Stephen Cobb from ESET wrote a blog post last week discussing the security of today’s computer-driven vehicles and the threat of malware infection. Cobb specifically talks about what is called jackware, which he described as:
malicious software that seeks to take control of a device, the primary purpose of which is not data processing or digital communications. . . . So think of jackware as a specialized form of ransomware. With regular ransomware, such as Locky and CryptoLocker, the malicious code encrypts documents on your computer and demands a ransom to unlock them. The goal of jackware is to lock up a car or other device until you pay up.
Cobb made a point that I think we need to start talking about more often and that is the insecurity of the Internet of Things (IoT). Actually, Cobb called it the Internet of Insecure Things. It is clear to see why security of these devices has to become a higher priority: a Vodafone study found that more than 75 percent of businesses find IoT is a critical part of their tech infrastructure, but they recognize the risks involved:
Vodafone says that most adopters are cautiously optimistic, focusing on recruitment and training to mitigate risk. Around 30 percent have changed or restricted the initial scope of an IoT project to limit the security risk. . . . Combined, 42 percent of respondents said that they were training staff to improve IoT project security, 41 percent said they were recruiting specialists, 45 percent said they were establishing best practices and staff guidelines, and only 40 percent were working with specialist security providers.
By 2018, the IoT is expected to replace smartphones as a category of our most connected devices, according to the 2016 Ericcson Mobility Report, and we know there is a security problem with IoT. It’s why, Cigital’s Joel Scambray wrote in an article for The Manufacturer, security and data privacy have to be priorities during the development stage for new IoT devices. He went on to state:
Anything connected to the Internet can be discovered and potentially infiltrated by a hacker; software that has not been designed and manufactured to be secure will contain vulnerabilities that can be exploited to gain access to the device.
And this takes me back to Cobb’s blog post. Jackware, which has the potential to be unsafe and life-threatening, depending on how it is used, is currently theoretical. That’s right: There are no known cases out there of jackware. At least not today. But you know that cybercriminals are developing malware that will function like Cobb predicts jackware will function. What are IoT developers doing to address the need for security-first device development to anticipate jackware and other future threats?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.