National Cyber Security Awareness Month provides an opportunity to explore emerging fields in information security. Perhaps none is as overlooked as the rapid emergence of network-enabled smart devices, what researchers call the Internet of Things.
We’re used to thinking about applications on computers, but we are increasingly surrounded by networked devices: voice-activated assistants, smart appliances, Wi-Fi cameras, video doorbells and more. These electronics are the new forefront in cyber security.
Giovanni Vigna focuses on this new frontier. “There is concern that there are a lot of hidden vulnerabilities in these devices,” he said. Vigna, a professor of computer science at UC Santa Barbara, serves as director of the campus’s Center for Cybersecurity and co-director of the Security Lab.
Manufacturers optimize networked electronics for ease of use, and that sometimes comes at the cost of eliminating security features. “Convenience versus security: this has been a tradeoff since the beginning of computing,” Vigna said.
What’s more, if you want your phone to communicate with your bathroom scale, your watch and your thermostat, you have to resort to the lowest common denominator between all the devices, he explained.
“A lot of people think that we can take current security analysis and, with little effort, repurpose it for smart devices. After all, it’s still code,” Vigna said. “But the vast majority cannot be simply repurposed.”
For instance, unlike applications such as Microsoft Word, these programs don’t live in a convenient folder on a hard drive that security experts can access. These gadgets use a variety of different architectures and bespoke hardware. Just extracting the source code is a challenge, Vigna said, let alone analyzing it.
“You actually need new approaches to be able to take this wide variety of targets and execute them and analyze their security,” Vigna explained.