insecure by design‘ with fixed or difficult to change settings and the Mirai malware dramatically showed how these devices could be enslaved into a botnet to distribute spam or knock sites off the internet via DDoS attacks.
We see three major issues when it comes to IoT security: privacy, ransomware, and blackmail. As a direct threat, we expect to see ransomware adapted for smart devices, potentially bricking the device – or the home – until a ransom is paid. Secondly, this flood of unencrypted data from smart homes will be captured and misused in a blackmail scenario.
2018 is the year of GDPR, the EU attempt to place privacy control and awareness back into the hands of the individual. Yes, this raises the privacy bar by increasing awareness, but the bar remains too low, as the nature of the internet and its “globalness” will render these laws largely insufficient and useless. While GDPR will cause costs and potentially result in an array of legal cases for high-profile companies, the larger group of individual app developers, web-site owners, and other businesses will continue to consciously – as well as unconsciously – act inappropriately and disregard basic data privacy.
Protecting the individuals’ privacy requires a combination of services, which enable the user (in a way that is easy to understand) to be aware of, and define, the definition of privacy they consider relevant.
The world is going through a massive evolution, as nation states become less powerful and global corporate brands (Apple, Facebook, Google, Amazon & Microsoft) become more powerful. Virtual currency reduces both the influence of a government and their central banks (which are all interested in the economic well-being of their individual countries). While early in its development, cryptocurrencies can be seen as an attack on the nation state. Altogether, traditional nation states are losing power because of these newcomers. This fear of losing power is causing a backlash of laws and protectionist initiatives across various areas; net neutrality, regional sourcing, data privacy, etc.
Overall, as a society and as individual, we are benefiting greatly from these new technologies and services. We can do things faster, better, and cheaper than ever before. At Avira, our goal is to help people best profit from these developments, while ensuring their security baseline continues to improve. To fulfill that promise, we have expanded our portfolio to not only detect and delete malicious threats, but also to prevent unwanted events from happening in both the traditional world of devices as well as within the smart-home.
In late 2017, we launched Avira SafeThings™, our security platform for the IoT. It automatically secures connected devices in the home, thanks to its machine learning and artificial intelligence expertise. SafeThings™ is delivered to the home via the router or the internet service providers, freeing users from the need to be the information security officers for their smart devices.
You can download the SafeThings whitepaper for free.
This article first appeared on blog.avira.com on 18 January 2018