IoT vendors are still not paying attention to basic security, even after we’ve seen hacks on insulin pumps, moving vehicles, nannycams, and WiFi Barbies, according to Aaron Lint, research director for Arxan Technologies.
It was five years ago that a security expert hacked an insulin pump produced by Medtronic Minimed to demonstrate how grievously dangerous it could be to crank out connected products without much thought to security.
Awareness of that event might have been expected to compel some IoT device developers to be somewhat more conscious of product security, but no. According to Aaron Lint, Arxan Technologies Inc. research director, “we found the vast majority — more than a half, more than three-quarters — of devices actually don’t do anything whatsoever to protect themselves against the types of attacks we protect against.”
Five years after demonstrating how easy it would be to shock diabetics into comas, hackers demonstrated how easy it is to take over a moving vehicle. About the same time, the FDA, working with a unit of the Department of Homeland Security, issued a warning that a specific medical infusion pump was at risk for being hacked, and should be disconnected, if possible. (See Network Security Is a Bad Joke)
Shortly after that, there was a rash of hacks of nannycams by people who chose to use their computer skills to terrify very young children. Shortly after that, it was revealed to be fairly easy to hijack a WiFi Barbie.
And just because the average readers of Light Reading don’t play with WiFi Barbies, don’t think you’re safe.