The security industry had a fairly blunt message for the thousands of brands and attendees at the world’s largest mobile trade show this week:
Get your shit together.
Security has too often taken a backseat as the mobile industry has pushed concepts like the Internet of Things, smart vehicles, and connected, well, everything. That has created fertile ground and a growing surface area for independent and state-sponsored hackers to turn mundane objects into bot armies while stomping on privacy and stealing personal data.
That’s bad enough. But the scenarios grow far worse in the future being imagined by the mobile industry: a world driven by artificial intelligence and autonomous vehicles and drones powered by blazing-fast 5G networks. Lax security could allow enterprising hackers to step outside the virtual world, creating physical weapons by running cars off roads or crashing flying robots into buildings.
“Unfortunately, the computer systems we used were based on the technology systems made 40 and 50 years ago,” said Eugene Kaspersky, CEO and founder of Kaspersky Lab. “They have an architecture designed during an era where there was no such thing as a cybercrime. If we don’t change that, we will face some very bad scenarios.”
Across Mobile World Congress (MWC) in Barcelona this week there was more talk of security than ever before. In panels, keynotes, and exhibition halls, everyone was eager to highlight the growing threat and to demonstrate that they were taking it seriously. The problem, of course, is that the rush to connect everything has already dramatically increased the vulnerability of consumers and businesses.
Kaspersky offered a list of physical hacks that have occurred in recent months. These include a hacker turning off a home heating system in Finland and a demonstration in which a hacker took control of a car. The stakes are getting higher, he warned.
“We have a lot of things to redesign,” he said. “The critical infrastructure is all around us and it’s vulnerable.”
During a keynote early in the week, SoftBank CEO Masayoshi Son was discussing ARM Holdings, the chip company he acquired last year for $31 billion. Son delivered a rather scathing assessment of the security of many products using ARM chips.
“None of them are secure today,” Son said. “It’s very, very dangerous. The cars in the past weren’t connected to the internet.”
Son said ARM had recently announced new security products and that he is determined to make the issue a priority across SoftBank’s holdings.
“The number of hacking incidents continues growing,” he said. “We are enhancing security very quickly. We need to secure all things in our automobiles,” some of which use as many as 500 ARM chips.
Anthony Levandowski, head of Uber’s autonomous vehicle unit, said the company has hired its own security team to make sure its vehicles of the future are secure.
“We’ve hired some of the best hackers out there,” he said.
Daniela Gerd tom Markotten, head of Digital Solutions & Services for Mercedes-Benz Trucks, has been building a new innovation unit for the company over the past year as it seeks to leverage even greater connectivity for cars and trucks. The group is spread across several different regions in order to find partners that can help it with specific technological needs.
She said one of the hubs the company chose was Tel Aviv because of its high density of security experts.
“You need to be in each of these kind of hubs, from my perspective, because each is a benchmark for different reasons,” she said. “Tel Aviv is really strong on sensors and security and IoT.”
Of course, in the short-term, this has created an opportunity for some entrepreneurs.
Yossi Atias, cofounder of Dojo Labs, was on hand this week, demonstrating a new IoT security system his company will launch in April. Based in Israel, Dojo Labs acquire by UK-based antivirus company BullGuard in August 2016 for an undisclosed sum.
Atias, now general manager for IoT Security at BullGuard, and his team at Dojo Labs hav been developing a solution that makes it easy to secure all connected gadgets in a home.
The Dojo is connected to the home’s main internet router. From there, via Wi-Fi, it locates all objects on the network and creates a new gateway to protect them. If any intruder attempts to access a device, or the network, the system blocks it and sends an alert through a smartphone app. The system will even automatically detect if your browser is attempting to access a malicious site.
The Dojo goes on sale in April for $200. Atias said that ideally all this security would exist at the device level. But because it doesn’t, creating a solution on the network level gives users an easy way manage these threats.
“It’s an easy way to block something you don’t trust,” he said.
NetScout is far from being a startup, having been founded 30 years ago. The company’s products that deliver network intelligence for telecom companies have found slow and steady success over the years. But as sales of NetScout’s core product began to accelerate a few years ago, the company realized that all the data it helped gather could be useful in another area: security.
In October 2014, NetScout announced a $2.4 billion deal to acquire Danaher, a communications business that included security division Arbor Networks. Jim McNiel, Netscout’s chief marketing officer, said NetScout is using the data it was already collecting to augment Arbor’s security system.
After several days of talk about security vulnerabilities, McNiel is even more convinced that the company’s bigger bet on security came at the perfect time.
“It seems like security has been an afterthought for many years,” he said. “And this year it’s really picked up. I think the industry is getting much more serous about it.”
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here