22 NEWSWEEK.COM NOVEMBER 01, 2019
ONLINE BREAKʝINS
Hackers could break into
one device on a car or in
a home and from there
gain access to an entire
network. Clockwise from
right: many toys are now
linked to the internet; IoT
devices in Jeep Cherokees
have been hacked; the
Department of Justice
indicted seven hackers
from Iran in 2 016.his paper identified but also many others that he
believes could arguably cause even more damage.
While the security firms serving large well-financed
companies like those targeted in the Mirai attacks
have come up with new ways to defend client serv-
ers against DDoS attacks, many manufacturers of
IoT devices are doing little if anything to protect
the rest of us from cyber mischief—not just zombie
device conscription, but also spying, sabotage and
exploits that security experts argue should raise
profound privacy and safety concerns.
What accounts for the neglect, Cui believes, is
a gold-rush mentality to grab market share in the
burgeoning IoT device business. Over the last five
years, the hype over IoT has become so hot that
many VC-funded startups in the consumer-device
field—and even some major manufacturers—are
adding internet connectivity, rushing their products
to market, and resolving to fix any security flaws later.
Some haven’t even thought about security at all. “You
have to put in the time and resources to care about
security,” says Cui. “But there’s a lot of VC money, and
they want to very quickly roll out a thing that has an
IoT feature that they think the market might like.”
The money is primarily spent to develop new devic-
es. “The problem at the moment is that there’s really
no incentive for security,” Cardenas told Newsweek.“Security usually gets in the back burner of these
“Someone will LOSE THEIR LIFE and then eventually they’ll kind of
knee jerk into fixing the whole industry. I think that’s what it will take
to change the mentality of car manufacturers.”
of quality assurance and testing, and penetration
analysis and vulnerability analysis to get it right,”
he says. But the rush to market “comes into violent
disagreements with proven security practices.”
Many of the largest tech companies have invested
heavily in tapping into the market for “smart home”
devices , one of the fastest growing areas for IoT de-
vices. Amazon is among those dominating the market
for smart hubs, along with Google, which purchased
the digital thermostat maker Nest in 2014 for $3.2
billion. Google has since expanded it to become a dig-
ital hub that also includes smoke detectors and secu-
rity systems like smart doorbells and locks. Samsungproducts.” Most consumers aren’t aware of the dan-
gers and aren’t demanding protection. And the device
manufacturers are under no obligation to provide it.
In a lab at the Georgia Institute of Technology,
Manos Antonakakis, an associate professor in the
school of electrical and computer engineering, and
research scientist Omar Alrawi, have also been
probing the gaping security vulnerabilities of the
emerging IoT. Antonakakis notes that while there’s
a class of well-known vendors that “at least try to
get the security right in some cases,” even large
manufacturers are under pressure to rush new IoT
products onto the current market. “It takes a lot &/2 &.:,^6
(
)^520/
()7
'$1 ,(/$
&.(^5ʔ%/^220%(5 *ʔ*(^77 <
$/(;
:
21*ʔ*(77<
^5
2 %<^1%
(&.ʔ$)3 ʔ*(77<