Recently we discussed Alexa, IoT, and the amount of information being shared on the internet via mobile devices and apps.
There is a large risk to these interconnected devices, despite the efficiencies and marketing information provided. As we mentioned last week, devices connecting to the internet can be hacked.
DEF CON is one of the world’s largest hacking conventions, held yearly in Las Vegas. This past weekend marked the 24th year of the conference, where hackers world around convene to test their skills, learn new skills, and discuss what is on the horizon.
Some of the largest names in cyber security sponsored the conference, as well as the United States Army. In fact, the last few years the Army has sponsored a specific event named R00tz Kids Asylum, where children and teens are taught basic “white hat” hacking skills.
Why would the Army want to teach children to hack? Very simple, to hack the government for the government.
Cyber security and governments around the world use legal hacking to test their systems and have fair warning regarding bugs or weaknesses in their systems. Legal hacking is big business.
So is illegal hacking.
DEF CON focuses on exposing up and coming risks to cyber security companies to prevent major catastrophe. One item exposed in this year’s conference is a cell phone wi-fi exposure.
Nitay Artenstein of Exodus Intelligence devised a self-replicating attack using Broadcom’s Wi-Fi chip that could threaten over 1 billion cell phones. In the Black Hat conference over the weekend, Artenstein exhibited how he could exploit a vulnerability in a single chip. The attack rewrites the firmware and results in the compromised chip sending a malicious package to every vulnerable chip it meets.
Biggest caveat? No required contact with the attackers Wi-Fi network. Just having Wi-Fi turned on was enough for the malware to make changes.
This is the second flaw found in Broadcom chips in the last four months. The previous flaw made Android phones vulnerable to attacks coming from a hacker’s Wi-Fi network.
While Apple and Android have released patches in both instances, ensuring your current mobile phone is not at risk, there are as many people pushing to break into mobile devices as there are people trying to protect mobile devices.
So what are some of the specific risks to a security breach of mobile devices? Three risks associated with poor security are:
- Loss of control over IoT devices.
Meaning, not being able to control or access cell phones, GPS units, or any other device that is part of a company’s overall IoT footprint.
- Breaches of customer information.
Everyone remembers public breaches, such as Target and Yahoo. The breach jeopardized customer information, with current estimates of total damage in the billions of dollars. Mobile devices are at risk of a similar breach.
- Breaches of company data
Think of all the apps and business employees run directly off their mobile devices every day. Bank information, passwords, and emails are just the beginning of the data existing on mobile devices.
Security breaches of an IoT network can be costly. A survey of 400 IT executives across 19 industries found breaches can represent 13.4% of annual revenue for companies smaller than $5mil in revenue, and for larger firms the cost can get upwards of tens of millions of dollars.
Nearly half of US companies have suffered an IoT breach.
The survey found that companies who have not experienced a breach invested 65% more on IoT security. The decisions made focused on quality rather than cost as the primary decision driver.
What can your business do to protect its IoT devices and systems? Focus on security as a prime IT business initiative. Only 43% respondents had a standalone budget, despite 68% of respondents believing IoT security was a distinct category,.
Partnering with an IoT expert can give a company insight to where the risks exist as well as formulate a security plan. Knowing the risks and planning an appropriate budget to build effective security will prevent costly IoT security breaches, as well as minimize unexpected costs. Hiring a security partner allows a business to focus on what they do best.