When it comes to security risks in using the Internet today, many people may first think of malicious attacks on PCs, smartphones, and servers by malicious third parties. But we are at the wake of the massive Intel-processor MDS (Microarchitectural Data Sampling) security bugs, which can only be mitigated 100% with the complete disabling of Intel’s Hyper Threading Technology, a huge loss of performance up to 40%.
The unmitigated MDS bugs alone is a huge boost for the cybercriminals and their espionage operations. Those who will choose not to implement mitigations can easily lose personal information and corporate secrets that are transmitted through weaponized MDS-based malware. There are also many alternative patterns to break into corporate servers, steal more information, and cause direct damage.
It is also important to note that the purpose of hacking by attackers has been greatly altered in a decade, and has almost shifted to the acquisition of money, the “profit motivation” of cybercrime. What used to be the search for 15-minutes of fame as a script kiddie has evolved to a black market “for profit” enterprise, such as revenue-centric by selling of stolen information, industrial/corporate espionage, and receiving ransom money from a ransomware victim. Although anti-malware technologies are progressing, at the same time threats continue to increase, especially bugs in hardware (MDS) that are very difficult to patch with no performance penalty.
On the other hand, what is becoming a mainstream issue is security in the Internet of Things (IoT) world. In an old-fashioned way, it’s an embedded device that is connected to the Internet. In a closed world with no communication with the outside world, the problem would be relatively minor. However, connecting to the Internet exposes those off-the-shelf appliances to the same threats as laptops, desktops, mobile devices, and servers.
In particular, as malware evolves daily, the world of security measures evolves daily, in the past, embedded devices that have been up and running for more than 20-years are fairly common. Look at your grandfather’s radio, for example, the same KHz and MHz bands are still used today fifty decades after. Sophistication coupled with Internet connection spells trouble.
There are two possible reasons. One is that the number of devices connected to the Internet as IoT is larger than that of PCs, etc. The second is that software updates are not performed and there is a strong tendency to be left as it is after purchasing. Both Microsoft and Google released their own operating system for the IoT platform, both companies are competing in this space to determine which of their operating system will become a standard. Microsoft is pushing for Asure Sphere while Google is backing-up Android Things, the Android extension for IoT devices.
Even if each device is a single function and consumes less network bandwidth, it is possible to persuade the network to allow access to the devices by unknown parties. IoT infrastructure is very crude, the microcontrollers they contain are not as sophisticated as a full computer or a smartphone. Hence, they are a wide attack surface that companies and individuals who install them need to audit on a regular basis. Currently, IoT devices are still widely deployed in relatively limited products such as home appliances and surveillance cameras, but from now on various companies will develop their own devices, write applications according to their respective purposes.
However, the number of deployed devices is small compared to the commercial products, and there is a possibility that security measures are not always perfect because of the problem of the weight of resources to be developed, and the spread of damage is small, but the risk to attack is It can be said that it is expensive. If the running applications are not only for daily data collection but also for important infrastructure control, it may result in not only Internet obstacles but also for social confusion and serious damage.
IoT devices often incorporate a so-called OTA (Over-The-Air) mechanism for remote initialization and update, but exploiting this mechanism may lead to a successful device hijacking. Security risks become more apparent as IoT and 5G penetrate into infrastructure, and while it becomes convenient, it is also necessary to be aware that it contains risks as much. Development in embedded devices required rather low-level programming work, and although it was a world that included craftsmanship elements, the requirements required for network connectivity also changed.
Regular maintenance and analysis of operation status, and OTA updates, and the life cycle of software development are also required to operate differently in IoT, and the arrival of the 5G era and the importance of the security measures that accompany it is the development style and awareness change It will be an opportunity.