As the Internet of Things (IoT) grows, so does the hackable universe. Equipment designers need to start thinking about security in the first steps of manufacturing products, and companies and individuals need to start implementing secure coding practices to avoid hacking incidents. Last year, for instance, two security researchers hacked the computer in a Chrysler Jeep and took over the dashboard, steering, transmission and brakes.
To fix the problem — a software vulnerability — Chrysler issued a recall for 1.4 million vehicles. Instead of bringing the vehicles back to dealers, however, Chrysler sent a software fix to owners on a USB drive. All they had to do was plug the drive into a port on the dash. In addition, Chrysler beefed up security on the Sprint network, the carrier Chrysler uses to connect its vehicles to the Internet.
Hackers are also messing with baby monitors at home, equipment used at the office and machines on the factory floor. “More and more devices are being connected to the Internet,” says Terry Dunlap, Founder and Managing Partner of Columbia, Maryland-based Tactical Network Solutions, LLC. “Many of these devices are being developed without adequate security. Manufacturers don’t want to add cost to relatively cheap devices with security — which can be expensive.”
Dunlap adds that while anything connected to the Internet might interest hackers, they would probably take more interest in your home computer and information about your identity stored there. Businesses, of course, must also protect their business data — customer information and credit card and bank account numbers.
Manufacturers that run factory-floor equipment with online systems have even bigger worries. “At a recent conference, we had a number of discussions about preventing firmware attacks on SCADA systems designed to affect water supplies and the electric grid,” Dunlap says. SCADA is an acronym for Supervisory Control and Data Acquisition. SCADA systems control remote equipment such as that used by water and electric utility companies. Governments as well as hackers attack each other’s SCADA systems. For instance, U.S. and Israeli government agencies collaborated on a hacking tool called Stuxnet. “They used Stuxnet to destroy nuclear centrifuges in Iran by making them spin out of control,” Dunlap says. “The attempt reportedly disabled a fifth of Iran’s supply of centrifuges.”
How can equipment designers and manufacturers fight off hackers? What role do security firms like Tactical Network Solutions play? What can individuals do? Dunlap suggests that equipment designers and manufacturers take two steps right now. “Think about security first, and implement it from the beginning,” he says. “Second, use secure coding practices. That will make the software a little harder to hack and may cause hackers to move to an easier target — software created without secure coding. “These relatively simple steps will go a long way.”
Security firms also play a role. Dunlap’s company, for instance, works with manufacturers, integrators and governments to review the operating systems, called firmware, that run devices. “Any device that connects to the Internet of Things — a car, a camera, or any other Internet-enabled thing — has an embedded operating system called firmware,” explains Dunlap.
Firmware often has or develops holes that would give hackers a way to get into the device. Companies like Tactical Network Solutions find these holes and build patches them. Most of us have received patches from the makers of computer software and hardware. Those patches help keep hackers out.
The final link in Internet security for businesses as well as homes is the individual. “Take it seriously,” urges Dunlap. “Do whatever you can. Change the default passwords on your devices. Hackers know all the default passwords, and that is the first thing they try.
“Watch for release of firmware updates and install them. They’ve been developed to protect your devices.” In the end, securing the Internet of Things helps to secure you and your property.