I guess you are wondering why I have said that internet hacking is getting worse every day. It is plain and simple actually. More and more computer hardware and code are being embedded on devices that we use on a daily basis. This makes everything a target for hacking. Manufacturers and law-makers are not addressing the issue or failed to ignore it altogether. This integration will affect our lives and not just the data being transmitted over it. Stricter policies must be implemented. Security needs to be set in place since this is growing exponentially.
In the security sector’s standpoint, computers are insecure because most buyers do not want to pay extra for security features to be embedded in the products they buy. Manufacturer do not spend their own money to develop new security measures and protocols, thus leaving the computers with vulnerabilities that are easily penetrated. There has been no major breakthrough or developments in the last few years to make computing more secure. What I mean by this is that no IPV4, IPV6, HTTP, HTTPS or other new protocols have been developed lately to make the internet more secure. Imagine if there are stricter protocols, policies, procedures and rules over the internet, it will narrow down hacking.
The reason this is not happening is because people are being lenient since they think nobody dies when data gets stolen. No matter how bad hacking gets, it is cheaper to ignore it and move on rather than developing an iron-clad way to fix the problems.
Globally, people are using more and more technology driven devices, running microchips and microcomputers, some run on mini or micro computers with actual operating systems. Take the iPhone or Android mobile phones as an example. Apart from that, newer appliances or gadgets have computers in them nowadays. Refrigerators now have computers in them and even cars have computers in them that control the engine, brakes, audio, GPS and a lot more. Even airplanes have them since manual/mechanical switches have been replaced by computerized systems. Security cameras and alarms are now connected over the internet too. Even in every day life, computers control the traffic lights and emergency services. Hospitals equipment nowadays are computer controlled to dispense and administer drugs into the bloodstream of a patient and a whole lot more.
This inter-connectivity is called Internet of Things. One way or another, there is a connection that can be compromised, may it be short range via Bluetooth, WiFi, long range via a wired connection and other options. Bottom line is, it connects somehow to the internet. Even the latest robotic vacuum cleaners are not safe since there has been a news article which says that this robotic vacuum cleaner has vulnerabilities that can be exploited to use its onboard camera and microphone to spy on people.
Here is the scary part. If someone wanted to spread panic and chaos, one of the worst things they can do is to hijack and control hospital equipment and play God on who to gets to live or die. Another scenario is if a car can be controlled remotely, and make all the same make and model or even cars that have the same type of computers installed in them to run at the same time. They can even sabotage power grids, telecommunications towers too.
Vulnerabilities are found on a daily basis and patching has been an option for years. It may not apply to smaller companies that manufacture cheap devices. Take the DVR’s as an example. There’s a lot of them in the market but not all of them have security teams that develop security patches and updates. Worst case scenario is that you end up junking the compromised one and buying a newer and more secure one. Even for pricier ones, security patches sometimes fail.
If this was your car, would you drive it if you knew it has a vulnerability and needs a security patch? Of course not, you would wait for the patch that has been tested before you use it right? How would you react if there is truth to government-placed vulnerabilities in computers and software from Russia and China? But supply chain security is about more than where the suspect company is located: we need to be concerned about where the chips are made, where the software is written, who the programmers are, and everything else
There was a report from Bloomberg that China inserted an eavesdropping chip into hardware made for huge companies and corporations. Although major tech companies denies the accuracy of the report it is still a huge security risk. Everyone involved in the manufacturing and distribution of computers including the operating systems must be trust-worthy and must uphold the security of computers as their utmost priority since everybody uses it and it might be a matter of national security if they look the other way.
Buyers cannot distinguish which is secure or not. It mostly depends on what buyers can see and what buyers believe. Criminal courts traditionally have not held software manufacturers liable for the vulnerabilities and even the hardware giants. Which comes back to my main point manufacturers do not invest much on security, but rather focus their attention on which product sells the most.
Standards, protocols, procedures and guidelines must be put in place to make sure products will not in any way harm others. This needs to be done on a global scale and standardized. So far, only California enacted a law that wherein which Internet of Things security law prohibits default passwords. Much more is needed in terms of legislation and implementation.
Nobody has made standards for different industries like medical equipment, automobiles, consumer goods, critical infrastructures and many more. There should be different implemented frameworks for all of them, but nobody cared to bother.
There should also be consequences for companies that have bad security on their devices. Someone has to be liable for the consequences. Companies should be accountable for their products and services for security breaches and damages. “Traditionally, United States courts have declined to enforce liabilities for software vulnerabilities, and those affected by data breaches have been unable to prove specific harm. Here, we need statutory damages — harms spelled out in the law that don’t require any further proof.”
Everything must have a different level of security that needs to be ramped up. May it be cars, airplanes, consumer goods, food, medical devices, pharmaceuticals, offices, financial institutions all need government regulation for it to become safe and secure.
People will be the determining factor in all of these. If they are willing to spend time and spend money to do what is right; together with people who are determined to draft, ratify and enact laws that puts consumers security first, we would have a safer internet experience. The internet keeps on evolving day by day, and we do not have to wait until some giant tech company gets hacked before we get alarmed and make a move.
