In November 2018, two teenage fans of YouTube star, PewDiePie, carried out the hack of over 100,000 printers, in a bid to promote their social media hero and to highlight the vulnerability of IoT devices. Today, the BBC shared an anonymous interview with the hackers, who reveal how and why they carried out the attack.
This situation has grabbed media headlines around the world but is far from unique in the security industry. It does, however, serve as a wakeup call that if two teenagers can infiltrate business and personal printers on this scale, more copycat hacks are likely to follow. What is even more concerning is the hacker duo’s move to target smart TVs.
While this activity focused on printers and TVs, the reality is that any IoT connected device is open to vulnerability and the cost implications of severe hacks can be crippling to businesses, both financially and to their damaged reputation. Security is our only weapon against these types of hacks, but there is confusion over where the responsibility lies.
Manufacturers must do more to secure their IoT solutions, ensuring protection for all aspects of the application used to run those devices. Whether it’s an office printer, a smart TV or a connected fridge, all IoT devices are potential entry points for attackers. This means if you’ve got a million customers, each customer’s network is an opening to the core server and other customers.
Vendors must consider security in order to protect the privacy of their customers. A web application firewall is one of the most critical protections that IoT vendors need to put in place to protect their servers. But they also need to ramp up projection against network layer attacks and phishing attacks against employees. Cloud security is another crucial layer of defense against IoT hacks.
The PewDiePie hackers have highlighted how easy it is to infiltrate smart devices. Worryingly, the explosion of IoT is outpacing the defence measures that many businesses have in place. The amount of information available on the security posture of the IoT devices we bring into our homes and offices is astonishingly low. Users are at a major disadvantage because, as yet, there is no large, authoritative source of information on how IoT products handle security.
Ideally, we need to get to a situation where security is a primary buying factor among businesses and end users alike, and where IoT products are scored constantly and their security posture is published to all consumers, just like cars with safety ratings.
By Dr. Klaus Gheri
Title: VP & GM Network Security, Barracuda
Security Vendor: Barracuda Networks
