Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/7/2020
10:00 AM
Emil Sayegh
Emil Sayegh
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Avoiding a 1984-Like Future

We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.

In George Orwell's dystopian classic 1984, Big Brother is an omnipresent antagonist who leverages surveillance and technology to instill fear, enforce rules, and gain reverence from the oppressed population. Today, the world is defined by convenience, with a growing number of advanced devices listening, watching, and collecting data. We live in a near-infinite media and communications state, with growing notions of diminishing privacy and the possibility of smart technologies becoming a conduit to a 1984-style surveillance regime. New technology – from cameras to sensors and controls — exists everywhere posing the question: Are we on a trajectory toward a "digital dystopia"?

Related Content:

How to Pinpoint Rogue IoT Devices on Your Network

The Changing Face of Threat Intelligence

New on The Edge: Loyal Employee or Cybercriminal Accomplice?

Information About Everything, Anytime
The majority of devices today are interconnected, relying on Wi-Fi. They aren't all autonomous or "smart" — yet. With 125 billion new devices projected to be online in the next decade, the Internet of Things (IoT) will only become smarter, with more and more access to data. This combination is a potential conduit to nefarious activities. Add artificial intelligence (AI), machine learning (ML), and automation to the mix, and the implications of these technologies working together become clear — information about everything, anytime. This collage of information contains treasure chests of information about you and the world around you that could be leaked, stolen, and used against you —like Big Brother did in 1984 to enforce his will on his subjects.

It's Hacking Time
Data is currency. While many industries and companies are built on collecting information, hackers focus on the ill-gotten acquisition of this data. The threat is growing because most smart devices are always online. Hackers and data thieves leverage shared skills and information, and also trade tools. When the worlds of IoT data and hackers collide, data will be misused — and vulnerable businesses will emerge with their data breached and reputations bruised.

This massive IoT target exists in a world of super-fast broadband and instant voice commands, where microphones pick up the everyday lives of everyday people. It holds so much power and wields so much potential for malfeasance that corporations, governments, and consumers must consider the potential for abuse now.

The World as a Target
With the advantage of IoT, it's possible that hackers soon will become the Big Brothers of our society unless we take a defensive posture now. These "Big Hacker" figures could be shadowy figures or even a nation-state or company. Whatever form these hackers take, the world of IoT is a tempting, significant target where intruders could take information over time or in one fell swoop. 

In this world, one small slip-up could mean the end of a career or business. Hackers could quickly release private video or information; they could compromise automated security systems, turn off power, and more. History shows that the unexpected should be expected.

In IoT (Do) We Trust?
We are surrounded by increasingly smarter, more integrated devices with a level of unjustified trust that security standards and safety are high. Unfortunately, the reality is that IoT security is hugely complex, and even secure systems are a wealthy target for attack.

IoT data that could hold a negative impact in the wrong hands includes:

  • Shopping preferences and habits
  • Camera feed
  • Voice feed
  • Security systems
  • System data
  • Location info
  • Behavioral data
  • Vital signs
  • Exercise routines

This data could be captured through hacking and infiltrating central repositories of information (such as large databases) or end-user devices. Security must become the fundamental building block of every IT architecture and system, or risk falling prey to Big Hacker.

Future of IoT and Security
Protecting user data must be an overarching corporate objective, with significant industry drivers such as compliance requirements, such as HIPAA for the healthcare industry, FERPA for the education sector, and PCI for the financial technology industry. Ultimately, people are the true stewards of their sensitive information, but they often let their guard down to smart devices' convenience. Just like liberties in democracies are fragile, companies also make themselves vulnerable by not building the proper defensive security protocols for their applications.

To avoid another 1984, people must not trust technology to be safe. Technology providers and users should agree on severe security practices, and these security standards must be implemented wherever data goes.

Emil Sayegh, President and CEO of Ntirety, is an early pioneer of Cloud Computing, recognized as one of the industry's cloud visionaries and "fathers of OpenStack," having launched and led successful cloud computing and hosting businesses for HP and Rackspace.Emil Sayegh ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...