Attackers zero in on M2M device security holes
Attackers will increasingly focus on hacking into vulnerable machine-to-machine (M2M) devices and other objects included in the broad term "Internet of Things," predict security researchers consulted by eWeek.
Security is usually an afterthought for M2M device vendors, observes vulnerability management firm Rapid7. Firms want to get the product out the door, so security is often not included in the product's design.
"This is only set to continue--we're already seeing network-enabled toasters, kettles, fridges and much more emerging. Unfortunately, researchers have found time and again that security issues abound on embedded devices, and they are typically very poorly patched," Rapid7 said in a statement emailed to eWeek.
Phil Packman, general manager for security enablement at BT, agrees. "Security often isn't at the forefront of the engineer's mind when they meld the Wi-Fi port to my fridge or toaster, and that sometimes security threats can arise in the most unlikely of places," Packman writes in a blog
"From the work I've seen undertaken in the majority of companies, it is often hard for the engineer to 'connect' in the course of his day job, and an external attack can seem quite unlikely. On the other hand, clients who rely extensively on automated control systems with remote monitoring can easily see how this risk is very real for them, carrying with it consequences that don't bear thinking about," Packman observes.
Engineers working on embedded devices should consider security at the beginning of the development process, not as an afterthought. These devices often control critical industrial processes that could be exploited by a cybercriminal for financial gain or worse an attacker bent on death and destruction.
Current Analysis: Unguarded M2M endpoints pose enterprise security risks
Increasing cyber threats spurring 29.4 percent CAGR in smart grid cybersecurity market, says TechNavio
Spotlight: Embedded SIM technology to spur mobile vehicle connectivity