The Internet Of Things Is Mobile And We Need To Be Worried
One Sunday night a few months ago, I burst out laughing as I watched an astonished news reporter valiantly try to drive her hacked car with windshield wiper fluid flying, horn blaring, and brakes failing.
And then suddenly I stopped.
I stopped because I realized people don’t understand how easy it is to perpetrate hacks like this in today’s era of hyperconnectivity.
It’s possible to hack pacemakers, medical devices in hospitals, and surgical robots.
It’s possible to hack home appliances and thermostats.
It’s possible to hack modern aircraft and automobiles.
This last possibility was confirmed in spectacular fashion just a few days ago: a Wired.com reporter provided first-hand details about a wireless hack on a Jeep that occurred while he was driving it on the highway. (See details here: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.) Researchers behind the hack had previously shared details about the vulnerability with Chrysler. As a result, Chrysler last week issued a recall of 1.4 million cars to patch it.
While one has to believe that Chrysler’s patch will fix this particular vulnerability, the fact remains that most modern devices and their associated systems are vulnerable to cybersecurity threats. After all, they’re all connected to the Internet; they’re all part of the Internet of Things.
And that’s the issue: the openness of the Internet provides fertile ground for creative, malicious actors. Increasingly, such individuals are launching man-in-the-middle attacks.
Man-in-the-middle attackers intercept, insert and/or manipulate data-in-motion, breaking all trust ascribed to Internet communications. Traditionally, encryption has been used to ensure data integrity. However, for reasons that include key theft and advances in parallel computing processors (which makes brute-force attacks faster and less costly), encryption alone is no longer sufficient to thwart man-in-the-middle attacks.
These attacks can have catastrophic consequences. For instance, multiple, simultaneous cyberattacks could trigger cascading power failures. Imagine a situation where a hacker lowers the cooling set point temperature on millions of networked thermostats to cause a spike in energy demand on a hot summer day. In the case of mass surveillance of stock and futures trades, these hacks can create situations that undermine the integrity of financial networks.
Add the complexity of mobile as an attack vector and the problem, with more than 7 billion mobile devices connected to the Internet, grows exponentially. This is particularly true since (a.) mobile devices are typically less well protected than devices on local area networks (LANs), and (b.) attacks perpetrated by mobile devices can be more difficult to identify and trace.
Given that we’re already losing the cyberbattle, we need to be worried.
But, it’s not sufficient to worry. It’s also not sufficient to rely on the status quo way of countering cyberthreats. We need to be proactive and make fundamental changes in the way we approach the problem of protecting data-in-motion, in the way we work to thwart man-in-the-middle attacks.
Dispersive™ Virtualized Network provides an elegant solution to this problem. Our software, which runs on devices that include Raspberry Pi boards, smart phones and computers, splits data into smaller, non-duplicated packet streams and then sends these packets across multiple paths. We roll paths to refresh them and ensure we’re always routing the fastest way possible. Additionally, since traffic is split, it’s virtually impossible for man-in-the-middle attackers to know which routes you’re using, much less collect enough meaningful data to reassemble your communications. And, when turned on, our built-in firewall rejects traffic from non-approved devices. This means our software-defined networks deliver speed, security and reliability. And they do so in a way that helps enterprises save money.
We’d be delighted to go into more details during a call with you. Please drop us a line at firstname.lastname@example.org.