Tuesday, March 29, 2016

How Insecure Is the Internet Of Things?

From the MIT's Sloan School Of Management's Sloan Review:

MIT for Managers: How Insecure Is The Internet of Things?
Our biweekly exploration of new business ideas from the corridors of MIT.
This new blog from MIT Sloan Management Review explores ideas from different corners of the MIT community that are relevant to business executives. In this space, we will introduce you to research, people, and events you might not otherwise encounter — things we hope you find useful and perhaps provocative.

Katie, Bar the Baby MonitorIt wasn’t the first time that a group of tech-savvy students and professionals came together to share ideas and strategies for plugging holes in Internet security — and it probably won’t be the last. Based on reports from people who attended the MIT Media Lab-sponsored Security of Things hackathon on March 4-5, 2016, the challenge of protecting WiFi- and Bluetooth-enabled devices from motivated hackers may be more daunting than even the most seasoned attendees expected.

“I believe we’re at a tipping point for the ‘Internet of Things,’” says Tal Achituv, a research assistant at the media lab and an organizer of the event. “While most people now have several networked devices in their homes — everything from light bulbs and home alarm systems to baby monitors — very few people appreciate just how vulnerable many of these devices are.”

The two-day event in Cambridge explored the Internet of Things (IoT) from two opposing perspectives — that of device makers, and of would-be hackers. In one session, teams competed to find vulnerabilities in a grab bag of devices the organizers had purchased online from Amazon. On many of them, the hackers were able to gain access within minutes, sometimes using simple passwords as basic as 1234 or default passwords found on the Internet. In other sessions, presenters described sobering scenarios, such as what happened when hackers broke into an inexpensive WiFi-enabled baby monitor: Once inside the home network, they were able to release the electronic lock on the keyless front door.

Achituv notes that it’s extremely common for device makers to use off-the-shelf software components, which allow companies to accelerate their product development schedules and reduce costs. And because software updates tend to be scattershot — when they exist at all — many consumers are lax about installing them. As a result, he says, “It’s very easy for a hacker to reverse map how a particular device works.”

What will it take for device makers to take security concerns more seriously? Will customers be willing to pay more for products with more security?...MORE