BLACK HAT USA – Las Vegas – Buckle in for a wild ride in the next two decades where the role of security professionals will rise in dramatic importance, Mikko Hypponen, F-Secure chief research officer, predicted at a Black Hat presentation today.
"Our work is not to secure computers, but our work is to secure society," says Hypponen in his presentation The Epocholypse 2038: What's In Store for the Next 20 years.
The security researcher pointed to likely sea changes the industry will witness in the coming 20 years: the 2038 Unix Millennium bug that will drive industry worry on par with Y2K, major shifts in the way security professionals deal with Internet of Things devices, cryptocurrency, SSL encryption and national security.
Y2k Redux in 2038?
When January 19, 2038 rolls around, the industry is bracing for a situation where the computer industry running on Unix will out of bits and systems will crash.
The 2038 epocholypse has been compared to Y2K, in that fear and loathing hype is mounting. Hypponen recalls how he was busy standing guard on New Years Eve when 2000 rolled in and the entry into the new millennium went smoothly. But despite all the bashing that the industry cried wolf about the doom that could have occured on New Years' day 2000, Hypponen says two points were missed -- and it's something to keep in mind for 2038.
One point is that an enormous amount of work went into finding bugs and fixing them prior to Y2K, so the impact was greatly minimized on the actual day, said Hypponen. The second point is that not all Y2K-related problems immediately emerged on Jan. 1. Some came much later, such as inaccurate readings for Down Syndrome risk in pregnant women, he recalled, noting how some women underwent abortions unaware of the misdiagnosis.
"[The year] 2038 is way off in the future. People think we have plenty of time to fix it, but I will guarantee you we will run out of time," Hypponen warned.
Cryptocurrency Game Changer
Bitcoin and other forms of cryptocurrency will likely take a big chunk of business away from the brick-and-mortar banks but these virtual currencies won't likely cause institutions to go out of business, predicted Hypponen.
But cryptocurrency is dramatically changing the landscape related to how law enforcement will chase the bad guys and follow the money. Cryptocurrency not only allows cybercriminals to conduct transactions anonymously but also gives them an avenue for laundering the money through multiple digital accounts with lightning speed, he noted.
And thugs are also using the cryptocurrency when committing traditional physical crimes, Hypponen said, pointing to a Brazilian kidnapping where the attackers demanded a ransom payment in Bitcoins.
SSL, IoT, and Nation State Attacks, Oh My
Quantum computing is reaching a point where in the very near future it may pose a threat to SSL encryption, Hypponen predicted, explaining how the ability of quantum computers to crunch through waves of prime numbers puts the security of SSL encryption at risk. Evidence: IBM's announcement earlier this year about the construction of a commercially available universal quantum computing systems for its IBM cloud platform.
In addition to the potential demise of SSL encryption, humans are also facing greater risks with the rise of IoT devices. "There will be a day when consumers buy products and don't even realize they are IoT devices," Hypponen said. "If it is a smart device, it is a vulnerable device," which he predicts will create the need for a separate IoT network.
But what keeps Hypponen awake at night is the prospect of a nation state attack on consumers. "Wars today are fought with drones," he said, asking what would happen if the software that feeds into computer chips and devices were instructed to have the device catch on fire, simultaneously across millions of homes.
"Technically, it can be done," Hypponen said, showing a demo of one device in flames.
- Truly Random Number Generator Promises Stronger Encryption Across All Devices, Cloud
- Nation-State Hackers Go Open Source
- IoT Security By The Numbers