Capital plays host to tech experts facing ‘enemy within’
▶ In Abu Dhabi, spotlight falls on menaces that lurk every day on the internet, writes Robert Matthews
This week, Abu Dhabi is playing host to a group of people who have one of the toughest and most vital jobs in the Middle East. They are charged with defending energy and utilities businesses from cyber attacks.
Each year they gather to discuss the latest threats from hackers, terrorists and hostile states. Each year the challenges get harder.
Those in attendance know the horror stories. Last year’s malware attack on Ukraine, which hit gas and electricity companies, still looms large. So does the re-emergence of the Shamoon virus, responsible for damage to Saudi Aramco in 2012.
The UAE remains a major target, with more than 100 attacks on government sites last year.
As non-combatants, the public can only hope the experts can succeed in keeping the enemy in check.
But they know the enemy is among us, in a myriad devices tied by the Internet of Things.
Mention IoT to most people and, if they’ve heard of it at all, they’ll probably think of cool gadgets that allow your fridge to warn when you’re low on eggs.
The reality about IoT, however, is frightening. It provides a way into homes, businesses and installations. And the bad guys know it.
This month, an American university student faced sentencing for attacking hundreds of thousands of gadgets linked by the IoT in the US.
Computer science student Paras Jha and two accomplices created malware known as Mirai, which targeted household routers, webcams and other devices.
Mirai hijacked the computers linked to the gadgets and used them to launch a “distributed denial of service” attack in 2016, hitting network servers with data until they crashed.
It was a demonstration of what the IoT makes possible According to a new report by Business Insider Intelligence,
there are 9 billion IoT devices and, by 2025, that will grow to 55 billion.
Despite providing back doors into key parts of the internet, these devices typically have only the most basic security measures. Even these are often undermined by users sticking with factory settings and passwords such as “admin”. Many devices cannot be upgraded as new vulnerabilities come to light.
The lack of public awareness of the presence of the IoT in homes is a great danger. On that front, some people have now had a scary wake-up call – quite literally.
This month, owners of Amazon’s virtual assistant, Alexa, reported being woken in the dead of night by laughter coming from “her” Echo speaker.
Amazon claimed the voice-operated device had a glitch, making it misinterpret commands as a request to laugh.
Some users insisted this was not the problem at all. The cackle had come unprompted.
The company issued a software update it said would fix the problem, seemingly oblivious to the fact this confirmed the truth about Alexa – outsiders can control it.
Launched in 2014, Alexa has come to dominate the digital assistant market. There are more than 30 million units in the US.
Security experts have found ways of hijacking Alexa and its rivals. They include back doors through Bluetooth for the installation of illicit hardware.
Some vulnerabilities are simple, such as getting into “smart” homes by pushing the letterbox slot and telling Alexa to open the door.
Smart technology can always be exploited if consumers are too lazy or unwilling to grasp the scope of their power
Of course, the tech companies say the devices come with security measures. What they do not have is any way of ensuring consumers use them, or that hackers cannot evade them.
Avoiding this security nightmare is becoming all but impossible. Most cars and other high-end technology now come “internet ready”.
Adopting rigorous security standards yourself does not help either. When you are part of a vast network, it just takes one slip by someone, somewhere to land everyone in trouble.
The three students who developed the Mirai malware were punished but their case holds lessons for all of us. As one expert told The
Guardian newspaper: “Imagine what a well-resourced state actor could do with insecure IoT devices.”
The 7th Cyber Security for Energy and Utilities Conference runs from Tuesday to Thursday this week.