NEWS

Don't underestimate the smart light bulb, it can change the Internet of Things "plague"

2019-09-05 13:54

A cryptographer has drafted a paper on how a smart light bulb can infect malware throughout the smart city in a matter of minutes; this is the RSA year of participating in a recent security provider in Silicon Valley, USA. One of the topics discussed by experts at the RSA Conference (RSA Conference, now part of the Dell-EMC Group).

On another agenda, Michael McCaul, chairman of the congressional committee on homeland security and member of the House of Representatives (Texas Tenth District), proposed a more threatening potential risk: “The bad guys are at our critical foundation. The construction leaves cyber fingerprints, revealing that they are monitoring what you said and what you did, and can strike you from the inside."

McCaul therefore called for a national cybersecurity program coordinated by the US Department of Homeland to host regular exercises and set options for counterattacks: “We are fighting in our digital lives, and we have not won. "He listens to briefings on cybersecurity threats every week, including the activities of Russian hackers during the US presidential election last spring.

McCaul said: "I urged President Obama and then presidential candidate Trump to publicly express their position, but were disappointed with their response to the threat of threatening the national system.

RSA's public key encryption co-developer Adi Shamir's overall assessment of cybersecurity is equally worrying. He said in an interview with cryptographers: "The Internet we know today is no longer saved. Now, I really think we should get rid of the retraining."

kaili Shamir and his colleagues will present a paper this year entitled "IoT Going Nuclear", describing how a person can use a smart light bulb with malware and use a lot of intelligence in minutes. The entire smart city of lighting fixtures is infected.

He pointed out that the smart TV of Korean manufacturer LG Electronics was attacked by ransomware: "The government should do something about this problem, such as not allowing those devices that are not secure to link to the public Internet;" the proposal won the audience. Warm applause.

And the experts agree that machine learning, quantum computing, and blockchains will not have much impact on security in the foreseeable future. Shamir said: "I am optimistic about the performance of artificial intelligence (AI) on the defensive, but not offensive; resisting a new generation of zero-day attacks requires a clever approach, not a powerful machine learning program: "That applies to behavioral comparisons. (comparing behaviors), discovering exceptions, and alerting for exceptions. ”

The quantum computer that beats today's encryption technology architecture will take many years to build, but Susan Landau, a professor of cybersecurity strategy at the Worcester Polytechnic Institute, said: "I have not seen it in the field of post-quantum research. There is the same level of mathematical research (with general encryption technology), which is related to whether I accept it (that is, today's post-quantum technology) as a standard."

Investment education is the best defensive weapon

Ron Rivest, another co-developer of RSA, said that the influence of blockchain technology, which is more widely used behind bitcoin, has been exaggerated: "It feels like being imaged like a panacea... That can be used in the financial sector... but not universally needed;” He called for greater investment in education, which is the best security strategy: “This will give birth to more talent and develop the tools needed.”

The cryptographer Whitfield Diffie called for more investment in the new kind of architecture-correct-by-construction programming technology: "I think we have made everything wrong, I have been there a few years ago. Think about it."

“The logically verified code” is greatly underestimated if we can bet on resources like interactive logic technologies that are spent on logical functioning devices and quality programming. , we will achieve better results;" Diffie's speech also received warm applause.

In another conversation, Congressman McCaul generally agreed that "the federal government agency is not the answer to cybersecurity, and the answer should come from the outstanding achievements of the private sector." He said: "We are losing talent in the network field because of low morale and internal morale. There are more money outside;" He called for more cybersecurity scholarships to reward government services. And when McCaul pointed out: "The safety platform has back doors is a big mistake;" also won the applause of the technical experts present.

Security experts at the conference are also worried that the new Trump administration may put pressure on companies and must provide keys to law enforcement. Worcester Polytechnic Landau is writing a new book that is expected to be published in the fall. The case will be described as: "The law enforcement agencies (in the digital age) have many different survey methods, even if the phone is locked."

Landau served as a witness at a congressional hearing during the security dispute between Apple and the Federal Bureau of Investigation (FBI) in the San Bernardino terrorist shootings in 2015.

In his conversation, McCaul admits: "The law has not kept up with the digital age. Weapons can always surpass the defense needs, but we are facing the twentieth century defense method, the 19th century bureaucrats, to respond to the 21st The threat of the century;" His conclusion is: "Although the network field is bleak... We have the strongest mind in the world and can find solutions to defend the network."

(Source: eettaiwan)