Is Technological Growth Creating More Security Loopholes?

Most security experts confirm that technology is increasing at such a fast and crazy pace, but security solution isn’t keeping up with it. Over the years, technology has evolved at an exponential rate, from laptops to tablets, wearable devices, drones, IoT/IoE (Internet of Things/Internet of Everything), RFID & NFC based systems, connected cars and smart homes. Connection to the internet is brought to a completely new level. Organizations are investing millions of dollars to build these innovative technologies for their customers.

Future of Technology

Drones are going to play a very important role in the future. Many researchers are intensively working on prototypes and ideas on drones. In the next decade, we would see the sky filled with drones. Companies like Skycatch are developing drones that can act as a flying security guard. Drones by definition do not need an on-board pilot to control it. This means that drones can be far smaller than aircraft, and that in case of crash, there is no one on board to be killed. Few of the future implementation of drones are:

  1. Law enforcement agencies using drone-powered agents.
  2. Thought-controlled drones, uses mental activity to pilot an unmanned aircraft.
  3. Drones for delivery of groceries, mails, medicines, gifts etc.
  4. Drones for news reporting like incident monitoring, protestor cams and interviewing.
  5. Drones in farming for fertilizer monitoring, harvesting and as artificial bees.

I have only highlighted few of the applications of drones. There are more than 100 different ways humans can use drones for making life simple.Technology has evolved from big machines to personal computers, then to our pockets and now onto our own bodies. Wearable technologies and NFC based body chips are creating a world of part machine, part humans.

BYOD (Bring Your Own Devices) policies are being implemented by organizations. Firms are increasingly supporting employees to connect to the company network with their own personal devices. But do you know that, BYOD can also stand for Breach Your Own Data.  The 2014 Information Security Breaches Survey indicates that three-quarters of small organisations have adopted BYOD culture.

Despite the threat from mobile malware, 21% of SMEs admitted that they haven’t taken any steps to mitigate the risks associated with staff using smartphones or tablets. Only 29% of small businesses encrypt the data held on mobile phones and only 35% train their staff on the threats associated with mobile devices.

Augmented Reality and Wearable Technology

Sascha Kiener, key account manager of Metaio, a Augmented reality company says “Augmented reality will change how we interact with technology and digital data. The software of tomorrow will be able to perceive our surroundings. The digital opportunities are practically endless, ranging from switching off lights remotely through an app, to identifying a dog on the road as an obstacle that must be avoided. In a few years, we may only need contact lenses to access relevant information.

The way we control computers is changing. Maybe we will soon be able to control devices using our brains and thoughts. Future AR devices will occupy our entire field of vision and enable information to be called up anytime, anywhere.”  A recently published study by Juniper Research predicts the AR market to reach five to six billion U.S. dollars within the next five to six years. More than 200 million users will have AR apps on their mobile devices by 2018, it says.

These technologies are also going to create a very high-velocity data. Big data has emerged as a technology for processing huge amount of data that traditional relational database cannot handle. In the future, we would live in a world of connected cars and smart homes where human to human interactions would predominantly be replaced by a M2M (Machine to Machine) interactive world.

Increase in Cyber Attack surface area

Recently MalDrones or Backdoor malware for drones were developed by cyber security researcher which can hijack a drone in seconds and bring down these drones mid-flight. With the advancement of technology, these machines are predicted to become a big hacking target for hackers. It increases the attack surface because it offers the hacker a variety of potential attack vectors. Similarly majority of companies have not properly implemented the BYOD security and mobile device management within the organization, because of which many data breaches reported were caused due to BYOD devices. Organizations must implement BYOD strategies and end user awareness.

It’s through a device’s ability to interact with the outside world that the security concerns come into place. Fitness bands that monitor and capture information about movement using GPS can provide a malicious user with details about our daily routines and patterns as well as our current location.

The attack surface can be classified into:

  • Network Attack Surface, the attack will often be delivered via a network
  • Application Attack Surface, focuses primarily on IoT applications and wearable technology apps
  • Human Attack Surface, social engineering, errors, trusted insider, disease or threat.

A lot of companies build things very quickly because of the need to get to the market and introduce new technology to market, and this makes the code bug prone and not suitable for production quality. Due to customer demands and deadline problems, these codes easily get into production servers without intensive penetration testing.

Cyber Threats in the new world of Point of Sale system

There is a huge increase in NFC enabled payment platforms for contactless transactions. NFC is a form of wireless communication using radio frequencies; it operates at a frequency of 13.56 MHz and transfers data at up to 424 Kbits/second. The bi-directional communication protocol allows NFC-compatible devices to communicate. It can be considered as an advanced version or extension of RFID (Radio-frequency identification).

The fear with NFC is that a hacker could steal credit card information in a simple way utilizing a variety of methods and not-so-sophisticated equipment. For example, other than using a malicious code on the device used by the payer, a remote attacker could intercept the signal during a contactless transaction using a spoofing method through a simple radio receiver.

It would require close proximity, but it would indeed be possible. As well, a hacker could casually tap on someone’s device and collect information by using a receiving NFC device. “With banks routinely issuing contactless payment cards to customers, there is a need to raise awareness of the potential security threats,” Eleanor Gendle, managing editor of The Journal of Engineering, suggests.

Risks involved

Lack of security in automobile systems is an area of increased concern. Successful wireless attack on cars has been performed. Initially the hack focused on door locks and remote start systems. As manufacturers roll out automated systems for collision avoidance, vehicle to vehicle communication and remote monitoring, the potential number of threat entry points for hackers are increasing concurrently. The same holds true for IoT systems like IP enabled cameras, refrigerators and smart home devices. They have the ability to accumulate large amount of personal data. This also increases privacy related issues.

Though people really don’t consider car hacking a major risk, imagine a situation, if your car was hacked when you were driving and the system control is completely handled by a remote hacker.

Zero day bash or Shellshock bug actually remained undetected for nearly 22 years. Imagine, in future there can be vulnerabilities or zero day attacks which would be discovered after a century if remained undetected. Mitigating or reducing zero day attack vectors for IoT devices, drones, smart homes and connected cars will be a major task in the coming years.

An organization should consider upgrading its network security infrastructure.  Advanced security solutions analyze data flows and can identify the type of device sending and receiving data. In the case of wearable technology, the solution could detect data communication out of the network that originated from the device and then alert an administrator of the transfer.

Top/Featured Image: By BenjaminNelan / Pixabay

Leave a Comment