A growing mass of poorly secured devices on the Internet of things represents a serious risk to life and property, and the government must intervene to mitigate it. That's essentially the message that prominent computer security experts recently delivered to Congress. The huge denial-of-service attack in October that crippled the Internet infrastructure provider Dyn and knocked out much of the Web for users in the eastern United States was "benign," Bruce Schneier, a renowned security scholar and lecturer on public policy at Harvard, said during a hearing last month held by the House Energy and Commerce Committee. But he said the attack--which relied on a botnet made of hacked webcams, camcorders, baby monitors, and other devices--illustrated the "catastrophic risks" posed by the proliferation of insecure things on the Internet. For example, Schneier and other experts testified that the same poor security exists in computers making their way into hospitals, including those used to manage elevators and ventilation systems.
Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World • By Bruce Schneier • Norton • 319 pages • ISBN: 978-0-393-60888-5 • £19.99 / $27.95 The Internet of Things is a case in point: today's internet is a mess of security vulnerabilities and coding errors. As the size of data breaches and cost of cyber attacks escalates week by week, now we want to exponentially increase the complexity, attack surface and dangers by wirelessing up billions of ultra-cheap devices, any one of which might bring the whole thing down. Surveying the shape of this monster takes up the first third of Bruce Schneier's latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Anyone who follows security can probably skip most of it, as it's largely familiar material.
The Nest thermostat is an Internet-connected device. Security technologist Bruce Schneier says while Internet-enabled devices have immense promise, they are vulnerable to hacking. The Nest thermostat is an Internet-connected device. Security technologist Bruce Schneier says while Internet-enabled devices have immense promise, they are vulnerable to hacking. More and more of the things we use every day are being connected to the Internet.
Israel Cyber Week With insecure computers in charge, the healthcare and transportation sectors have become a nexus of security problems, infosec veteran Bruce Schneier warned delegates at Israel Cyber Week. Schneier said that confidentiality attacks, such as leaks of personal information, are being replaced by more dangerous integrity and availability attacks. Schneier told El Reg after his speech: "Everybody understands what might happen if your pacemaker is hacked and it delivers a lethal charge, but what if I took over some inter-connected robot toy and tripped you in your house? "Cars and medical devices are the near-term examples that are very evocative." This poses some tough challenges for security engineering, namely: how to update systems that have an effect on the physical world in near real time; and how to deliver authentication at scale as millions of devices are connected to the internet; and broken supply chain security.