More recently, information security was the lot of large corporations and government agencies. Now take precautions to protect your data makes sense to everyone.
Let’s start with mobility. With modern smartphone and high-speed 4G connectivity for daily needs are declining the need for a laptop: email, data in the cloud — easy and convenient. However, if you think about it, all personal information is now in several U.S. vendors: Apple (IPhone, ICloud), Microsoft (Windows, Skype), Google (Android, Gmail), which we are forced to trust our data. Namely, correspondence, phone calls, files, contacts, photos, calendar — i.e., a significant component of his personal life. That is all accustomed and resigned, though still five, and especially ten years ago things were different.
What other personal data in the near future, we will trust third parties? All!
The Internet of things and vulnerabilities
Smart things connected to the Internet, soon to change beyond recognition our daily lives. Microwave, coffee maker or washing machine that you want to update the firmware through the network, will soon displace all other usual household items. Cars connected to the Internet is already today, not to mention the fact that all tickets are purchased through the global Internet system. What clever things can know about us? Everything: our habits, preferences in food, drinks, television programs, intimate nuances.
Hereinafter telemedicine. If you think about it, today 90% of visits to doctors is commonplace cases of colds. And in many cases a person can be helped remotely to diagnose and even save lives, if he has diagnostic equipment, such as network-connected medical bracelets. These technologies are evolving, but significant progress will be noticeable in the next 5-10 years. And it will be the usual gathering of complete medical information about each of us.
Adding to all the above mentioned data on purchases that we make, our Internet activity, and it will become quite clear that in the near future we will know everything from our eating habits to the disease, from traveling to shopping. The concept of privacy is, in principle, will disappear in the twenty-first century, and most of all we need to worry about how secure our data is and what risks we are exposed to in the event of their disclosure.
With regard to classic data (files, email, etc.) that are stored at vendors ‘ “first link” (Google, Microsoft, Apple) from ordinary burglar they are protected, overall, very good. But do not forget about the secret services. In 2013, Edward Snowden released classified data about the program PRISM, under which the National Security Agency USA (NSA — the most powerful and secretive American intelligence Agency, which since 1952 technical intelligence) has an agreement with these vendors, allowing you to exercise secret control over all processing of their user information. There are no clear evidences, but let’s look at indirect evidence.
First. If the NSA really massively collects data about users must be stored somewhere. Fact — a few years ago, the NSA has opened a huge new data center in Utah, which is the third in the world in size, reaching the area of about 30 football fields.
Second. The collected data should be processed. Given the enormity, one can imagine the enormity of this problem. And there comes to mind the fascinating and enigmatic American startup Palantir, established in 2003, its Main investor is the investment Fund of the CIA, invested, in accordance with public information, more than $300 million This startup makes “the search for intelligence” — a powerful system of searching, analyzing and correlating big data. And recently they began to offer their services and the corporations that drove the capitalization of the company at a figure of $20 billion — the CIA has done a fine investment.
Why the NSA data center of this size and such a powerful search technology and big data Analytics? To keep track of objects they are interested (government officials, intelligence officers, terrorists, etc.) — it’s thousands, let tens or even hundreds of thousands of objects representing a direct interest. But this is clearly not the scale. All this equipment and software is clearly built to analyze hundreds of millions, if not billions of objects and with a view to the future. We should note that the new data center the NSA appeared much later than, according to Snowden, has launched a program of total surveillance PRISM, ie and it all worked perfectly. And here comes to mind the “Internet of things”, which will give a huge reservoir of new extremely valuable for the analysis of information.
Don’t talk about TV
Now let’s talk about the security of “Internet of things”. And here all is very bad. It simply is not. Vendors do not see the risks and simply do not care about the security of smart devices. Vulnerability reports in TV, video nannies and smart toilets still provoke a smile. But when we hear Samsung is (simultaneously with the manufacturer Тizen OS designed for smart items and mobile devices) officially recommends users not to keep confidential talks when the TV because of “the possibility of sending data to third parties”, it is not funny.
