Fridge attacks “raise big questions” says Microsoft security chief

The emerging ‘internet of things’ raises big security questions, and vulnerabilities in connected devices such as ‘smart’ fridges may force companies to work together in a way never previously seen, according to Microsoft’s Director of Cybersecurity Policy EMEA, Jan Neutze, speaking at CeBIT in Germany this year.

In a wide-ranging keynote speech, reported by V3 Neutze asked, “What happens when somebody attacks your refrigerator? Who’s going to patch your fridge?”
“Is it the energy company that runs your smartgrid, is it the software company, is it the manufacturer of the device? We’re going to have to look at new models of collaboration that have never existed before.”

Neutze said that the sheer amount of data generated by connected devices may pose its own problems, “With autonomous systems comes the question: all this data that’s generated, who owns this data and how is that data controlled? Many of those questions aren’t fully resolved,” he said.

Also at CeBIT, British Prime Minister David Cameron earmarked £45m ($74.8m) for research into the ‘internet of things’, as reported by The Inquirer.
The ‘internet of things’ hit headlines recently after Belkin’s Popular WeMo smart home system was found to have security flaws which could allow attackers to switch off lights in homes remotely, deactivate motion sensors, and even start fires, as reported by We Live Security here.
Veteran security researcher and writer Graham Cluley said this week that producers of ‘connected’ devices need to ensure that security is a major consideration in their design processes. “To produce such devices without paying proper attention to security could backfire when users realize they are leaking personal information,” Cluley said, as reported by Computer Weekly.

Earlier this year, networking giant Cisco has launched a “grand challenge” to invent a security solution for the “internet of things”, as reported by We Live Security here.

Chris Young, senior VP of security at Cisco, said in a blog post, ““We’re connecting more of our world every day through smart, IP-enabled devices ranging from home appliances, healthcare devices, and industrial equipment. … It is, unfortunately, too easy to imagine how these world-changing developments could go terribly wrong when attacked or corrupted by bad actors.”

ZDNet comments that for many businesses, connecting devices is desirable as a way to build up large amounts of data, but that, thus far, security has been weak, saying, “If a cyberattacker is able to break in to one such system, they potentially can harm thousands of people with little effort,” citing the example of connected door locks as a potential risk.”

At this year’s Consumer Electronics Show (CES) in Las Vegas, ‘smart homes’ were clearly a big trend on the show floor – and much debate was ignited about their security.

The normally sober BBC warned, “In the future, it might not just be your smartphone that leaks personal and private data, it might be your smart fridge too.”

But ESET Senior Research Fellow David Harley said in a commentary post at the time, “It may be a little early to worry too much about what your fridge or your medicine cupboard is able to reveal to a hacker about your eating habits and the state of your health,” Harley says.

“After all, there are all too many more direct ways for retailers, insurance companies, and pharmaceutical companies to get that sort of information. (And those are issues more people should be worried about.)”