Depending on how you look at it, this is either a terrible time or a great time to work in cybersecurity. There could be up to 50 billion connected objects worldwide by 2020, a tenfold increase on the number we have today. And wherever there’s an internet connection, there’s a chance it could be hacked.
The International Forum on Cybersecurity took place in Lille earlier this week, attended by politicians, academics and representatives of private companies. All were there to figure out how to avoid the pitfalls of this explosion of connections, and to chat about the worries which keep them up at night. Here’s what they said.
1. Hackers love the “internet of things”
Kettles, fridges and bins connected to the internet (collectively known as the “internet of things”) are likely to be even less secure than smartphones and computers. This is for a whole panoply of different reasons.
First, products on the market so far have come with passwords set by the manufacturer which users are unlikely to change, and are therefore easy for hackers to guess. “ABCD”, “1234” and “0000” are all a good place to start.
In the future, more and more of these devices will be produced cheaply and sold over the internet with no instruction manuals or seller input, exacerbating the problem. Fabrice Clerc of 6Cure, a cybersecurity company, said connected objects are “very appealing for the hackers”, especially when they’re built with “low cost components”.
Does it matter? It does when these breaches could lead to hackers corrupting or stealing your data, hacking into your WiFi connection, or controlling your home. A connected life could easily become a hacked life.
2. The weakest component of any connected object is the human using it
Humans are a security nightmare. They open spam emails, visit sites filled with viruses, leave their devices lying around and forget to update their software regularly.
Maryline Boizard, a law lecturer at the University of Rennes, explained that the human using a device can undermine pretty much all of its security features. “You can have a really secured object, but it all depends on the user,” she said. “If your password is ‘admin’, that object is dead.” This is partly because…
3. Passwords are terrible
As should be becoming clear by now, anything with a password is instantly more vulnerable to hacking. Nicole Jones of Google told the conference that the company doesn’t really believe in them anymore – that it has joined the “war on the password” which is gaining momentum throughout the sector.
That’ll be why it keeps making you sign up for two-step verification using your mobile number, then. It’s also why banks make you generate a passcode on a little bit of plastic before it’ll let you into your account. A simple string of letters and numbers isn’t enough to be sure the right person is logging into an account.
4. We still need to worry about viruses
This might seem a little 2002, but viruses are a bigger problem than ever. Huawei, the telecoms and ICT company, reckons that around 20 million new malwares are invented every day. Nicole Jones of Google says that most viruses are contracted via normal sites which have been attacked, rather than sites dedicated to taking your computer down, so they’re even harder to avoid.
5. Apps are really insecure
Users also seem spectacularly unconcerned about the security of the apps they download. A rep from Pradeo, a mobile security firm, told me that 100 per cent of the paid apps on Android and 56 per cent of those on the Apple store were cracked in 2013. Financial institutions’ apps are particularly vulnerable: around half have been hacked on Android and a quarter on Apple.
6. Cybercrime has become a profession
Hacking has gone from being the province of a small and curious minority to forming its own black market, thanks both to the people willing to pay for information (however it’s obtained) and the fact that firms will pay small ransoms so hackers leave them alone.
A representative from Europol said that “we’re now seeing a lot more extortion as part of the business model”, leading to the rise of the term “ransomware” to describe small-scale, ransom-focused hacks. Christophe Jolly of Cisco France confirmed that we’ve seen an “industrialisation of hacking” in the past decade or so.
7. Security can’t keep up with technology
Overall, we need to accept that our devices aren’t really secure – they never have been, and probably never will be. John Suffolk of Huawei said he often asks rooms full of cybersecurity professionals how to keep a device truly secure, and the answer is always the same: “Don’t turn it on.”
If you’ll insist on actually using your devices, keep the software updated, read the manual, educate yourself on scams and malware, and for god’s sake, choose a good password.