When an Attack Means Murder: The IoT Healthcare Security Vulnerability
Goals and methods are typically agnostic to industry, from healthcare to banking to intelligence. Attackers always want the same things: to steal information, manipulate data, disrupt service with DoS attacks and use ransom to achieve their ends. But while in other industries the risks are financial and reputational, when it comes to health services and IoT connected devices, human lives are at stake. A hacker can be a murderer.
And as healthcare gets more sophisticated, the risks intensify. Take AI, for example. AI and machine learning have already entered the practice of medicine, as they automate some basic medical decision processes. Hackers are well aware of this, which frames attack intent as “medical decision manipulation.” In other words, imagine an attack that manipulates the training data of AI modules, providing fake inputs to the system that will eventually result in a wrong medical decision. A hacker can change the inputs into the algorithm — falsifying blood tests, for example — and the “computerized medical advisor” could prescribe medication that can harm or even kill the patient. This is a terrifying notion. (Read More)
BlueBorne: 5 Billion Bluetooth Devices at Risk as ‘BlueBorne’ Malware Spreads
Researchers at Internet of Things (IoT) security firm Armis Labs have found “BlueBorne” — a new malware that targets devices via Bluetooth and over five billion such devices globally are at risk. “BlueBorne” allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices, the researchers noted.
“Bluetooth attacks such as a recent set of attack vectors ‘BlueBorne’ depend on the availability of the Bluetooth device as well as close physical proximity”, said Vitaly Kamluk, Senior Antivirus Expert, Kaspersky Lab, in a statement on Thursday. The new vector spreads through the air and is capable of causing eight related zero-day vulnerabilities, four of which are classified as critical. It poses threat to major mobile, desktop and IoT operating systems that includes Android, iOS, Windows and Linux and the devices using them.
How to Protect Connected Home Devices and Appliances from Cyber Attacks
In July of 2014, HP Labs did a study of 10 popular IoT devices and found security was shockingly bad. The researchers studied 10 devices, looking at end-to-end security capabilities including privacy protection, authorization, encryption, user interface protection, and code security. They found 70% of the devices had at least one major vulnerability. At the end of their study, researchers identified over 250 vulnerabilities, an average of 25 per device. Security was clearly an afterthought or not considered at all. That’s bad enough for an engineer to deal with, but much worse for the unprepared consumer.
An average consumer, or even a security savvy consumer, has little ability to know which brand of IoT device has better security or any at all, leaving the primary responsibility for securing their devices squarely with the OEM. A compromised consumer device may have little impact on the device’s performance and the consumer may not even realize their device was hacked. Should the OEM care?
Absolutely! On the surface, the hacked device may seem benign. But a device, like a smart refrigerator, may reveal WiFi credentials to a hacker giving them a beachhead from which they can then attack other more critical devices on the network. So, it’s about more than just protecting the device itself. (Read More)