Antti Nuopponen, Head of Cyber Defence, Nixu. Photo: Pauliina Toivanen

International

Insecure manufacturing of IoT devices cause severe cyber threats

02.05.2017

Internet of Things brings us new solutions to make our daily lives run more smoothly. Among the new reliefs comes also new unprecedented threats. In a way, IoT has taken security backwards manufacturers making the same mistakes as computer software developers did years ago.


Centuries ago men use to build fortresses in places with spacious views: not that the walls itself would be unbreakable but to detect the conceivable enemy as early as possible and to prevent damages. According to Nixu, Nordic’s largest specialist company in cyber security consulting, cybersecurity should be seen the same way as they used to in the old days – as a continuous process where enemies are detected before they manage to cause any harm.

“It´s a big mistake to build a wall and not follow what’s happening outside and more importantly inside the organization. It takes approximately 200 days to detect a data breach,” says Antti Nuopponen, Head of Cyber Defense at Nixu.

Generally, Nuopponen is enthusiastic about all the opportunities that IoT has and is looking forward to see new inventions. What worries him is the manufacturers not having the needed knowledge about the cyber threats they are invoking.

“There are already several warning examples where hackers have been able to do massive distributed denial of service attacks using trivial malware like Mirai. Especially for manufacturers, who are coming from totally different areas of business, it might be hard to understand all the dimensions of security.” 


Cyber defence needed

Mirai is malware that turns IoT systems running Linux to remotely controllable bots. The bots can then be utilized as part of a botnet in heavy cyberattacks. Mirai has hit the headlines various times, whether it be a computer controlling property´s heat control crashing down or cyber criminals knocking a whole country’s internet offline like in Liberia last autumn. Same method has been used to shut off sites like Netlflix, eBay and Reddit in a mission to sabotage U.S.’s internet. Insecure IoT devices are intercept by Mirai which uses them to send vast amounts of traffic and cause service disruption.

“The simplicity of the attacks using IoT devices is what makes them even more worrying. Imagine your smart toaster attacking a nation online. If a manufacturer is having regard to security already in the planning phase, it’s a lot easier to prevent cyberattacks like these happening.”

In Nixu’s point of view, security is a must in projects where any developing, implementing or assessing of information is done.

“Manufacturers should be more careful building all these smart systems and ensure that their devices are secure and automatically updated. It´s not the consumer´s fault if something happens, it’s the manufacturer who should bear the responsibility and design devices that are well secured and safe,” Nuopponen reminds.

“And personally, I think it’s just wrong to sell trash,” he adds.

In addition to Industrial Internet, Nixu helps their clients to improve their cybersecurity also in solution areas of Corporate IT and Digital Business. Nixu ensures the confidentiality of companies’ data, business continuity and ease-of access to digital services through planning and mitigation of cybersecurity risks.


www.nixu.com


Text: Pauliina Toivanen

Nixu

We are Nordic’s largest specialist company in information security consulting.
Yrityksen verkkosivut