{"id":15037,"date":"2014-12-04T18:16:50","date_gmt":"2014-12-04T18:16:50","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=2949"},"modified":"2020-02-26T10:58:09","modified_gmt":"2020-02-26T15:58:09","slug":"protecting-the-future-smarternet-and-chronophobia","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/protecting-the-future-smarternet-and-chronophobia\/15037\/","title":{"rendered":"Protecting the Future: Smarternet and Chronophobia"},"content":{"rendered":"

Smart devices becoming so intelligent that they take over the entire world is a recurring theme in sci-fi, especially that of the dystopian kind: mankind serves as an \u201cenergy source\u201d for its new evil masters until someone breaks free, puts on black attire and dark sunglasses, and proceeds to save the day. Fortunately, in reality, we control how smart these devices will become. In this world of interconnected devices, the Smarternet is our future. But how secure will it be?<\/p>\n

\n<\/p>

We covered this topic in the Internet of Things<\/a> post in February of this year, way before Heartbleed, Shellshock<\/a>, and other key incidents of 2014 had been announced.<\/p>\n

Those big bugs, among other things, showed that very critical errors in the \u201cbackbone\u201d software used in an infinite number of hardware devices my stay hidden for years or even decades.<\/p>\n

Protecting the Future: Smarternet and Chronophobia #internetofthings<\/p>Tweet<\/a><\/blockquote>\n

Here are a few recurring issues that could possibly compromise the security of Internet of things:<\/p>\n

Deadlocked firmware<\/strong><\/p>\n

Take a look at some smart devices like an internet-enabled refrigerator or microwave oven. They most likely won\u2019t run software that\u2019s too customized, as it\u2019s more cost effective to utilize Linux with an added firmware layer. Now imagine that due to the \u201cdesign specifics\u201d it cannot be updated.<\/p>\n

In that case, a Shellshock-like flaw exists: the patch is available but still cannot be applied because of a design flaw. At the same time, the refrigerator works fine. The fact that it\u2019s now part of a botnet flooding the universe with spam\u2026<\/a> well, that goes unnoticed because it doesn\u2019t affect the owner directly. Why would their owners trash them? The most the rest of us could hope for is their connectivity being disabled, but this would require security awareness by the device\u2019s owner. Right now, the Web is filled with devices \u2013 both personal and enterprise \u2013 with their default settings kept in place, along with super-tough login-password pairs such as admin: 12345<\/a>.<\/p>\n

This brings forth the second issue:<\/p>\n

Users\u2019 awareness<\/strong><\/p>\n

There are a few possible explanations as to why people keep the default settings for their net-enabled devices when that could leave them wide open to attacks: 1) They simply don\u2019t care. 2) They don\u2019t care and<\/em> they don\u2019t believe in cyberthreats<\/a> or<\/em> they don\u2019t think anyone would bother to attack them, etc. 3) They don\u2019t realize there are settings to be changed \u2013 protecting a baby monitor or a DVR with a password? Why?<\/p>\n

People who are less technically aware may not realize that their home Wi-Fi enabled printer may be subject to some dire vulnerability, which can be exploited in order to pwn<\/em> their entire network. When Heartbleed was disclosed, there were droves of various devices affected, including home routers and corporate firewalls, printers, video cameras, thermostats, home management gadgets, and even baby monitors<\/a>. How many of them also used (and still use) those dreaded \u201cdefault settings\u201d?<\/p>\n

Penetration depth<\/strong><\/p>\n

This issue is related to the ability of possible attackers to use a \u201csmart device\u201d \u2013 an aforementioned baby monitor, a CCTV camera, or a remotely operated thermostat \u2013 as leverage to set a foothold within the home or corporate network. Then they\u2019re closer to purloining sensitive data or getting access to the victim\u2019s finances.<\/p>\n

The #internetofthings is here; it demands attention #security<\/p>Tweet<\/a><\/blockquote>\n

If the under protected smart devices are on the same network as other elements of the corporate infrastructure, the risk is immediately present. All of the \u201cless-important\u201d equipment should be placed on a separate network from the one the business processes rely upon. If they remain on the same network, it will require a lot of supervision. The safest scenario includes both of these approaches.<\/p>\n

\"wide1\"<\/a><\/p>\n

So what does the future hold?<\/strong><\/p>\n

All of these \u201csmart\u201d, remotely operated, internet-enabled devices will be less and less exotic with each passing year. They will become as much a part of the Internet as servers and endpoints are today. To a degree, they already are, both in a good and in a very bad sense<\/a>.<\/p>\n

Will they become more secure in years? Cybersecurity is a hot topic today, too hot to ignore. Hopefully, CCTV camera and baby monitor manufacturers won\u2019t turn a blind eye on it. However, the possibility that the manufacturers of the cheaper devices may choose to save on security cannot be denied either.<\/p>\n

In the first post of the series<\/a> we mentioned two articles in Wired \u2013 one of which accused sci-fi authors of phobia mongering and being overwhelmingly pessimistic. The other objected, stating that we actually need more \u201cdystopias\u201d.<\/p>\n

Phobias of any kind are counterproductive in the end. Chronophobia and futurophobia \u2013 fears of time and future \u2013 are widespread today for a lot of reasons. But is it practical to be afraid<\/em> of all those \u201ctoo-smart\u201d devices, like refrigerators that can order groceries for you? Nope. But they do require attention, awareness of possible security issues, and the tools to mitigate them.<\/p>\n

And the tools are in place.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Electronic devices becoming so smart that they take over mankind is a recurring theme in sci-fi. Chronophobia and futurophobia are widespread, too. But what’s the point of being afraid? Security in the coming age of Smarternet requires awareness and attention.<\/p>\n","protected":false},"author":209,"featured_media":15791,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2242,2243,658,2244,659,2245],"class_list":{"0":"post-15037","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-chronophobia","10":"tag-futurophobia","11":"tag-internet-of-things","12":"tag-smart-device-security","13":"tag-smart-devices","14":"tag-smarternet"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/protecting-the-future-smarternet-and-chronophobia\/15037\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/protecting-the-future-smarternet-and-chronophobia\/15037\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/protecting-the-future-smarternet-and-chronophobia\/15037\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/chronophobia\/","name":"chronophobia"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=15037"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15037\/revisions"}],"predecessor-version":[{"id":33404,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15037\/revisions\/33404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15791"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=15037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=15037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=15037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}