It’s the last week of Cybersecurity Awareness Month, and the last installment of this weekly blog series. In our first three installments, we talked about protecting everything you connect, a bit on protecting devices at work and at home, and then the specifics of medical devices. For this last week, the focus is on the future of connected devices.
Predicting the future is always a challenge, especially when you’re trying to predict where rapidly evolving technologies are going. Fortunately, we get to concentrate on connected devices and not try and predict where an entire industry is heading.
We’re already seeing telecom companies rolling out 5G networks, and with them, much, much, greater speed and bandwidth for the people in range. While the technology has its limitations, imposed by RF physics and the upstream pipes, it still has massive potential. We’ve also seen low orbit satellite systems with the potential to bring broadband to areas of the globe that aren’t well served by any existing means. That brings more opportunity to connect diverse systems to an ever-growing network.
Devices themselves are evolving and becoming smaller, more powerful, and cheaper. We can have internet connectivity in everything from our refrigerator and dishwasher to our power outlets and light bulbs. We have toys, TV’s, security systems, doorbells, and a host of other devices with IP addresses and a connection to the Cloud.
If it can be connected, it will be connected. And if it can’t be connected yet, give it time. It will be.
Smaller, Better, Cheaper
That is a trend we are bound to see continue. Connected devices will spread into our homes, our businesses, even our vehicles. You can find mobility scooters, electric bicycles and skateboards with matching phone apps, and those phone apps are connected to the internet. Not just our bikes and scooters. There’s an entire industry that relies on this sort of connectivity.
That connectivity extends to our cars – and actually has for some time. Several manufacturers have offered vehicle connectivity packages for a while. Originally, they were just cellular links. Push a button and you’re connected to a concierge service, or emergency services in the event of an accident. But those capabilities evolved so the concierge service could download directions into your car’s navigation system or open the doors with a phone call when you locked yourself out.
That’s evolved to several manufacturers offering over the air updates. Your vehicle isn’t so much a car anymore, as a four wheeled computing platform that gets software updates pushed to it automatically and transparently.
Just hope the patch cluster was well tested before it was pushed out.
An Expanded Surface
All these new connected devices will, not surprisingly add new attack surfaces and new threats. While a lot of care goes into developing the software that runs your drive-by-wire car, because the risk of it deciding to floor the throttle and make random lane changes is not really something we want to ponder, what about the latest update to your smart fridge?
The first question is really “is there an update for my Smart Fridge?” And there almost certainly is. Anything that’s running Android or another Mobile Device class operating system should have support. At least for a while. But what about those smart bulbs and wall outlets? Probably not so much.
The challenge of supporting small, connected devices will only grow over time, as more and more of them are deployed into our environments. Between a lack of patch support for what amounts to disposable devices, and a lack of resources to keep them maintained, they represent a growing attack surface that’s largely out of mind already.
Keep Ahead of The Curve
So what do we do against a backdrop of more and more connected devices cropping up in more and more places? We rely on the advice security professionals have been giving all along – the advice I talked about in the earlier posts in this series.
From the Gurucul perspective, staying ahead of the curve means deploying an Advanced Behavioral Analytics system that leverages artificial intelligence and machine learning to adapt to a changing environment. Of course, I mean our Unified Security and Risk Analytics platform.
It can be hard for a lot of systems to keep up with an ever-changing environment, where new devices come into the mix, often with unknown threat surfaces. But with a behavioral analytics engine, you’re looking for behaviors rather than specific rule-based events. When a new device, or horde of devices, comes into the environment, the system sees them and quickly “understands” what is normal for them. When there is a deviation, it’s taken in context and reflected in a unified risk score. Basically, when those new smart bulbs start flashing an SOS or the fridge in the break room starts downloading encrypted files from across the world, the system reacts without having to be told ahead of time that that is not normal behavior.
Attend Our Webinar
Attend our upcoming webinar on the future of connected devices to understand how how Gurucul Behavior Analytics can weed out IoT anomalies since these devices perform a narrow set of functions that allow abnormalities to pop out.
Webinar: The Future of Connected Devices: IoT Security
Thursday, October 29, 2020 | 11:00 AM Pacific