“Good security for the Internet-of-things come only after a second Stuxnet ‘




Before proper security is for the Internet-of-things an event is again required people awakens, such as the Stuxnet affair. That says Mikko Hyppönen, chief research officer at security company F-Secure, in an interview with Tweakers.

Mikko Hypponen “Bruce Schneier is right, as he has quite often. It is a very intelligent man,” Hyppönen answer to the question whether he agrees with the estimate of US security researcher Schneier that humanity is doing a “world-sized web ‘ build. That web is made up of various sensors from various devices that are part of the Internet-or-things and forms as it were a huge robot. This may, at any given time also serve, without human intervention, Schneier writes.

“It’s not there yet, but we’re going in that direction,” Hyppönen says. “It is very inexpensive to provide a device with internet access and as long as it yields a small advantage, for example in the form of analytics, manufacturers will make use of it.” These manufacturers have, the Finnish researcher often only knowledge of product, for example, to ensure that you do not just get a surge of a toaster. “They generally know only a little of safety rather than security,” he explains. “Security is not a selling point for the manufacturers and users often do not realize that the devices are not a target for attackers, but a way for example to get into a network, a vector.”

To get the security of all the devices that make up the Internet-of-things on the agenda, according to Hyppönen need a second catastrophic event like the Stuxnet affair. Stuxnet is a very sophisticated form of malware, most likely by governments designed to sabotage nuclear power plants in Iran. “Like Stuxnet led to better protection of industrial plants, the event will also be with smart devices,” he explains. “For example you can think of a self-spreading worm aimed at the Internet-of-things devices running Linux. That worm would not even have to have a purpose, as long as he appliances unusable, eg by encrypting the content. ” Hyppönen expressed the hope that then developed naturally better security, without much regulation through legislation.

Tweakers also spoke with the investigator about his opinion in the case which plays between Apple and the FBI. “I totally agree with Apple’s attitude. It does everything it can to protect its customers,” he says. “But I also have the FBI them compliment that they phone finally cracked without Apple’s help. That is, after all, how the system should work. The request to cooperate with Apple not so much about providing a master key, but to create something new, namely an evil version of the iOS operating system. ”

Hyppönen also has an idea about how the FBI was able to gain access to the phone. “I talked casual Andrea Barisani of (security, ed.) Inverse Path about that and we came to the conclusion that it probably is a software method and not nand mirroring, as is generally thought. Indeed, there was even remote code execution possible in iOS 9.2 and in this case it could go a similar vulnerability. ” That could also explain why the FBI recently assistance offered by cracking an iPhone 6 in another case.

Finally light Hyppönen a glimpse of his long-term research at F-Secure on. “Many vulnerabilities result from bugs and bugs are the result of human error. What if we sometimes could be removed from the program the human factor and software were able to write by software? I have this already conducted a number of experiments. The programs look rolled were bad, but they did it. the day on which a program might as well program as me, is the last day that programmers still work. ”


In: Technology & Gadgets Asked By: [16044 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »