The answer: IoT devices pose a major threat to our security, said Thaier Hayajneh, Ph.D., professor of computer and information sciences and director of the Fordham Center for Cybersecurity, at a July 24 panel on IoT Forensics and Privacy at the International Conference on Cyber Security.
An acronym for the “Internet of Things,” IoT refers to interconnected devices that are programmable and intelligent, accessible from anywhere, able to connect to the internet. The toaster that connects to your Wi-Fi to broadcast today’s weather to you is considered an IoT device. Yet with that functionality comes high security risk—as a result of the soaring scalability of IoT devices and increasing number of items a person is connecting to the internet in their home or business, there are exponentially more places of vulnerability leading to higher potential that a hacker can gain access to one’s secure data.
Andrew Johnston, FCRH ‘17, a proactive consultant at the Mandiant cybersecurity firm, spoke to how IoT devices can leave a corporation prone to security risk.
“These devices have Wi-Fi networks associated with them. They have default passwords. You can log in and potentially take control of some of those sensors. It’s obviously very clear how dangerous it can be,” he said. “You can take control of a phone or a conferencing equipment remotely and activate a microphone and that conferencing equipment is sitting on the desk with your CEO. That’s a tremendous, tremendous risk.”
It’s important to know how to defend a device by looking for its vulnerabilities, which is similar to trying to recover information in a forensic way. A user has to be skilled at reverse engineering and understand firmware to know how the device works and how information can be leaked, and therefore how one can move around that encryption. It can be challenging, but Johnston said that he’s now seeing a lot of vendors become more open about what information is stored on a device and how it can get out, and that is a step in the right direction.
Despite IoT devices seeming like 21st century invention, Hayajneh shared this prophetic quote from inventor Nikola Tesla back in 1926: “When wireless is perfectly applied the whole earth will be converted into a huge brain, which in fact it is, all things being particles of a real and rhythmic whole. We shall be able to communicate with one another instantly, irrespective of distance.” Hayajneh noted that even back then Tesla “had a vision of what we are approaching nowadays with IoT.” While it’s unclear if Tesla could have predicted the risk factors we have today, there’s hope that our ever-evolving technology can create both an interconnected and secure world.