Security: the Old Becomes New Again
By Andy Oram, Editor, O’Reilly Media
What happens when seasoned security experts look at our modern mania for enhancing everyday manufactured objects with network connections and computing power? They get quite scared. And when they succeed in conveying that fright to the general public (as they did in a widely cited WIRED magazine article last July), we get scared, too.
Driverless cars, smart electrical grids, and other parts of the developed world’s infrastructure will have to take a fresh look at security risks and which innovations are really worth the risk. (Would you put your car’s drive train at risk of failure just so your favorite music service can send updates to your car’s audio player?) But many answers lie in the familiar, time-tested strategies that the computer field has developed over the past forty to fifty years.
In that vein, I read an early released version of O’Reilly Media’s book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts. This highly technical book bubbles over with programming code, details of protocols, and other complex topics. What struck me most strongly was that every flaw it found in common products had a counterpart in older computer and networking technologies. I’ll explain some of its underlying principles on a high level, and let you decide whether to take it on.
Let’s take a simple example of a vulnerability described in this book: a device allows your friends to superimpose tinted items over your screen. This seems like a cute enhancement to online communications (and it is), but suppose a malicious intruder manages to get on your list of approved friends and uploads a black “tint” covering the whole screen? Your device goes dark. The designers of this enhancement assumed that it would be used as intended, leaving the screen showing through a transparent tint. But attackers thrive on doing things that weren’t intended--but were still allowed.
This problem could be at least partially solved by inserting some software before a tint is uploaded, to make sure it is truly transparent. That’s a general principle security experts urged upon us: checking for malicious input is an extra layer of security used in many systems. For instance, when you post a comment to most web pages, the web server checks for embedded programming commands, making sure your comment is really just a plain text comment.
Another sloppy practice that’s all too common in household networked devices is trusting what comes over the local network. If data comes over the Internet, it has to pass through a firewall on the hub, but too often there’s no encryption or other restraints on what one device broadcasts over the local WiFi network.
Trusting the local network is a habit easy to fall into in an age of wireless networks, where devices communicate by broadcasting information and listening to information from other devices. Trusting your local network give rise to insecurities. Someone who has figured out the codes recognized by common home equipment can reprogram it by standing in the foyer outside the apartment or coming inside under the guise of doing home repairs. A lot of WiFi networks extend farther than home owners think.
Classic security risks have classic security fixes. The standard solution to this kind of attack is “Encrypt! Encrypt! Protect the data both in storage and during transmission.” This advice should have been followed by TJX to avoid their breach and Anthem to prevent theirs. Whenever a breach occurs, there are measure that (in hindsight) could have prevented the breach. But you can never anticipate every rogue act of a clever intruder. If you encrypt your data (with the right tools and safeguards), they can steal it but they can’t use it.
Here, from Abusing the Internet of Things, are more examples where modern networks stumble into the security flaws found in past systems:
- Offering default usernames or passwords, and failing to require users to change them
- Granting access through a shared secret (often part of a URL or Internet address) that might be guessed by adversaries
- Broadcasting unnecessary information that could be used to break in over the over wireless network or the Internet
- Relying on passwords, which most users choose poorly or fail to protect
- Relying on the physical security of a mobile phone, which can be stolen or surreptitiously used by an attacker
- Using a simple trick to select key numbers (such as adding 1) which make it easy to guess the next number
- Leaving the device vulnerable to someone who is temporarily near the device physically
Some security weaknesses shown in the book are theoretical and unlikely to be exploited; others are highly relevant and have actually led to large-scale break-ins. If you want your products to be safe and keep your customers safe, you should pay attention to all the telltale signs of security flaws.