IoT Hackers Await Their Killer App

The next year will see the continued blurring of lines between the worlds of IT security and what we’ve come to think of as the ‘rest of our lives.’ But those who expect to see a large shift in malicious activity to the Internet of Things in 2014 will be disappointed.

Smart Strip
More devices are being connected to the Internet, but that will not necessarily translate into attacks and malicious activity, according to Trend Micro.

 

That, according to a report from the security firm Trend Micro, which argues that Internet of Things malware and attacks are still a ways off – as cyber criminals await a “killer app” that will boost adoption and provide a common platform to attack.

The prediction is part of “Blurring Boundaries,” a 2014 outlook report from Trend that argues IoT threats are mostly future-tech.

“While we certainly think that attacks on IoT devices and the underlying architecture will be a major area of attack in the future, that future will not be until 2015 and beyond” writes Robert McArdle, a Senior Threat Researcher at Trend.

Internet of Things devices need a “killer app” like Adobe’s Reader or Microsoft Windows to go ‘mainstream’ – spurring adoption in numbers that are sufficient to attract attention from cyber criminals, McArdle argues. So far, there are no contenders for that crown.

“There are many innovative devices, but no massive breakthroughs. Google Glass (or something like it) may be the closest to finding its “killer app”, but even then it will take time to become fully mainstream. It’s only at that point – when there’s a critical mass of users that can be targeted – that it makes sense for criminals to go after it,” he writes. 

More likely are targeted attacks on high-profile Internet connected devices. Trend notes recent attacks on ships using the AIS (Automated Identification Systems) technology for collision avoidance. In October, another Trend threat researcher, Marco Balduzzi, demonstrated a man-in-the-middle attack against AIS systems that allowed he and a colleague were able to take over AIS communications and tamper with AIS tracking sites.

Comments are closed.