Commentary

Vulnerabilities Through Voice Search, Chat Bots, And IoT Devices Require Greater Focus

Voice search has become an amazing tool. Data supports the advancements -- not just in search engines like Bing and Google, but Internet-connected devices such as Amazon Echo. Alexa, Amazon's virtual assistant in Echo that allows users to schedule calendar events and call for services like Uber. Yet with all this positive innovation, major risk points to a future with malware and cybercrime becoming more prevalent than physical crimes.

As consumers and even advertisers begin to rethink their attitudes toward Internet-connected devices and take a more positive view, these connected devices -- from cars to coffeemakers -- present infinite ways for cybercriminals to disrupt our daily lives. In a report, authors James Scott, senior fellow at the Institute for Critical Infrastructure Technology, and Drew Spaniel, ICIT visiting scholar at Carnegie Mellon University, say it remains conceivable that malware and ransomware will eventually target IoT devices and become more prevalent than physical crimes.

Voice technology, cameras, or any open point of contact in a device creates a passage for thieves. Through these unsecured connections, malware and ransomware could become the next major type of burglary crime, and with IoT it comes increasingly easy to attack a home or an office similar to the way adversaries might attack a large-scale bank or healthcare network. 

"A traditional burglary begins with an attacker observing your home from the outside and gleaning what information they can about the defenses, your activities, and the value of the contents in the home," according to the researchers. "In many cases, context clues, such as mail stacked up in the mailbox, can be employed against you and used to predict a vulnerability in your security; in this case, that the house is currently unoccupied."

While the attacker physically moves in to steal valuable possessions, these online attacks through IoT devices will not require an invader to physically enter the home or office.

American cyber culture is still lacking in the basics necessary to preclude the cyber-incidents that result from human error. Information about emerging threats or compromised networks is neither shared to benefit communities.

The report's authors define ransomware as a form of malware that can use five encrypted specific files or file types on a victim's machine without the effort and technical knowledge to infiltrate and exfiltrate a system. Most spread through malicious links in spear-phishing emails or through drive-by-downloads and advertisements, but some recent versions of the malware such as the Samsam ransomware used in the Medstar Healthcare attacks, were deployed without the victim interacting with any content on a Web site page.

Scott and Spaniel call on the security industry to create a method to create tighter connection points into the home, offices and other types of devices like cars. Companies offering cloud services and manufacturers will need to rethink Internet connections and protect users.

Next story loading loading..