US lawmakers seek expert advice on dangers of IoT, smartphones

US Congress met Tuesday to hear from a panel of cyber security experts about the dangers posed by the spread of Internet of Things (IoT) devices and smartphones.

Lawmakers expressed deep concern about cyber threats targeting mobile devices, The Hill reports, including the expanding attack surface generated by the ecosystem of Internet-connected devices – the appliances, wearables, and other products that talk to each other and the web, making up what is known as the IoT.

The biggest fear, though, comes from mobile devices, according to Kiersten Todt, who served as executive director on former US President Obama’s cybersecurity commission.

“Mobile devices are an attack vector that cannot be ignored, and they are increasingly targeted for access to sensitive information or financial gain,” Todt said. “But, mobility should not be at odds with security.”

Rep. Debbie Dingell said mobile devices are increasingly under threat by the most lucrative and prolific member of the malware family – ransomware.

“It’s happening now and in the near future. People are going to be locked out of their phones,” Dingell said. “We’re going to see this high level and we’ve got to pay attention to it.”

As many BOX blog readers know, ransomware is a relatively new form of malware capable of encrypting user data – essentially freezing one’s digital contents. The hacker offers the decryption key in exchange for a ransom. It is extremely profitable for cyber criminals, and hackers are showing no signs of slowing down, as the WannaCry episode in May proved.

In the wake of October’s DDoS attack against web service provider Dyn, Congress fears hackers could grab hold of armies of IoT devices again. As such, congressmen are asking experts for solutions.

National Security and Technology Professor Charles Clancy took the baton to explain that securing IoT devices is a Herculean feat, because the diversity in technologies used to create them makes them that much harder to secure. That, and they are already being produced on a massive scale with no built-in security mechanisms.

“The threats to an internet-connected home appliance are very different than the threats to an internet-connected nuclear reactor and the technologies are very different,” he said.

Bitdefender has long expected the security threats associated with the IoT, seeing how vendors flood the market with Internet-capable hardware lacking any serious malware protection. Because of that, we built the Bitdefender BOX, a network security appliance that secures even devices lacking the most basic of security mechanisms.

At a national level, a holistic approach is needed, which is why Congress hopes the federal government and the private sector will soon begin to work together on developing recommendations for IoT security. A good starting point, according to those present at the meeting, is the optional cybersecurity framework developed by the National Institute of Standards and Technology (NIST).