incentive.”

Yet, security-by-design is the critical element in the manufacturing and delivery process to provide the protections needed to thwart cyber criminals. Unfortunately, many device manufacturers are not experienced in software development and certainly not familiar with the nuances and complexities of embedded software security. Additionally, until the emergence of connected devices and the IoT in the past decade, software was considered a cost center for hardware manufacturers who did not understand the monetization possibilities that software can bring.

Fortunately, there is a silver lining amidst the cyber doom and gloom. There are security technologies that exist today and companies with the expertise to work with device manufacturers to integrate these technologies in a cost-effective manner to provide the necessary protections. Manufacturers can also learn how to monetize the software embedded in these devices by employing creative, device-oriented licensing strategies.

To learn more about these security-by-design concepts, download our white paper, Licensing and Security for the IoT. The document details mechanisms for security integration into devices and software, secure upgrades and updates, licensing models tailored to IoT devices, license management, access rights and certificates, scalability, and protection against tampering, reverse engineering, copying or cloning.

0 comments

Blog Archiv

October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016