It is an exciting (and challenging!) time for engineers, developers, and business leaders working on IoT security-related solutions. There are no shortages of security problems to solve and IoT business opportunities to consider. Every day, we learn about new security challenges, next-generation semiconductor technologies, and exciting innovations in the field of quantum computing. Here are some interesting news items from the past month.
“Grade A” IoT Security?
Just three months after US senators introduced the IoT Cybersecurity Improvement ACT of 2017, two US legislators have proposed a new bill that would establish a security rating and labeling program for IoT devices. If the Cyber Shield Act of 2017 passes, device manufacturers could voluntary have their products evaluated and then labeled if they meet security standards established by an independent advisory committee.
Backed by Sen. Ed Markey (D-MA) and Rep. Ted Lieu (D-CA), the bill would:
- Assemble a Cyber Shield Advisory Committee charged defining security standards for IoT devices
- Establish a voluntary program to identify and certify covered products with superior cybersecurity
- Develop a Cyber Shield label and promote it through public outreach and education
- Publish an online Cyber Shield Digital Product Portal that includes a database of certified IoT products
Currently, average consumers have no way to assess the level of security in the IoT products they buy. Unlike many food products with ingredient labels and certification stickers (e.g., “Certified Organic”), most IoT devices do not ship with third-party-verified security information. Establishing security grades and a Cyber Shield label would likely give consumers much more confidence in product security.
“As one of only four Computer Science majors in Congress, I recognize that we must continue to push for advancements in the tech industry. At the same time, it is critical that we prioritize developing products with the security of consumers’ information in mind,” said Rep. Lieu.
If the bill passes, it will be interesting to see who sits on the advisory committee and which best practices they recommend. Read the Bill
New IoT Security Threat: IoTroop
A new botnet is threatening the IoT. In mid-October, Qihoo 360 and Check Point Research reported that the IoTroop botnet, also known as “Reaper,” was hijacking IoT devices, such as routers and IP cameras, around the globe at an extremely rapid rate. But since the initial report was published, we have seen conflicting analyses about the botnet’s power and size. Some analysts have claimed that IoTroop has infected only around 28,000 devices, while others have said it has already harvested millions of devices.
While the exact number of compromised devices is unknown, most analysts seem to agree on the following:
- Rather than crack passwords and usernames like the Mirai botnet, IoTroop exploits hardware and software vulnerabilities in IoT devices from a variety of vendors, including Netgear, D-Link, and Linksys.
- IoTroop is similar to the Mirai botnet of 2016, but it is not a clone.
- IoTroop is self-spreading.
- IoTroop was likely developed by Chinese hackers, whose intentions are currently unknown.
“This is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide,” Check Point reported. “It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes.”
Check Point maintains a list with information about infected devices. We will continue to monitor the IoTroop botnet.
Quantum Computing Race Picks Up Pace
During the last several weeks, the biggest players in the global quantum computing race have made major announcements. In late September, Microsoft made headlines with details about a new coding language for developing and debugging quantum programs. A few weeks later, Intel unveiled a 17-qubit superconducting test chip. And earlier this month, Google and Volkswagen publicized a collaboration focused on using quantum computing on projects relating to traffic optimization and EV battery life. But perhaps the biggest news of the past two months came on November 10, when IBM announced it had built and tested a prototype 50-quibit quantum computer. On the same day, the company also said its IBM Q systems, featuring a 20-qubit processor, will be available to clients by the end of the year.
With so many quantum computing-related advances happening so quickly, we can only wonder: What will happen next week?
- IC Insights reports that the automotive electronics is the fastest growing IC market. In a new report, the research firm claims auto electronic systems will have compound annual growth rate (CAGR) of 5.4% between 2016 and 2021. Read More
- The IoT Institute recently named SecureRF, along with companies such as Cisco, Raytheon Cyber, and Symantec, as one of “25 trailblazing IoT security companies.” Read More
- China has surpassed the US in the number of supercomputers on the TOP500 list. Just six months ago, the US topped the list with 169 systems, while China had only 160. Today, China has 201 supercomputers on the list compared to the US’s 145. Read More
- The RISC-V Foundation announced this month that it has surpassed 100 members. SecureRF’s Walnut Digital Signature AlgorithmTM will be featured in a presentation titled, “Using Proposed Vector and Crypto Extensions for Fast and Secure Boot,” on November 29 at 7th RISC-V Workshop. Read More
- Qualcomm on November 13 rejected Broadcom’s $103 billion acquisition offer. “Broadcom’s proposal significantly undervalues Qualcomm relative to the company’s leadership position in mobile technology and our future growth prospects,” said Paul Jacobs, Qualcomm’s executive chairman of Qualcomm, in a press release. Read More