65 FUTURE SHOCK IOT Security
human rights.” Matisse Bustos-Hawkes is associate director of communications and engagement at Witness. “Live streaming is something that we’ve seen activists return to again and again with some enthusiasm,” she says, “and we have concerns about information being transmitted – where a particularly vulnerable person may be, for instance. We’re thinking about the way to enable people with the skills to shoot better video, or just be simply more watchable. But we’re also concerned with people acting in the interests of their own security. The obvious plus sides of being able to reach a lot of people with their message, may obscure the risks they’re exposing themselves to.” So our increasing number of IOT tools are at risk of becoming part of an attack network, or of betraying the user to Big Brother. Is there any solution? Stiennon starts with the basics. “Especially for high-end devices, you need to update them frequently, patch them, make sure the passwords aren’t the default. Make it long, uncrackable, write it down and put it on a piece of paper in your wallet. The hackers are going to be remote. If they steal your wallet, you have bigger problems.”
CELLPHONE NETWORKS ARE FAMOUSLY INSECURE. USING THE CELLPHONE NETWORK AS A DELIVERY VEHICLE FOR THIS CONTENT IS A SCARY THING
In the end, though, there’s a feeling of inevitability. “Everyone’s going to get hacked and they’ll fix their stuff, and they’ll pay back the security debt that they incurred from being networked and on the internet.” Witness’s Bustos-Hawkes says that the organisation has been ringing the alarm about why encryption is important and why security protocols matter. “But manufacturers haven’t been very responsive about it. I understand you can’t commandeer the roadmap for a product just because journalists need to be protected, but perhaps people should be pushing back from an intellectual property perspective. What would it mean if a camera broadcasting a sports event had its feed commandeered and broadcast on a channel that didn’t have the rights?”
A manufacturer might bring in a consulting company to attack a new device with the idea of uncovering its weak points, an approach called penetration testing, or pentesting. Stiennon suggests a budget of $100,000 (£77,500) for pentesting – a bargain, when you consider Rutgers University’s spend of three times that on emergency measures to mitigate Mirai attacks. “An alternative that a company might turn to is to offer a bug bounty, crowdsourcing your security. The danger there is you draw attention to yourself from hacker types who might want to get paid in Bitcoin. They might decide that the vulnerabilities they find are more valuable on the open market.” The Mirai botnet was tracked down to three young American computer hackers, Paras Jha, Josiah White and Dalton Norman. They were sentenced to 2,500 hours of community service and ordered to pay $127,000 (£98,400) in restitution, a pretty light sentence for stealing hundreds of thousands of business hours. The three are also required to cooperate with the FBI and other law enforcement agencies in other cybercrime investigations, and cybersecurity research. To be clear, FEED knows of no evidence of inherent vulnerabilities in any specific video devices or brands. We did approach several prominent companies making network-enabled film and television production devices for inclusion in this article. At the time of writing, one had not substantively responded, and all the others expressly declined to comment.
VIRUS HACKED DDoS
TROJAN
SECURE FUTURE? Not just personal safety, but perhaps of more concern to corporate entities: the integrity of intellectual property rights
feedzine feed.zine feedmagazine.tv
Powered by FlippingBook