Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/7/2020
10:00 AM
Emil Sayegh
Emil Sayegh
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Avoiding a 1984-Like Future

We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.

In George Orwell's dystopian classic 1984, Big Brother is an omnipresent antagonist who leverages surveillance and technology to instill fear, enforce rules, and gain reverence from the oppressed population. Today, the world is defined by convenience, with a growing number of advanced devices listening, watching, and collecting data. We live in a near-infinite media and communications state, with growing notions of diminishing privacy and the possibility of smart technologies becoming a conduit to a 1984-style surveillance regime. New technology – from cameras to sensors and controls — exists everywhere posing the question: Are we on a trajectory toward a "digital dystopia"?

Related Content:

How to Pinpoint Rogue IoT Devices on Your Network

The Changing Face of Threat Intelligence

New on The Edge: Loyal Employee or Cybercriminal Accomplice?

Information About Everything, Anytime
The majority of devices today are interconnected, relying on Wi-Fi. They aren't all autonomous or "smart" — yet. With 125 billion new devices projected to be online in the next decade, the Internet of Things (IoT) will only become smarter, with more and more access to data. This combination is a potential conduit to nefarious activities. Add artificial intelligence (AI), machine learning (ML), and automation to the mix, and the implications of these technologies working together become clear — information about everything, anytime. This collage of information contains treasure chests of information about you and the world around you that could be leaked, stolen, and used against you —like Big Brother did in 1984 to enforce his will on his subjects.

It's Hacking Time
Data is currency. While many industries and companies are built on collecting information, hackers focus on the ill-gotten acquisition of this data. The threat is growing because most smart devices are always online. Hackers and data thieves leverage shared skills and information, and also trade tools. When the worlds of IoT data and hackers collide, data will be misused — and vulnerable businesses will emerge with their data breached and reputations bruised.

This massive IoT target exists in a world of super-fast broadband and instant voice commands, where microphones pick up the everyday lives of everyday people. It holds so much power and wields so much potential for malfeasance that corporations, governments, and consumers must consider the potential for abuse now.

The World as a Target
With the advantage of IoT, it's possible that hackers soon will become the Big Brothers of our society unless we take a defensive posture now. These "Big Hacker" figures could be shadowy figures or even a nation-state or company. Whatever form these hackers take, the world of IoT is a tempting, significant target where intruders could take information over time or in one fell swoop. 

In this world, one small slip-up could mean the end of a career or business. Hackers could quickly release private video or information; they could compromise automated security systems, turn off power, and more. History shows that the unexpected should be expected.

In IoT (Do) We Trust?
We are surrounded by increasingly smarter, more integrated devices with a level of unjustified trust that security standards and safety are high. Unfortunately, the reality is that IoT security is hugely complex, and even secure systems are a wealthy target for attack.

IoT data that could hold a negative impact in the wrong hands includes:

  • Shopping preferences and habits
  • Camera feed
  • Voice feed
  • Security systems
  • System data
  • Location info
  • Behavioral data
  • Vital signs
  • Exercise routines

This data could be captured through hacking and infiltrating central repositories of information (such as large databases) or end-user devices. Security must become the fundamental building block of every IT architecture and system, or risk falling prey to Big Hacker.

Future of IoT and Security
Protecting user data must be an overarching corporate objective, with significant industry drivers such as compliance requirements, such as HIPAA for the healthcare industry, FERPA for the education sector, and PCI for the financial technology industry. Ultimately, people are the true stewards of their sensitive information, but they often let their guard down to smart devices' convenience. Just like liberties in democracies are fragile, companies also make themselves vulnerable by not building the proper defensive security protocols for their applications.

To avoid another 1984, people must not trust technology to be safe. Technology providers and users should agree on severe security practices, and these security standards must be implemented wherever data goes.

Emil Sayegh, President and CEO of Ntirety, is an early pioneer of Cloud Computing, recognized as one of the industry's cloud visionaries and "fathers of OpenStack," having launched and led successful cloud computing and hosting businesses for HP and Rackspace.Emil Sayegh ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.