Forensics Foreshadowing: Acknowledge the security issues

By Mark Lanterman
BridgeTower Media Newswires

MINNEAPOLIS, MN - The internet of things requires us to secure all our devices properly. There are four considerations: acknowledging security issues, the huge amount of data involved, privacy and self-protection.

Acknowledge the security issues

Since devices essentially "talk" to each other, security breaches that disrupt the collection and sharing processes often happen. The consequences can be disastrous for individuals and organizations alike, depending on the severity of an attack. Our digital lives pose a number of entry points for potential hackers and therefore the security risks are almost endless; cyberattacks have taken on a whole new dimension as the internet of things becomes more expansive and sophisticated.

With the ever-increasing number and variety of connected devices, there are a corresponding number of potential vulnerabilities for hackers to access, but even one may provide a hacker with the opportunity to cause serious damage.

Since internet-connectivity now extends far beyond our computers, we have to start thinking about the other avenues that a potential attacker might take. Instead of stealing private information from a computer, for example, an attack may come in the form of hijacking a car via its connected media system. While the internet of things allows us to access information that was previously inaccessible, it also provides cybercriminals with access to us. Given the relative newness of the internet of things, it must be recognized that proper security measures have not been fully created or implemented to support it. It is important that everyone recognizes this lapse, not only those within the cybersecurity community.

Recognize the huge amounts of data involved

By just scratching the surface of the internet of things, we are presented with a huge amount of data. Our society is increasingly marked by a particular consumer demand; that is, if something can be connected, it should be. "I want to be able to open my garage door remotely," or "I want my thermostat to send me notifications." These conveniences require data collection and storage.

As a computer forensic analyst, I investigate digital devices to uncover the truth. My analyses normally revolve around computers and cell phones, but as smart devices become more prevalent, I have learned to extract data from devices that didn't even exist when I first started conducting forensic examinations. In fact, I frequently encounter new devices or applications which require an adaptive forensic approach.

The fact is, the technological climate is constantly changing. People are regularly using devices that efficiently track and record personal data. These devices are our record-keepers, and as such, they are invaluable for a number of reasons. Digital data is often called upon as a critical source of evidentiary information both for law enforcement and in court. With the increasing emphasis placed on providing the best resources and protection for victims, information stored on devices is often critical in establishing narratives and identifying perpetrators.

Consider privacy and points of vulnerability

Appliances, cars, toys, medical devices-formerly isolated technologies are now connected through the internet of things. Accordingly, the data these devices contain is now much more vulnerable to attack. Though convenient, this kind of platform greatly diminishes our ability to keep our personal information private. Given how convenient and engrained into our culture the internet of things is, it may seem like a worthwhile tradeoff. However, people are often shocked when I explain how much information is actually being stored on these devices and who may have easy access to it, and how hard it is, if at all possible, to get rid of this data.

When you're considering the internet of things, and your own digital footprint, take into account the possibility that you may be underestimating exactly how "connected" you really are. Even though you may not have rushed to the store to get an Apple Watch or you don't use a smart phone, it is important to recognize that your information in some capacity is being stored digitally by companies and organizations. It is wise to be invested in how your data is being collected and stored. And if you do have a number of connected devices, recognize that each one is a possible point of entry for a hacker. "Smart" devices are able to automatically transfer data over a network-the scope and implications of this kind of sharing are not always fully grasped.

Analyze the potential threat and protect yourself

Once both the positive and negative aspects of interconnectivity are realized, many decide to take on additional security measures to protect themselves. Careless maintenance of devices may lead to compromising the storehouses of information that are so valuable to hackers.

Having a greater and more detailed base of information allows for tailored, and therefore stronger, cyberattacks. For example, by using information you have stored on a fitness tracker, a hacker can create a personalized spear phishing attack. Instead of sending a general, poorly composed, and easy to spot, email requesting your personal information for a fake credit card offer, you'll receive an email that looks like it's been sent from a workout clothing retailer. It becomes much more likely that you will click on a link contained within the email, embedding a virus into your system.

Each device that offers a hacker even one bit of personal information can be used to create stronger, customized attacks. As the devices we connect through the internet of things become more sophisticated, hackers must match this challenge by constructing better attacks on your security and privacy. Social engineering attacks in which a cybercriminal preys upon human, rather than technological, weaknesses are greatly facilitated by the amount of private information we collect and store online.

As a first step to protect yourself from the risks associated with this degree of connectivity while still enjoying the convenience, identify the number and kind of internet-enabled devices you currently utilize. Assessing your level of connectivity is the first step to figuring out your digital security posture and taking measures to ensure that you are prepared. This small step may also inspire you to research how certain vendors use your consumer data. Are companies you trust ensuring that the data they collect is being gathered and stored in a safe way? Is this information shared with other parties?

Knowledge is power and assessing your own degree of risk may lead you to change your security protocol, perhaps starting with your passwords, or even reduce the number of devices you tend to use. Determine what kind of data you want stored about you and recognize that if it's being stored, it may be accessed and used.

To better assess threats to your security and privacy, it is beneficial to subscribe to a security email list or blog to receive updates on current cybersecurity trends. As threats are constantly changing and hacking adapts to our latest technologies, staying informed about the latest warning signs is critical. It is also worthwhile to stay apprised of how the internet of things is being regulated and what measures are being taken to keep it secure on the national and global levels.

Published: Thu, Dec 08, 2016