Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Automated devices are popping up all over, inside and outside the home—and the connectivity they require for updates, instructions, and programming could open the door for threat actors.
At tech showcase CES in January, autonomous internet-of-things (IOT) startups were on the floor showing off their products.
Consumer interest. Ensuring IoT devices are safe and secure is important to users, Rapid7 Principal Security Researcher Deral Heiland told IT Brew, because if it can be hacked, it will be. Consumers are becoming more security aware and are going to be looking out to ensure the companies whose products they buy have their interests in mind.
“We need the vendors to step up and start thinking about, ‘Hey, I’m starting to see more awareness in our consumers from security, privacy, how my data is being handled,’” Heiland said. “I think it’s to their advantage that they make a statement on that and make that data available.”
One of the main threats from hackers attacking connected IoT devices is that they could be used to access vulnerable home networks. Heiland told IT Brew that while it’s a danger, it’s one that carries a risk-reward calculation for the average attacker that doesn’t necessarily line up.
“If there’s a vulnerability that would allow that level of attack on a device, then yeah, somebody could do that,” Heiland said. “Now, what would they gain? Often there’s not always a big gain for breaking into individual homeowner’s systems; you’re gonna, at best, get data about them, you’re gonna get maybe bank information about them. And that’s a lot of work.”
CES chats. Pool cleaning robotics company Aiper’s machines operate autonomously, using network connectivity and an app for scheduled programming. The app-controlled pool cleaners are serialized to specific accounts, Aiper Director of Sales James Loria told IT Brew, meaning that the security will be similar to that of an iPhone.
“If someone were to steal it, they can’t do anything with it,” Loria said.
Lawn care company Yarbo’s machines connect with home networks via wi-fi, 4G, or LoRa, Yarbo VP Kenneth Kohlmann told IT Brew, and uses a roughly 100-strong IT team with members based in New York, Chicago, and Shenzhen that remotely patches vulnerabilities.
The company pentests its products to detect any areas of concern, and has a token generation multi-factor authentication system in place to ensure security. Yarbo also relies on a virtual layer that acts as a secondary buffer, meaning if hackers access the machines, they’re still faced with another overlay to break through.
“It uses an SSL certificate, and then we have a token system,” Kohlmann said. “So, basically, every time we request something from our server, we have to supply a token that’s only good for an hour. After that hour, we have to reauthenticate every time.”