Advertisement

  • News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

Beware: Your Smart TV Is Under Attack!

Photo Credit :

Last year, the world witnessed major hacking attacks. Attacks which invaded privacy, attacks which duped enterprises of critical data and attacks which amounted to huge losses. If the recent reports from security experts is to be believed, the hacks in year 2014 were just a trailer and the big picture is yet to unfold. 
 
Smart Appliances Will Feel The Heat
At CES 2015, big players like Samsung, LG and Panasonic showcased their next generation smart televisions which run on Android KitKat OS. 
 
Pretty soon, we will be witnessing Android based cameras and several other appliances like printers, home monitoring systems etc. become a norm in our day to day life. Many of these smart appliances have access to the Internet and have an IP address attached to them. Says Anthony Giandomenico, Senior Security Strategist, Fortinet, "these devices are more vulnerable to attacks because in the early stage of development, the vendors do not focus on security because of the cost factor. Also the embedded operating systems they use are old and usually not patched on a regular basis."
 
So how do attackers do it? Well, they basically scan the Internet looking for these types of devices which are often neglected component in network security defenses. With the increasing complexity, internet connection, random access memory (RAM), integrated disk drives, and multi-functionality, these IoT devices are vulnerable when it comes to security. They can create a channel which is not inspected by the firewall.
 
"A daunting fact about IoT devices is that the vendors do not have a good product security response team to release a patch if and when a vulnerability is discovered. IoTs is presently in a stage where personal computers were over a decade ago," adds Anthony.
 
Ransomware Attacks To Become Prominent
While the act of encrypting sensitive data and asking large sum of money in order to provide the crypto key was not so prominent until now, 2015 will see a multifold increase in such attacks. 
 
"Ransomware continues to make waves, especially with the rise of file-encrypting ransomware like CryptoLocker. However, we are seeing yet another alarming development for this malware: it is now targeting mobile devices," says Dhanya Thakkar, Managing Director, India & SEA, Trend Micro.
 
In May last year, it was reported that this mobile ransomware was the product of the Reveton gang. Reveton was one of the many cybercrime groups that spread police ransomware, which hit Europe and US and then spread to the other parts of the globe.
 
Best Practices For Enterprises
  • Address the vulnerabilities associated with IoT in early stages of a product cycle
  • Formulate a good incident response processe in order to mitigate the threats as soon as they hit the network
  • Educate employees and provide guidance on information protection, including company policies and procedures
  • Strengthen security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures

Digital Trouble For Retail
iPhone 6 was released with Apple's digital payment system, the Apple Pay. The past few months have witnessed the expansion of this service out of US. Google Wallet too has been making inroads in various markets and offers alternate payment mode to the users. It is not just international names but Indian players like Oxigen and Paytm are also offering there digital wallets. All these services will act as a catalyst for the mobile payments to go mainstream pretty soon. The problem is that all these wallets require credit card information in order to make purchase or transfer money. 
 
"As the retail sector escalates their defenses and security measures such as Chip and PIN technology are mandated, cybercriminals will accelerate the pace of their credit card data theft. In addition, these criminals will begin to seek a broader range of data about victims. These fuller, richer, personal identity dossiers of individual users, consisting of multiple credit cards, regional and geographic data, personal information and behavior, will be increasingly traded in the same manner that stolen credit cards are today," says Surendra Singh, Regional Director, SAARC and India, Websense, India.
 
What About IoT?
A recent report by Gartner says that there will be 4.9 billion connected devices in 2015, up 30 per cent from 2014. This huge number of connected devices will become the focus of security threats. "Obviously there is a search engine that allows people to do an online search for Internet enabled devices, ranging from security cameras, to cars, home heating systems and more. Although the search engine does not reveal vulnerabilities, it makes it easier for IoT devices to be found, which cybercriminals can then target and exploit," says Sanjay Rohatgi, President, Sales, India, Symantec. 
 
Best Practices For Home Internet Users
  • Keep all your operating systems and applications up to date
  • Use separate devices, one for important transactions like online banking and other for 'fun' things like surfing the Internet or playing games. If buying another computer is too expensive you could use Virtual Machine technology (VM)
  • Do not install third party apps from non-certified sources
  • Be vigilant and constantly review bank and credit card statements for irregularities
  • Be cautious when handling unsolicited or unexpected emails and be wary of online offers that seem too good to be true

Healthcare Will Not Be Spared Either
According to the Identity Theft Resource Center, healthcare data accounted for 43 per cent of major data breaches which were reported last year. Healthcare records hold a treasure trove of data that is valuable to an attacker. No other single type of record contains as much Personally Identifiable Information (PII) that can be used in a multitude of different follow-up attacks and various types of fraud. PII comprises both financial and personal information which can lead to financial exploitation and identity theft.
 
Says Dhanya, "this is a low-risk, high-reward endeavour. Attackers use multiple ports, leverage multiple protocols and often craft malware to evade traditional filters. Most cybercriminals can now find all they need to launch such a raid on the underground forums where tools and services are traded. To respond, hospital administrators and healthcare IT workers need more than AV, firewall and IDS/IPS."
 
The predictions and research by various companies do paint a grim picture but then there are always two sides of a coin. A wise thing to do is to embrace and master the new technology so that one could minimise the damage that the bad guys are quite adamant at.