Virtualization Technology News and Information
Armis 2020 Predictions: Predictions From Renowned IoT Security Researcher

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Ben Seri, VP of Research at Armis

Predictions From Renowned IoT Security Researcher

The year may be coming to a close, but the proliferation of IoT devices over the past decade means new opportunities for hackers are only beginning. IoT security is getting some much-needed scrutiny as we're seeing a wave of new risks -- from low-hanging vulnerabilities to corporate espionage -- and in 2020, enterprises will have to take note.

It is estimated that there will soon be over 25 billion connected devices globally -- deployed everywhere from healthcare to the manufacturing floor  -- giving adversaries a greater variety targets than ever.

Here are my predictions for the IoT security landscape in 2020 and beyond.

IoT for corporate espionage goes public

The sheer volume of IoT devices tapped into enterprise networks creates a tempting attack vector for attackers, and all industries are exposed to some degree. However, 2020 will be the year where this increased risk plays out in a novel way: corporate espionage. Because corporations lack visibility into the connected devices in their network, they are unprepared to ferret out snoops who gained undetected access through IoT security flaws.

For example, Microsoft recently spotted Strontium attempting to compromise popular IoT devices across multiple customer locations by using VOIP phones, an office printer and a video decoder as an entry point into their targets' internal networks. Once in, they scanned for other vulnerable systems to expand this initial foothold and moved laterally. I expect that this is only a prologue to a huge influx of corporate espionage attacks.

Hardware and chip manufacturers will offer IoT bug bounties

Hardware manufacturers are beginning to understand the valuable role the research community plays in developing secure devices. In 2020, we'll see increased dialogue between hardware vendors and the security community and more bug bounty programs as part of an effort to speed up the process of vulnerability discovery and mitigation.

Bug bounty programs can help vendors find and fix bugs faster than they could on their own, which reduces the change hackers will exploit them. It's difficult to attack Windows devices today because of the rigorous process Microsoft went through. 

2020 will be the year that APT hits IoT

In 2020, APT attacks will start leveraging insecure IoT environments. There's a history here -- in April, Microsoft spotted Russian state hackers attacking their customers through IoT devices like VOIP phones, office printers, and video decoders.  As more victims publicly acknowledge these attacks, the industry will be able to better spot and block foreign adversary attacks exploiting IoT for advanced persistent attacks.

Attackers will favor low hanging IoT attacks instead of complicated cryptographic attacks like KRACK or Meltdown 

IoT-based attacks will continue to prove more popular and successful than more complicated cryptographic attacks. While threat research may reveal new vulnerabilities, in reality, the time and effort required to crack highly-secure networks doesn't add up when IoT promises a simpler -- and often unprotected -- vector of attack. Researchers will continue to hunt for cryptographic attacks, but we won't see them in the wild.


About the Author

Ben Seri 

Ben Seri is the VP of Research at Armis, responsible for vulnerability research and reverse engineering. His main interest is exploring the uncharted territories of a variety of wireless protocols to detect unknown anomalies. Prior to Armis, Ben spent almost a decade in the Israeli Defense Forces Intelligence as a researcher and security engineer. In his free time Ben enjoys composing and playing as many instruments as the wireless protocols he's researching.

Published Friday, January 10, 2020 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>