It is worth thinking about the security of the familiar everyday devices — home routers. They have a huge number of vulnerabilities and other problems. The Federal Trade Commission even recently fined the company ASUS for vulnerabilities in home routers, obliging her to spend for 20 years a third party audit of their produce. And using your Internet neighbor is not the only possible consequence of this problem.
Even less funny are represented the vulnerability of medical equipment, the possibility of remote intervention in the control of the car and other problems that can lead to the loss of health and even life.
Thus, the sad conclusion for us all is that the closer the device to end users, the more security problems. What can we say about the security of “Internet of things”? It is not in the near future. This means that smart things can be hacked and accessed.
Risks for the layman
At first glance, it seems that we don’t represent interest for special services. But nothing prevents to collect certain data “in reserve”. You never know when they will be needed. An ordinary citizen can become a high-ranking official, a businessman, and then his file may come in very handy. And if he expresses an inappropriate protest, opposition, detailed information about it will be very useful. Don’t need whistleblowers, we need a system of denunciations — all data can be quickly uploaded from the database. Palantir, based on public information already provides a terrible opportunity to search for and visualize different relations based on the collected heterogeneous data, allowing, for example, to identify criminal or other community. Yes and get a lot of other information.
In addition, there are major opportunities for corporations who want to monitor their employees, to develop business through providing clients with smart targeted advertising. Headache — get on the website banner advertising painkillers and the address of the closest pharmacy.
Detailed information he need and criminals who definitely will figure out how to use it to their advantage. And it’s not fantasy, it’s the near future, where a convenient and useful things coexist with those that are dangerous.
Recently, we’ve been literally accustomed to the fact that dangerous vulnerability or even intentionally left a bookmark is fine. There is a “reputation inflation” even respected it and information security vendors, to say nothing about the manufacturers ‘Internet of things’, the beginners in this field. Throw in fatigue from the constant messages about the detected holes, the bookmarks and successful break-ins. Our world today lives by a simple principle: “Security through ignorance”, which certainly pleases the corporations, hackers, and intelligence agencies.
Apple vs the FBI
A vivid illustration of these trends — the confrontation between the FBI and Apple. The case is quite interesting and not so obvious as it seems. And it could set a dangerous precedent, especially since the iPhone does not fundamentally different from any other smart devices. As already known, the feds have asked Apple to install a backdoor universal (defect of the algorithm, which allows to obtain secret access to the data) to the model, which was used by the terrorists. This would enable the service at any time to open any IPhone.
Apple’s reaction to such a request was expected. People far removed from the specifics of the INFOSECURITY industry, it might seem that the manufacturer cares for the user’s safety, rights have invaded the U.S. Federal government. Actually, the vendor is only worried about the damage to your business. And Apple in this history only care about how information about the vulnerability or bendora may affect sales. It is important that we are not talking about “accidental” vulnerabilities, the U.S. intelligence services, and on official bedore with almost state status. The first similar precedent for public. Hitherto such open requests from the authorities were only in China. Therefore, Apple was forced to respond this way.
The most interesting is why the inquiry was given a wide publicity? All these data intelligence could be received informally. It’s possible that users thus being prepared for a new era of official “state” of backdoors. Intelligence agencies want to know everything.
There are other risks associated with this precedent. First, if such software was created, the attacker would to use it. Secondly, the governments of other countries, less democratic from the point of view of the US, would require a similar backdoor. Thirdly, if Apple made concessions, in the future, her fate probably would have suffered other vendors, including manufacturers of devices “Internet of things”. In the end, the FBI themselves have hacked phone, and Apple has been able to save face.
All this does not mean that we should abandon progress. We all just need to be aware than all it threatens, and vendors — to urgently take all necessary measures so that the technical revolution has turned into a nightmare.
The point of view of the authors, whose article published in the “Opinions” section, may not coincide with editorial opinion.