Cesare Garlati believes that hackers could instead “use connected devices as a gateway to users’ critical information” because they “sit at the edge of the home network.”
Garlati was responding to a recent report from The Institute for Critical Infrastructure and Technology (ICIT). In ‘Combatting the Ransomware Blitzkreig’ James Scott and Drew Spaniel argue that “it is not inconceivable that malware, and ransomware in particular, will eventually target IoT devices.”
The authors also raise the nightmare scenario of someone having to pay to remove ransomware from a pacemaker that would otherwise drain the battery.
But Garlati, who is also co-chair of the Mobile Working Group at Cloud Security Alliance, said the report failed to recognise that many IoT devices don’t carry the thing ransomware targets: data. Not that this is a cause for complacency, he insists.
“prpl agrees that connected devices represent a major threat to consumers and the public at large due to poor or non existent security in place to help protect them,” says Garlati. Ransomware, however, is traditionally used for criminals to prevent users from accessing important data or files. This is an important distinction to make, as connected devices generally do not store any valuable information or personal content.
“Having said that, they do make up critical devices, such as the home router – and while there is no information to encrypt, it does sit at the edge of the home network and in that way it will be attractive to attackers who may be able to penetrate it to pursue the home network. The distinction here is between actually placing ransomware on a connected device, which is unlikely since connected devices themselves tend not to contain data, or using that connected device as a gateway to users’ critical information, which is more likely.”
Garlati suggests that manufacturers could reduce the risk at the chip or hardware level and that manufacturing devices that are “always connected” via the internet is unnecessary and exposes customers to data theft.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
