Skip to content
New Ebook: Get your copy of the Unleash the Power of Censys Search Handbook today! | Download Now
Blogs

Key Takeaways from “If It’s Smart, It’s Vulnerable” at RSA

 

It’s no secret – from smartphones to smart homes, we are living in a world where everything is getting smarter. Billions of smart devices are connected to the Internet, in fact there are more devices online than people, and that gap continues to widen. But what about the security of these smart devices? That was the topic of discussion during Tuesday’s RSA session, based on the recently published book ‘If It’s Smart, It’s Vulnerable.’

Mikko Hypponen is the author of the book and Chief Research Officer for WithSecure, who has also had his research published in the New York Times, Scientific American and lectured at Oxford, Stanford and Cambridge. Cecelia Marinier is a Cybersecurity Advisor for the RSA Conference and Co-Founder of Cabrico, a cybersecurity consulting firm. Together these security experts delved into the best – and the worst – parts of smart technology. In this blog, I’ll be sharing my top takeaways from this session.

 

Mikko Hypponen and Cecelia Marinier present at RSAC 23

 

 

Everything programmable is hackable. 

If a device is programmable, meaning that it can be controlled via code, it is hackable. Mikko used the example of a watch. Mikko’s Omega watch is a traditional winding watch which operates using mechanical movements by a series of gears. The smartwatches that many of the audience were wearing however are controlled and programmed by code. Smartwatches are essentially wearable computers that can be programmed using various development tools and programming languages, including Java, Swift and Python.

As smart technology continues to advance, so will the developments in the everyday systems and devices we use. While these innovations will offer numerous benefits for efficiency, convenience and connectivity, they also present security risks. Hackers and cybercriminals will look for ways to exploit or gain access to systems that offer access to sensitive data or information.

We may not think of a smartwatch being a potential entry point for a cyber criminal, but consider the data your smartwatch holds – payment information, password codes, personally identifiable information (PII) and more. It is important to take steps to secure all programmable devices and systems with steps like implementing strong passwords, regularly updating software and firmware, implementing encryption and conducting regular assessments and tests.

The internet has “deleted” geography. 

The internet has enabled people to connect in ways like never before. We can connect with others across borders and time zones, opening up new possibilities for interaction and collaboration that were previously unimaginable.

Social media platforms, video conferencing, online chatting are just a few examples of popular ways for people to communicate, share information and build communities no matter where they are located. Businesses and organizations are able to operate in a global and interconnected manner. Online marketplaces have created opportunities to reach customers around the world. Digital collaboration and communication tools make it possible for teams to work together across continents and time zones. These advancements in smart technology have had a profound impact on the way we connect and collaborate with each other, opening up new possibilities for communication, learning and innovation.

However, these advancements have also opened the doors for cyber criminals to reach us no matter where we are. Risk levels are the same, no matter what country you live in. When people are interacting online, there are no borders that limit cybercrime. Individuals must be aware of the risks associated with sharing information online, whether for personal or business interactions, and take the proper precautions to protect their privacy and security.

The future of cyber security liability will be in the hands of the innovators. 

As smart technology continues to advance and become more integrated into our daily lives, the responsibility for ensuring security and protecting users falls increasingly on the innovators and developers behind these technologies. It is evident that individual users do not have the knowledge or tools necessary to handle the strain of cybersecurity on every piece of technology they own. The future indicates that the companies building and developing these technologies will be responsible for putting the protections in place on behalf of the users.

Mikko brought up the National Cybersecurity Strategy recently released by the Biden Administration which put a strong emphasis on the role of the private sector in securing the nation’s critical infrastructure and protecting against cyber threats. One of the key elements of this executive order focuses on security being a key requirement of the development and procurement process. This includes adopting security standards and best practices, conducting regular security assessments and testing and ensuring that security is a top priority. By prioritizing security and privacy, innovators will help to build a more secure and resilient digital landscape for us all.

The internet grid is as essential as the electricity grid. 

Smart technology has become an integral part of modern society and essential to many aspects of our daily lives. The reliability and security of our internet grid is key to maintaining a smooth functioning society and economy. Downtime or interruptions to our internet connectivity can have serious implications, for individuals, businesses and governments. Being able to identify, understand and secure everything on the internet is not a nice to have – it’s a necessity.

The proliferation of connected devices and the Internet of Things (IoT) has created new cyberthreats as criminals exploit vulnerabilities in these devices to launch cyberattacks and compromise systems. As a result, it’s essential for everyone to take responsibility in securing digital assets. By taking proactive steps to protect our devices, we can all help to ensure that we continue to enjoy the benefits of our connected, globalized world while minimizing the potential risks or cyberthreats.

At Censys, we have a mission to be the one place to understand everything on the internet. We are the leading Internet Intelligence Platform for Threat Hunting and Exposure Management providing governments, enterprises and researchers with the most comprehensive, accurate, and up-to-date map of the internet. See what you can discover with Censys today.

Attack Surface Management Solutions
Learn more