news.cuna.org/articles/114870-stickley-internet-of-things-poses-big-risks
Jim Stickley

Stickley: Internet of Things poses big risks

‘There are no regulations behind this stuff.’

September 20, 2018

The Internet of Things (IoT) is here to stay.

In fact, there are there are currently eight billion IoT devices on this planet, says security consultant Jim Stickley, with that number expected to rise 20 billion by 2020. By comparison, he says there are roughly one billion personal computers (PC) and eight billion mobile devices active today.

“This market is just getting saturated with devices and clearly it’s not going to stop anytime soon,” Stickley said during his keynote presentation at the co-located CUNA Technology Council and CUNA Operations & Member Experience Council Conferences in San Francisco. “From a hacking standpoint, I can turn PCs, where there’s 1 billion, or mobile devices, with 8 billion. I like my odds a lot better with 20 billion.”

What’s more, many IoT devices are developed with web servers built into them, Stickley says, making them more vulnerable to attack.

Stickley demonstrated to conference attendees how he accessed a bank’s network (as the bank’s client) through a security camera using social engineering and redirect malware.

Stickley says the IoT is dangerous for companies because it exposes so many devices to the network. “As a hacker, I just want to get on the network,” he says. “If I just get on the network, everything will unfold for itself.”

He then showed the audience how he could lure a someone browsing the Internet to a malicious website and capture a network IP address.

“This just opens my eyes to just how big of a risk the Internet of Things can be,” he says.

Stickley says the biggest threat from the IoT isn’t necessarily companies such as Amazon and Google, which sell devices that connect to the Internet, but the endless stream of small companies that sell devices.

“Those devices are only as secure as the companies behind them,” Stickley says. “There are no regulations behind this stuff. It’s just chaos.”

Ultimately, education and awareness are the best defense against these threats, he says because as with most security issues it takes just a single human error to bypass any security system.

He offers three pieces of advice to avoid potential threats:

  1. Keep up with firmware updates.
  2. Never trust phone numbers that pop up on screen. Use only phone number provided by vendors.
  3. Be cautious of website that don’t stop loading.

“You’re going to have these devices on your network, so you’re better off planning for it now, and figuring out ways to segment them,” Stickley says.

Click here for more conference coverage from CUNA News, and get live updates on Twitter via @cumagazine, @CUNA_News, @CUNACouncils, and by using the #TechCouncil and #OMECouncil hashtags. Learn more about the CUNA Councils, a member-led professional society for credit union executives, at cunacouncils.org.