👀 Ones to watch: The MOST undervalued shares to buy right nowSee Undervalued Shares

RPT-After cyber attacks, Internet of Things wrestles with making smart devices safer

Published 08/11/2016, 10:36 pm
Updated 08/11/2016, 10:40 pm
© Reuters.  RPT-After cyber attacks, Internet of Things wrestles with making smart devices safer
CSCO
-
PHG
-
QCOM
-
EXT
-
PYPL
-

(Repeats to widen coding. No changes to text.)

* Infected devices brought down Twitter, PayPal last month

* Up to 30 billion devices connected to Internet by 2020

* Many device makers unaware of risks, poorly equipped

* Some industry groups emerging focused on security

By Jeremy Wagstaff and J.R. Wu

SINGAPORE/TAIPEI, Nov 8 (Reuters) - Recent cyber attacks harnessing everyday devices such as cameras, video recorders, printers, routers and speakers are a wake-up call to the hidden dangers of the Internet of Things.

The problem for the device makers, though, is that few are well equipped to tackle the unfamiliar task of foiling hackers.

For a sense of that challenge, take AV Tech Corp, a once proud giant among CCTV camera makers whose 1990s building in a Taipei suburb hints at the gap it must overcome between hardware factories of a decade ago and those of today.

AV Tech, which made the 2008 Forbes list of companies to watch, has seen competition from China shrink its profits to about a tenth of what they were then. Like its peers, AV Tech has moved its products online, connecting its cameras and the digital video recorders that store the footage on to the Internet so users can access them remotely.

But such companies are not well schooled in cyber security, leaving these devices wide open to hackers.

"The harsh reality is that cyber security is not even on the radar of many manufacturers," said Trent Telford, CEO of Covata CVT.AX , an internet security firm. "Security will eventually become more of a priority, but it may well be too late for this generation of IoT users."

Up to 30 billion devices are expected to be connected to the Internet by 2020 - all potentially vulnerable.

The danger was highlighted when hundreds of thousands of consumer devices were harnessed recently into so-called botnets, launching attacks on target websites, including PayPal PYPL.O , Spotify and Twitter TWTR.N . security experts say this is just the beginning.

They have since found new versions of the malware designed to find and infect poorly secured devices. Botnets could also be used in advertising fraud and blackmail, according to Daniel Miessler of IOActive, an internet security consultancy.

Flashpoint, a cyber security consultancy, said parts of the botnet used in last month's mass attack were used this week to launch denial of service attacks on the campaign websites of both U.S. presidential candidates, though neither site appeared to have been knocked offline.

VULNERABLE

While researchers have not found any AV Tech devices in a botnet, they have pointed to lapses that make them vulnerable.

In a blog post, confirmed by his company, Gergely Eberhardt of Hungarian security firm Search-Lab said he spent a year trying to alert AV Tech to 14 security holes in its products. He got no response, and last month released his findings.

That, and news of other botnet distributed denial of services attacks, was a wake-up call for the Taiwanese firm.

"To be honest, in the past, hacking and discovering such matters was not an issue for AV Tech," said Dick Lee, special assistant in the company president's office. "This experience has significantly raised our alert level internally. This is something that those in the surveillance equipment business must face seriously."

That's happening, but slowly - and sometimes reluctantly.

Chinese camera maker Hangzhou Xiongmai Technology Co recalled thousands of its devices after researchers said they may have formed part of the botnet that took down Twitter and other websites, but it also threatened legal action against those defaming the company. FOCUS

Chipmaker Qualcomm QCOM.O said it was looking into new technologies, including those based on machine intelligence, to make IoT devices safer.

"We can build into the hardware certain fundamental things that will watch to see: is the device doing something it wasn't expected to do? Is it talking to somewhere it wasn't expected to talk to? Is it accessing memory differently?" executive chairman Paul Jacobs told Reuters on the sidelines of an event in Taipei on Monday. "It's very important for IoT to make sure you have a way of securing and updating devices."

AV Tech said it was talking to Search-Lab and other security firms about long-term cooperation, and also plans to release updated firmware - software that upgrades the inner workings of its devices to make them more secure.

It's not just the more established consumer electronics firms which are battling this.

Lani Refiti, cyber security lead for Cisco Systems Inc CSCO.O , said he has been working with Australian hardware start-ups to make their devices more secure.

One firm making sensors to allow treadmill users to share their workouts, he said, faced a three-month delay if it rewrote software to properly encrypt data. The cheaper solution was to obscure the data, and make any hacker work harder to crack it.

A handful of industry groups are emerging to focus exclusively on security.

Refiti set up IoTSec Australia this year to work with entrepreneurs, while UK-based IoT Security Foundation has chipmaker ARM, Huawei HWT.UL and Philips PHG.AS among its members.

Its main goal, says founder John Moor, is to simplify guidance so engineers actually read it. The foundation is releasing its first best-practice manual, condensing a 300-400 page industry document to just 30 pages.

"The challenge is more than the technical challenge" for these companies, said Moor. "You can put in security features, but do you have the right processes in place, are you doing the right things?"

For AV Tech, improved security may prove to be a way to differentiate its products from Chinese competition.

"This is a good opportunity. For these surveillance products, the demand on their security is the most important," said Lee, adding the inevitable higher cost "is not expected to be huge."

<^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ BREAKINGVIEWS-Internet of Things gets wakeup call from fridge

Hacking via the Internet of Things interactive

http://tmsnrt.rs/2dMDW6Q

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^>

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.