According to Wired, researchers are studying the Internet of Things (IoT) threat-scanning tool belonging to security company Red Balloon, to see how it performs on the building control systems of Plum Island Animal Disease Center. If the tool performs well, the project could provide “a critical tool in the fight against vulnerabilities in embedded industrial systems and critical infrastructure,” such as networks.
Red Balloon’s tool searches or “mines” for “n-days” in IoT devices – vulnerabilities that have not yet been detected in certain products. The research supporting this tool is helping to automate the process of developing the code that would show vulnerabilities, as well as pinpoint evidence that attackers might use these techniques to hack into the system. If the research pans out and the tool works, it will speed up the process of identifying and patching holes quickly, and sway hackers from putting in the effort to commit a digital break in.
The project on Red Balloon stems from the growing “sorry state of IoT security,” Wired says. Many common household items, such as T.Vs, routers and electric toothbrushes crunch data and gain internet connectivity. However, these devices aren’t built with a plan for how to patch vulnerabilities once they are discovered by hackers. Making matters more difficult is that many devices are “black boxes full of unknown hardware components and proprietary software implementations,” which complicates bug detection.
What decision makers need to know:
While Red Balloon’s work is promising, Wired reports that it’s still not ready, among other research aiming to detect bugs early in IoT products. This means that companies and institutions need to be aware of the risks and vulnerabilities that might live in their own networks, and stay on top of cyber security policies and procedures. There is already a “real security crises, most recently Krack, which left basically every connected device exposed,” Wired says. Being able to stay ahead of hacking trends – phishing, viruses, etc. – can help companies and institutions stay out of hot water, and keep data protected. Patching security holes after a data breach might help restore some security, but are often too late, and result in crucial damage in data and employees’ security.