You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!
I'm really cooling to the idea of wellness IoT devices because of security. There are too many people around the world with nothing better to do than steal from other people. And now you can do it from your phone. Check out this public service announcement from the FBI on ransomware schemes.
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker).
You will also find pages and pages of articles on the subject. You can define the search by device: Car, TV, Phone, iOS, Android, etc... It really is disturbing if you think about it. Even more disturbing if it happens to you...
I guess the 100 bitcoin question is: Will we ever be safe from cyber attacks? At least safe enough for medical IoT?
Security has never been a priority in commercial IT systems, it's been much more important to ship it as soon as the "visible" functionality is more-or-less working, and to give IT support back doors through which they can fix things. Back in about 1973 Cambridge University got an IBM 370 to replace the Titan, which had been built in-house; people who had been encouraged to try to break the Titan operating system were told not to do that with the IBM beause it was so trivially easy.
ITU-T's focus group on next generation mobile has just produced a report on where the problems are with current-generation networking protocols, but it doesn't include anything on security because there none of the members were experts on security.
Darpa is working on securing IOT like devices. Their first project was about a drone , and according to a hack team from the nsa that we're given the source code - it was very good.
But again , the real problem is people implementing that. For example, we've known for decades that c is a shitty language, full of security holes , and we've known how to fix some of them(for example check if accessing arrays outside boundaries). But since it's more expensive(in system and/or dev cost, and in time) , most didn't bother.
I'm not convinced that security is the biggest problem for medical IoT, at least not today. It makes for good scary copy, but in my view medical IoT first has to cross the hurdle of utility. It's also worth remembering that hackers are as much slaves to RoI as the rest of us. Credit card data, banking info and on-line pay options, followed perhaps by identity data, are much more attractive targets than hacking a pacemaker or even a car. Dramatic threats appeal to our hind-brains but we should remember to balance those against the million other things we are reminded daily are waiting to end our lives in horrible and spectacular ways, all at vanishingly small probabilities.
As for ransomware, I risk stating the obvious, but having a good backup to restore would be a work-around for PC's. I'd wager that most people burned by this did not have back ups.
However, I have been researching after-market remote starters for my car, and it does give me pause to think that I might be creating an opening for someone to hack my car. This would be pretty unpleasant. They even sell units you can have installed that 'bypass' the key smart chip security on your alarm system, so you can start the engine without the key being present. Hmmm, should I be worried?
There's always a trade-off between security and convenience. If you leave your house unlocked you don't have to fiddle with the key to get back in. You balance that certain, small, inconvenience with the unlikely, large, inconvenience of being burgled. If you live in a big city it's not worth it. If you live in a small community in the countryside, it might be.
The difficulty with on-line security is that most people haven't yet learnt how to recognise where the risks are.
There's always a trade-off between security and convenience. If you leave your house unlocked you don't have to fiddle with the key to get back in. You balance that certain, small, inconvenience with the unlikely, large, inconvenience of being burgled. If you live in a big city it's not worth it. If you live in a small community in the countryside, it might be.
The difficulty with on-line security is that most people haven't yet learnt how to recognise where the risks are.
Good point on after-market stuff. Rather like adding apps to your computer, but so far without any mechanism to approve/screen. Who would do that I wonder - the auto-makers?
