Petronella Blog Archive

Visit our New Blog

Who's to Blame for Internet of Things Vulnerabilities?

Blog Post

As our "things" become more and more connected, the concern over internet and network security deserves more scrutiny.  Who is more responsible for making sure anything that connects to something else is more secure: the makers of the "things" or the Internet Service Providers (ISPs)?

First, let's take a look at the problem.  The Internet of Things, as it's called, has been foretold for a long time and is beginning to take off.  The Internet of Things is where devices are connected to a network or internet in order to communicate with other things.  One currently popular example is the Nest thermostat, which lets you control your thermostat from your phone or tablet.  It also learns your habits and adjusts your home's temperature based on when you're home and what settings you tend to like.

The problem is that these devices can be hacked.  An extreme example happened when hackers demonstrated that they could use a car's stereo system to take total control of the car.  There's no question that instances of hacking have been on the rise over the last year.  Imagine ransomware taking over your home systems or your car.

One large problem is that many devices come with default admin credentials and many users don't think to change them.  Imagine if all cars came with the same keys, and car thieves got ahold of one of those keys.  It's kind of like that.  If a hacker can take control of a router, they can use it to send malware to other systems.

A technique that hackers have been using recently is to cause a DDoS attack on a website or server (or overload it with traffic) and hold it ransom.  There have been cases where the ransom is paid, but another hacker, seeing that someone else was able to profit from it, does the same thing.  On the other hand, there have been cases where people fought back, only to have a full ISP go down because of the attack.

ISPs can actually do something about attacks like that.  Since they can see where internet traffic is coming from, they should be able to block suspiciously copious amounts of traffic.  On issue with the way things are set up is that some ISPs make more money with all the additional traffic coming through the pipeline, so they don't really have incentive to stop attacks when they can make money on them.

So who is to blame for vulnerabilities with the Internet of Things?  Manufacturers and ISPs can, and should, both do things to mitigate the attacks that are only likely to increase.  They won't be able to stop them completely, but they can make things harder for the hackers.