Question 389
Question Answered step-by-step “We’re getting everyone together who is equally passionate about solvingsecurity problems,” Harrington says. “They’re competitive against themselves, and against the status quo.”Collaboration is necessary to outrace malicious actors in the near future, Harrington, Wang and others say. Medical devices, transportation infrastructure and the electric grid are all vulnerable. Harrington worries botnet and other attacks will get worse before they get better, and he doesn’t think consumers learned any lessons from last year’s Dyn hit. They’re still not going to change their factory-set passwords. Such an attack would still probably be successful today, he says. People won’t get serious about security updating firmware, disabling unwanted features and unplugging devices when not in use, for instance until tragedy strikes, “when we see an incident of someone getting hurt or killed with a connected device.” People don’t know how close they come, on a daily basis, to a potentially devastating hack.That’s why white hats continue to look for flaws and point them out to make things better. Margulies ultimately received a letter back from the garage opener manufacturer, which said it would look into how best to address the security issues. White hats’ work can only go so far; it’s up to consumers to demand security, and to developers to take it seriously.Harrington says developers need to identify potential hacks and threats early in the design process, especially for IoT objects, and build in protections to the finished product. In addition to better protecting people, this approach will cost companies less money in the end. This isn’t an issue of complexity, he says; it’s an issue of priorities: “It’s not very difficult at all for a manufacturer to adequately build security in.” Even though experts disagree on the best way to build in security, designers could start simply by requiring users to change passwords during setup, collecting less personal data, or even allowing consumers to opt out of data collection.It’s no secret today’s smart devices aren’t smart on security. Harrington compares the devices to cars: “Volvo has an amazing reputation as being safe. Someone who cares about safety is willing to pay a premium to buy a Volvo,” he says. “Today, in the IoT, you don’t have a choice to buy the Volvo version of a safe product. All you can buy are the ones with shitty airbags.”WHAT’S ALL THIS ABOUT HATS?Originating from the sartorial choices of cowboys in old Westerns, “bad guy” hackers are known as black hats and “good guys” as white hats. Hackers who occupy the space in between became known as gray hats.WHO’S WHO OF HACKSThe internet of things isn’t the only vulnerable target. In May, hackers unleashed a cyberattack named WannaCry that crippled hundreds of thousands of computers in 150 countries by exploiting a susceptibility in Microsoft Windows.It was an example of ransomware, malicious computer code that disables a system until the victim pays a hefty fine. In this case, the hackers wanted $300 to unlock infected machines. (Experts advised victims not to pay, as it’s uncertain if they’d get their files back, and it encourages more attacks.)Ransomware attacks are rising. In January, the St. Louis Public Library network became infected. Library patrons couldn’t check out books, and the library’s computers were disabled. The perpetrators demanded $35,000 in bitcoins, a digital currency that’s difficult to track. Last November, hackers disabled ticketing systems at San Francisco’s public light-rail system and demanded $73,000, also in bitcoins. In March 2016, ransomware crippled hospitals in Maryland and Kentucky. None of these institutions paid the ransom (though some, in other attacks, have); all of them have restored their systems, typically by erasing affected servers or computers and restoring the data from backups.Even worse, adversaries are starting to play the long game getting into a network and staying there without being detected. They find a weak entry point into a system, and use it to gain access. “Professional hackers have got that down to a science,” says Brian Varine of the U.S. Department of Justice Security Operations Center. “They get in, and stay in.”So it went with a 2013 hack of Target stores across the country. Attackers used login credentials for an HVAC company to access Target’s network, and from there they could access cash machines and install software to poach credit card information. Losses to the store were estimated at $420 million. Zingbox co-founder and CTO May Wang describes this as a steppingstone attack: Hackers sneak in through a weak link and lie in wait for a bigger score.Hacking methods are getting even more insidious, too. In late 2016, Finnish computer security expert Mikko Hypponen’s employer, F-Secure, began tracking a gang of hackers who released a piece of malware called Popcorn. It encrypts a person’s files until the victim pays 1 bitcoin (about $2,900 at press time). Victims who can’t pay can get their files back for free if they infect two of their friends, and the friends pay their ransom.”Holy hell, that’s devious,” Hypponen says. “It’s almost hard to be angry at these guys when they’re so creative. It’s really nasty, but really clever.” S.O.THE HACKABLE HOMEThe number of a household’s connected devices each a part of the “internet of things” will likely only grow. But as convenience improves, so will the chances of a malicious hacker gaining entry to your digital life. With your home network as a central hub, an infiltration of any of the devices could put your entire house at risk. Health Science Science Nursing NURSING 328 Share QuestionEmailCopy link Comments (0)
Needs help with similar assignment?
We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper
Get Answer Over WhatsApp Order Paper Now