Transport threats, physical harm and hobby hackers exploiting security vulnerabilities will shape IoT in 2017, says Rapid7

December 26, 2016

Posted by: Avadhoot Patil

Deral Heiland, IoT research lead, Rapid7

Deral Heiland, IoT research lead, Rapid7

Threats to transportation

Craig Smith, Transportation research lead, Rapid7

We will see malware used to shut-down a major transportation sector. I anticipate that the malware will be intentionally targeted to halt a transportation sector either for the purpose of ransomware, or political gain.There will be a large uptick in hardware related security attacks.

As security research increasingly bleeds into hardware, we will see creative ways to patch vulnerabilities when no update mechanism is readily available.

We will see the concept of an internal trusted network deteriorate. Internal networks will be treated the same as any external non-trusted network. With the increase of IoT devices, phishing attacks, and social engineering, even the concept of a corporate trusted laptop will need to be re-evaluated.

IoT vulnerability management

Tod Beardsley, senior security research manager, Rapid7

Tod Beardsley, senior security research manager, Rapid7

Tod Beardsley, senior security research manager, Rapid7

We will see many, many more hobby hackers publishing vulnerabilities in IoT. Cost of entry is low, there are tons of new devices with old bugs and the DMCA now exempts consumer device research, which means boatloads of public vulnerability disclosures. Which is good — and also chaotic. You could say that how IoT manufacturers respond to these disclosures will be make or break for the industry.

On the one hand, you might expect more mature companies to respond quickly and positively – patching and updating devices – but it’s also plausible that smaller, younger companies will be more nimble, and therefore able to respond faster.

What we’ll see from IoT in 2017

Deral Heiland, IoT research lead, Rapid7

If 2016 was the year IoT exploded, 2017 will be the year that IoT comes to life. I believe 2017 will be the first year IoT is used to inflict physical harm on a human. I also believe that audio information — voice data — gathered from home automation systems, such as the Amazon Echo will be used for the first time to solve a crime. I also expect to see MFP device security issues directly tied to a major corporate breach.

The authors of this blog are Craig Smith, Tod Beardsley and Deral Heiland of Rapid7

Comment on this article below or via Twitter @IoTGN