McAfee Labs, part of Intel Security, has released its 2015 Threat Predictions report, with security related analysis and forecasts for the coming year. Like the saying, “meet the new boss, same as the old boss,” before reading these security reports you know it will say that there will be more malware, more attacks and generally more doom and gloom. While it is true that McAfee’s new report does say that, there are some very interesting insights into what 2015 could bring.
One area that will see a rapid increase in attacks is the Internet of Things. Attacks will increase rapidly due to the predicted fast growth in the number of connected objects, many of which will have poor levels of security. The sheer number and diversity of IoT devices is growing exponentially. Connected devices are appearing in our homes and in our cars. There are even IoT enabled light bulbs. But these present a real danger.
The BBC recently published an article about a website dedicated to streaming live feeds of hacked baby monitors and webcams.
At a white-hat hackers conference in 2013, researchers demonstrated how easily some Internet-connected security cameras can be hacked. Once breached the hackers can steal the video feed from the camera and gain entry to the camera’s network. During 2014 there have been several cases of attackers who have hijacked baby monitors and spied-on or even screamed at babies in their bedrooms. The BBC recently published an article about a website dedicated to streaming live feeds of hacked baby monitors and webcams. This is both creepy and disturbing. The site has 4,591 cameras listed in the US, 2,059 in France and 1,576 in the Netherlands.
As more devices become connected rogue sites will start to appear streaming all kinds of data from all types of IoT devices. The problem is that IoT devices themselves are not often built with security as a basic design goal. Instead the cost and ease-of-use are often the primary design principles, security and privacy are often neglected. The rapid growth in the number of IoT devices coupled with the lack of robust security represents a real threat to the privacy and security of both individuals and companies.
Another area which will continue to be a battlefield is privacy. 2014 has already highlighted the challenges and problems of individual privacy in the digital era. This will continue well into 2015, and probably further. If data privacy is defined as “the fair and authorized processing of personally identifiable information,” then the questions arise, what is “fair” and who is “authorized.”
Fair is basically a subjective term, what I deem as unfair access to my data, a nation state or an employer might see as fair. And who is authorized? Many of us have committed a lot of our personally identifiable data to companies like Google. All our emails are there, our files in cloud storage, our photos, the list goes on. But who has access to that data other than myself? Also, sometimes the data collected by various apps and services (especially advertisers) is referred anonymous data or anonymized data. The latter meaning that all the personally identifiable information from data has been removed. However, there is lots of research that shows tat anonymous data isn’t really anonymous data.
The problem will be that the general populace might not agree with those definitions.
As the debate continues, different countries will start to create and/or modify legislation to define what is fair access and who has authorization. The problem will be that the general populace might not agree with those definitions.
Looking at smartphones and tablets specifically, McAfee predicts that we will see more attacks against mobile devices. That in itself isn’t shocking, but the reason given is not just because there are more mobile devices and so more opportunity for attacks, but rather that there is a growing availability of malware-generation kits and malware source code that target mobile devices. This lowers entry barrier for cyber-criminals to target mobile devices.
The continued use of third party stores, or direct app download websites will ensure that hackers have a way to spread their malware.
The Google Play store and the various built-in security features of Android will continue to protect users who only use trusted app stores, but the continued use of third party stores, or direct app download websites will ensure that hackers have a way to spread their malware.
More malware, yes. More big data breaches like the recent Sony hack, yes. More scams and schemes to defraud honest users of their money, yes. We all knew that, but watch out for IoT, you don’t know who might have hacked one of your connected devices.