Over the past few years, there has been a rise in the number of security issues, all over the world. In 2015, Wi-Fi toys manufactured by a multinational company were hacked. Sensitive information from the toys, such as the children’s photos, identity and address information was leaked. Wearable devices are also vulnerable to attacks. Recently, hackers obtained a lot of personal information from such devices. This may not seem like a huge security issue – but it is. Wearables don’t just store information about your heart rate and number of steps. They also record your location at all times. So, a hacker will have access to all these details about your location.
Understanding the criticality of data
All data cannot be classified as equally sensitive. For example, the data recorded by a set of temperature sensors is not as critical as the data stored by a device that monitors nuclear devices. Another case of critical data is personal information. Recently, a company brought out a smart fridge that enabled users to sync their calendar information. However, there was a software bug – the fridge did not check for SSL (Secure Sockets Layer) certificates, so anyone could access the data. This made it very easy for a man-in-the-middle attack to occur. Any data that helps to profile a person and predict his or her future activities is considered critical. Based on the level of criticality, appropriate security measures need to be implemented.
Weak encryption policies
The current system of 64-bit encryption in India is extremely weak, and hackers can get around it within seconds. There is a need for new policies regarding encryption. The government is now taking steps to protect sensitive information. One such case is the e-Health system. It is a system that stores personal health records of patients in a data vault. The citizens have complete control over the data. It ensures that only the relevant doctors have access to patients’ records.
Crucial security problem areas
The main problem that exists in the industry today is that products are being developed too quickly, and not enough time is spent on ensuring that the devices are secure. A lot of devices that were earlier just part of the back-end are now connected to the internet. They are all exposed to the internet, with no security measures in place and no update mechanisms. So, a more holistic approach is needed to ensure secure systems – companies need to be aware of how exactly their IoT system is going to work. For example, if a company is installing a set of sensors, they need to carefully monitor what kind of data the sensors are collecting, the networks that they are accessing, and the servers that are being used.
Apps also have serious security issues. A cab company in India recently faced problems with their app security – they had issues with their cryptographic keys, along with inadequate transport layer protection and SSL certificate problems.
Another issue is that the current education system does not give students enough knowledge about the various important aspects of security. Consumers also have a role to play in improving security. They need to be aware of the product they are using and they should report bugs to the company so that suitable action can be taken.
New technologies and networks are targets
The problem with using new technology is that there aren’t enough security measures in place. Computer hacker and security researcher Samy Kamkar tried to make people aware of these vulnerabilities using a drone that he developed, known as SkyJack. It is a drone that is designed to take over other drones that are within Wi-Fi range. It makes use of the fact that there is no encryption for the network, and hence it joins the drone network and can take control of it. It disconnects a drone from its actual owner and starts to send commands to it.
Car hacking is also becoming a reality. Two hackers, Charlie Miller and Chris Valasek, were able to hack into their friend’s Jeep Cherokee, remotely. They hacked the cellular connection to the car’s entertainment system and were then able to control other components of the car, such as the steering, transmission, and brake mechanism. This can be a huge issue in the future and could cause a lot of fatal accidents. Some companies have taken precautions to avoid such incidents by making sure that all the components in the car are not connected to the same network. There are separate networks within the car, separated by gateways. Thus, if one of the networks within the car is hacked, it will not affect other components.
The path towards better security
Achieving high levels of security is not an easy task. Companies need to proactively search for vulnerabilities in their networks and eliminate weak links. It is also possible to purchase security solutions from companies that offer such services. However, while purchasing a security solution, it is important to verify all the security aspects carefully. There is also a process known as ‘threat modelling’ which is useful for companies that develop applications. It involves formulating a model of the application and checking for threats and design flaws.
There should also be a focus on resilience – a company should be able to recover quickly from a security attack. It is an important factor to be considered during system design. Security measures can also be improved if many hackers come together and form dedicated groups to test software. Software startups can approach these hackers, who will be able to expose the vulnerabilities. The startup can eliminate these vulnerabilities to make their product more secure. This will ensure that the final product that enters the market is free from any security loopholes.