Feature Story


More feature stories by year:

2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998

Return to: 2015 Feature Stories

CLIENT: CUPP COMPUTING

March 13, 2015: Computing Now

The Malware of Things

By Art Swift

It's easy to get frustrated with the security problems we all face with our connected devices: shouldn't a PC/laptop/phone/tablet/whatever be secure by design? Is it really that hard?

When the malware problem first bloomed on PCs years ago, it was perhaps forgivable as a symptom of growing pains in a new industry. Microsoft took the brunt of the complaints. Now, though, it seems like any OS of a connected device can be hacked, and the vendors can't stop it any more effectively than Microsoft did all those years ago (or today). It really is that hard.

As we venture further into the age of the Internet of Things (IoT), what should we expect? Any system that communicates can have its communications hacked. If you think that statement is false, phrase it differently: it's possible to create a system with communications that can't be hacked. OK, then, name one. Banks, military-industrial corporations - that supposedly should know their security - all get hacked. We might hope that military systems themselves would be immune, but evidence of the hacking of Israel's Iron Dome system would say we're wrong.

In the Internet of Things age, the titular things are going to get hacked. How exercised should we really be? "Oh, no! Hackers are going to >set the thermostat in my house too high!" The joke's on them: my wife already is.

But think about our cars. And a car communicates - with the phone that the driver Bluetooths to it to make calls or listen to music, and to OnStar and similar systems.

According to a recent analysis, some of the more sophisticated cars on the road today network together various combinations of the media system, telematics system (e.g. OnStar), anti-theft features, and the brakes and engine control. Based on the track record of manufacturers vs. hackers, that's already good reason to be worried.

But it gets worse. Google and others are making great strides with self-driving cars. In order to maximize road capacity and safety, those cars will be communicating telemetry data with each other. When they start marketing the cars, Google et al will surely tell us about the steps they've taken to make those cars secure.

Security is sufficiently important to require redundant systems, aka "defense in depth." A small, independent security component, designed and implemented by someone other than the team that implemented the system being protected, will close holes that the system team didn't even realize existed. As a gatekeeper to things large and small - home security, automobiles, even mission-critical components of automobiles - a dedicated security unit shouldn't be contemplated as an option, it should be considered a requirement.

Art Swift is CEO of CUPP Computing, which provides security solutions for mobile systems, such as tablets, smartphones, remote service devices and the Internet of Things (IoT). CUPP Computing is headquartered in Oslo Norway, and has operations in Netanya, Israel, and Palo Alto, CA.

Return to: 2015 Feature Stories