When many consumers think of the IoT, they think of the connected home, connected appliances. Have you heard of any specific threats targeting consumers via these kinds of devices?
I have not heard of a specific example where it has happened. [As a hacker], I may not actually use your alarm system or your heating, your AC that I can see sitting on your Wi-Fi network, while I'm sitting out in the front yard, to affect those systems. I may implement a virus that gets on your network and now it affects your network, and I'm able to grab your user IDs and passwords and get your financial information moving forward.
It's just the fact that all of these things are on the Internet and unsecured. They have no antivirus available for them. They have no other means of securing them. They are the weakest link in your network. Hackers can get into them, they can target them with malicious applications to infect your PCs, and now get your financial information and your identity.
People are excited about the IoT, and there's clearly a lot of promise and potential there. Security concerns aside, what excites you most about IoT?
I do really appreciate the idea of having an alarm system that will remotely allow me to check my environments. You hear about people on vacation, they get an alert, they see somebody robbing their house, and they're able to call the police.
That's exciting. That's a real opportunity for individuals to protect themselves. The problem is doing it in an insecure manner.
How would a hacker gain access to consumer IoT devices? Is the commonly used Wi-Fi security, WPS or WPA, good enough to protect the average user's home wireless network?
Most likely [hackers] are going to steal your information the same way they're stealing everything else, with a virus or malicious application that you download from the Internet. Your PC is going to be breached, it's going to gather all your information, send it out in a script to somebody, and now they're going to have all your information. Antivirus solutions only protect you against 30 percent of known viruses and malware.
There's the potential of people sitting outside in the front yard, seeing all of your devices and going from there. WEP is a very insecure wireless security protocol which is still in use. WPA is more secure, but most individuals still leave their wireless network to broadcast, so I can see all the traffic going across it, I know there's a network there, I know the SSID.
Are there specific types of IoT devices that are more risky than others? Should consumers be more wary of one connected-home gadget than another?
Sign up for MIS Asia eNewsletters.