Posted by Byron Dillard, CEO – EPIC Paradigms Group, LLC
Among the many things 2016 have produced for us, technology has been exposed for its greatness and its vulnerabilities. The advances and breakthroughs in technologies have been significant and having a range of effects on lives from the mundane to critical.
In the realm of ordinary everyday living, the technologies that have grown from beta testing to field testing and full user exposure have been things that enhance our driving experience (auto pilot and self-parking utilities for cars), SolarCities that use high-efficiency solar panels to create more reliable panels for energy conversion to conversational interfaces that make our smart phones, well, smarter…
Other technological advances that took place though not in the mainstream of everyday people’s conversation are advances in healthcare and health related technologies; i.e., Immunization Engineering (genetically engineered immune cells that are used to save the lives of cancer patients) and Gene Editing in plants – this precise technology capability allows for the production of plants that are both disease resistant and drought tolerance providing for the potential of raising the abundance in produce for mankind around the world.
The vulnerabilities made themselves apparent during our election process (email hacking, system break-ins to disrupt government agencies, etc.) but, quietly and more dangerously, conversations were relegated to a lesser profile in our society, on the whole, but raised a great deal of concern among healthcare providers.
So, what do we attribute this alarming turn of events to? The Internet of Things…
While I am a fan and proponent of IoT, I am also one who cautions others from fully embracing the potential of converting dumb devices to smart devices, in particular, to areas in our lives where we need greater research to ensure our security and our safety.
Recent studies and “hacking contests” have uncovered just how simple it is to disrupt our day-to-day lives – and, not in a good way. A recent articled penned by Lucian Constantin who writes for ComputerWorld, found that this year’s DEF CON conference held in August resulted in 47 new vulnerabilities affecting 23 devices from 21 manufacturers were disclosed during the IoT security talks, workshops and onsite hacking contests.
The types of vulnerabilities found ranged from poor design decisions like the use of plain text and hard-coded passwords to coding flaws like buffer overflows and command injection.
Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Lagute, Okidokeys, Danalock were found to be vulnerable to password sniffing and replay attacks, where a captured command can be replayed later to open the locks.
A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. A thermostat from Trane used a weak plain text protocol, potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality.
The wheelchair incident serves as the segue to my primary concern for this blog… Cybersecurity needs to be elevated in all aspects of Law Enforcement, Public Safety and Healthcare. This position is borne out and validated in a recent CSC Blog which profiles the significant patient care risk associated with in hospital software and medical devices.
Let me close with my co-signing on the need for all of us to broaden our collective awareness on IoT Cybersecurity. For those of us in the technology world, we should extend our respective orientations in networking and communications to manufacturers of devices that are being designed to make our lives easier.
Cybersecurity is the next technology bubble… The makings for a fallout from being ill-prepared is closer than most are prepared to admit…