From the Blogosphere
Hacking and the Internet of Things | @ThingsExpo #IoT #M2M #API #RTC #InternetOfThings
Medical devices are just one of many examples of how the Internet of Things is changing the game
By: Ed Featherston
Sep. 22, 2015 03:45 PM
Hacking and the Internet of Things - It's Not Just About the Data
‘FDA tells hospitals to stop using a pump that is vulnerable to hackers.'.This headline was all over the internet and news this weekend, with the pump in question being a medical infusion pump that automatically administers dosages of medication to patients in a hospital. A vulnerability was identified that would give ‘hackers the ability to access the pump remotely through a hospital's network,' according to the FDA. A hacker would be able to take remote control of the device and change the dosage of medication being administered. As part of the reporting, many of the cable news shows started showing a clip from the Showtime TV show Homeland. In the episode, terrorists hack into the Vice President's pacemaker, force his heart rate to increase, and effectively assassinate him via remote control.
My wife and I had recently seen that episode while binge watching the show (yes, I know it's been on four seasons already, we are a little behind). That particular episode had hit a little close to home. In the spirit of full disclosure, I have a pacemaker which I discussed this last year in an article on Information Week ‘Internet of Things - It's All About the Ecosystem'. As we watched the episode, my wife had turned to me then and asked, "That can't really happen, can it?" At a personal level, fortunately not, as my particular device is ‘old technology' and does not connect to a network. However, I did explain that newer medical devices, being fully functioning members of the Internet of Things universe, are a different story.
It's not just about the data anymore
Medical devices are not the only Internet of Things devices making news about this potential risk. Some recent examples include:
No, the sky is not falling
As technologists, we need to look at security from a different perspective. We have to think about the potential hackers differently. In the old paradigm, it was protect the data, protect the boundaries of the data centers. That is still valid and needs to be done. In addition, we need to look at protecting the individual device and its functions. Hackers may no longer just target a single point to get lots of data. They may target lots of devices just to get access to individual points. Why? Motives could be many, ranging from non-malicious ‘proving they can' types of attacks, to malicious intent to cause harm. When designing and implementing security on these devices, we must look at it through both lens.
Users also need to be educated in the proper use of the devices they have. Last year for example, there was a website that made national news. They linked to over 73,000 security webcams worldwide. How were they able to do that? Each one of the cameras were still running with the default username/password they were shipped with. They effectively left the car parked, unlocked, with the keys in the ignition.
No technology negates the need for good planning and design
This post is brought to you by The CIO Agenda.
KPMG LLP is a Delaware limited liability partnership and is the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International. The views and opinions expressed herein are those of the authors and do not necessarily represent the views and opinions of KPMG LLP.
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week