An angle we seem to covering on an increasingly regular basis gained more coverage this week as the news that a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction, outlines encryption keys to control devices over Zigbee wireless networks. This is reported as allowing malware to compromise a single ‘smart’ light bulb from up to 400 metres away. The worm can then spread from a single bulb to those nearby.
With many surveillance and alarm systems being aligned to ‘smart’ home automation solutions this is again a concern for the industry.
Alex Mathews, EMEA technical manager at Positive Technologies said: “This is a sign of a worrying bigger picture trend. As more and more IoT devices are connected to the Internet, they bring with them countless vulnerabilities because they simply aren’t created with security in mind. The creators of devices such as this typically prioritise consumer appeal, not potential threats from hacking, and this creates a potential risk. Even when a vulnerability is known or discovered, all too often manufacturers cannot fix them as they typically lie within third party components and/or the cost is too prohibitive.
“Whilst lightbulbs are seemingly innocuous, it points to a more serious problem. Any device which is connected to the Internet is fallible; this isn’t just toasters and lightbulbs but also so called ‘Industrial IoT’ devices, the hardware and software which underpins our transport networks, energy grids, logistics operations and communications networks. As people with nefarious intent start probing these further, it leaves vast swathes of the population open to disruption or worse.
“If we’re to stem the deluge of IoT insecurities, there needs to be comprehensive, agreed-upon guidelines on how to secure such apparatus. Hardware manufacturers, service providers, security experts and everyone else in between needs to be aware of this, and co-operate with one another.”