Security. We love to hate it. We know we need it, but it just gets in the way. Thing is, these days most people (I might be a little optimistic here) are aware of their online security and welcome it. Your internet banking may or may not be as secure as
you think it is, or would like it to be, but at least you know not to enter your security credentials into every phishing site. People are used to re-authenticating to make payments or when buying a book. It may be single factor, but at least it's something.
It's even in the UK's ICT curriculum.
Of course, when faced with a multi million dollar complex derivatives deal, the same person that is happy to re-authenticate themselves when buying a £10 book is "more than a little reluctant" to re-authenticate themselves in order to do the trade. Gotta
love human nature....
In contrast, Blizzard launched their authenticator nearly four years ago, protecting your virtual online assets with two factor authentication - so if you've ever played World of Warcraft ( or perhaps more recently Star Wars: The Old Republic - BioWare have
done the same) your virtual mage or Jedi is more protected than your average bank account or your Amazon account. Or your trading system.
My point, if I have one, is that we are used to "bad guys" operating in these areas. Malware scans, anti virus software, and an increased awareness of scam emails (where someone coined the delightful term "over phishing"). And the vendors in those areas
are used to it too - financial software vendors may or may not have good practice with black and white box testing, security reviews and software that can adapt to the threatscape, but they know they should do and their customers know it too, so the selection
process will include this. And the implementation should test it. But there are brave new frontiers opening up where we aren't ready, and more worryingly, nor are the vendors.
Your shiny new internet enabled, high def TV with embedded webcam - yep, that will get hacked. Maybe just for giggles (sorry, the lulz) or maybe for something more sinister. It's already happened to home security systems, so your fridge will be next (according
to IBM "by 2013, 1.2 billion connected consumer electronics devices are expected in the more than 800 million homes with broadband connections"). Your car will be comparative easy pickings, and at best will just get opened or stolen. Worse - hacked while driving,
engine turned off and no power steering or ABS. With or without Siri (see youtube link).
And then there's the medical world. Insulin pumps have already been hacked: "There's no passwords, no authentication. All you need is the serial number," which opens the question / debate on all the other medical devices, implanted or otherwise. Who needs
Then there's the bigger stuff - the Smarter Planet vision of connected buildings, factories, and nuclear power plants. If you think it's nerve wracking being on the receiving end of a penetration test for your internet banking product, imagine being the
person responsible for security of a nuclear power plant. Or the traffic system. Or Air Traffic Control. Because connecting all this stuff has a downside...
Obviously there's mobile as well, but mobile security while a little embryonic is already maturing out of necessity. Again - possibly optimistic there. It gets interesting when mobile stops being "just" available online and lets you work offline and then
So just because you can use internet banking on your telly, doesn't mean it's safe? Time will tell.
Blog updated: 30 May 2015 05:16:15