The cybersecurity world was rocked this week by the news of another round of released documents from the international non-profit WikiLeaks, an organization notorious for release of sensitive and oftentimes top secret government documents and information. This latest round of leaks, dubbed “Vault 7”, highlighted the continued vulnerability of devices within the Internet of Things (IoT) to acts of hacking and espionage. Read on as we detail what the information from this latest round of leaks means for the future of cybersecurity and the IoT.
The leaked documents in question, known simply as “Vault 7,” are claimed by WikiLeaks to represent internal memos and directives of the Central Intelligence Agency (CIA). The files themselves contain detailed information about how the agency allegedly targeted individuals through malware and physical hacking on devices including mobile phones, computers and televisions.
Specifically, the Vault 7 documents detail a top secret project known simply as “Weeping Angel”. That project, according to the documents’ claims, involved malware that could allow the agency to listen to targets through Samsung smart televisions, even while the set was in a “fake off” mode.
Beyond televisions, the documents also claim the CIA studied and possibly used code from Hacking Team, a notorious spyware manufacturer, to remotely access other IoT devices as well. However, some security experts would argue that much of that malware could be easily detected by easily available antivirus software on your phone or computer.
Nevertheless, the documents underscore the true insecurity of IoT devices.
While no individual or business can completely immunize themselves from malicious cyber attack (the CIA included), they can take steps to better protect themselves and their sensitive data. According to InformationWeek, these prudent steps include:
The Federal Trade Commission advises that businesses conduct a privacy risk assessment of IoT products and services, minimizing the amount of data that’s collected and stored. It’s also wise to craft and implement a plan and conducting regular security assessments before any product or service is launched.
Know Your Code
For mobile or hosted applications, make sure you implement SSL properly, so data can’t be intercepted, and make sure data stored on-device is secured by something more than obscurity.
Enforce strong passwords. Design accounts that will lock after too many failed login attempts. The implementation of two-factor authentication is a tried and true method to increase login security.
Give yourself some peace of mind by backing up any and all data to a separate or third party location. Be it on premises or cloud storage, having copies of your files and sensitive information handy acts as an excellent and inexpensive insurance policy for your business.
If you’re concerned about the security of the IoT devices utilized by your business or office, partnering with an experienced managed services provider can be an excellent way to help ensure that your security concerns are addressed quickly and correctly. From increasing network security and hosting applications to designing a disaster recovery plan and backing up your sensitive data, the services provided by the experts at MDL Technology can be an ideal and effective means to bolstering any business’ cybersecurity efforts.