Hacking the Internet of Things (IoT) to strengthen it may seem counter-intuitive, but it’s a step that electronics manufacturer Panasonic has recently taken. It has turned to hackers to help it strengthen the security of its IoT devices.
The initiative came about as part of Panasonic’s efforts to understand the IoT threat landscape and how to counter potential attacks. It uses two specially built honeypot sites that expose its IoT devices to the internet to lure cyber-criminals into attacking the devices. These products range from cameras to home appliances like smart fridges. By opening its products up to attack, it ultimately learns how to protect its customers and business from IoT-targeted cyberattacks.
As Hikohiro Y Lin, General Manager and Head of the Product Security Incident Response team at Panasonic explains, “Our company has white-hat hackers hacking our own devices every day. We’ve tested more than a thousand devices and we’ve found more than 10,000 vulnerabilities before shipping, so they’re fixed.”
Security at device level
Uncovering vulnerabilities at device and chip level is essential to securing the IoT on a wide scale. When dealing with the IoT, cybersecurity solutions cannot be a bolt-on, it has to be built into the fabric of the device.
To help Panasonic’s development teams fully understand the threat landscape, unreleased and on-the-market products are placed in the honeypots giving insights into how devices are attacked in the real-world. So far, the honeypots have collected information on 30 million cyberattacks and 4,000 kinds of IoT malware.
Meanwhile, researchers from the Delft University of Technology in the Netherlands are highlighting the importance of crowdsourced ethical hacking approaches for enhancing IoT security. They recommend Bug Bounty Programs (BBP) and Responsible Disclosure (RD), which encourage hackers to report vulnerabilities in exchange for monetary rewards.
As they state, “government agencies and business organisations today are in constant need of ethical hackers to combat the growing threat to IT security. A lot of government agencies, professionals and corporations now understand that if you want to protect a system, you cannot do it by just locking your doors.”
The benefits of ethical hacking
The benefits of ethical hacking include preventing data from being stolen by malicious attackers, discovering vulnerabilities from an attacker’s point of view, and protecting networks with real-world assessments.
Chrome and Firefox have implemented reward programs to discover potential vulnerabilities. Chrome’s program has uncovered over 500 vulnerabilities so far, costing it approximately $580,000.
Crowdsourcing allows for several hackers to work on a security target continuously. Plus, under a reward program, hackers are only paid when a valid vulnerability is reported, leading to greater cost-effectiveness and resources that can be better spent on further improving security.
Granting hackers access to IoT devices will offer a different perspective on your cybersecurity efforts. By opening it up to a crowd, you’ll benefit from many differing points-of-view and attacking styles – many hands make light work. By taking this approach to your IoT security you can ensure your product is as secure as possible when it goes to market, giving you and your customers greater peace-of-mind that every base has been covered.
All content produced and published by Paratus People. All rights reserved. ©