The anonymity aspect of the Internet has often been made fun of in cartoons, but the messages they portray are definitely true. The Internet does not disclose your identity, hence no one will know what type of a person you really are and if somebody turns out to be a criminal-minded professional hacker, then he surely will not be up to any good things.
This anonymity aspect, considered to be one of the most serious deficiencies of Internet design, gives the hackers a lot of cover and hence the society is kept bereft from all the benefits that the internet can offer.
Situations are getting worse as one moves towards what is dubbed as “Internet of Things”.
Today’s world has blurred the lines between what a computer is and what is not, because most devices look and behave just like a computer. An obvious example is the smartphone. However, these days things like household appliances, medical devices, cars etc. can also be added to the list of “smart” gadgets. As things of everyday usage are given intelligence and the processing ability of computers, they become more vulnerable to attack.
Can cars be susceptible to attack? Yes, they can be! Researchers in iSec Partners have recently demonstrated that by sending some special text message to the car’s anti-theft system, it would be possible to unlock the car doors as well as start their engines. This grave situation has forced the U.S. Transportation Department authorities to seek help from the security industry for developing a ‘roadmap’ for “enhancing safeguards to motor vehicles against threats of cyber security as well as ensuring the safety and reliability of automatically operated electronic control systems for the automobile industry.”
Medical Devices Hacked:
At a conference by BlackHat, Jay Radcliffe, a security researcher, highlighted the aspect of hacking medical devices. Being a diabetic, Radcliffe remains mostly connected to a glucose monitor and insulin pump. He demonstrated how third-parties with malicious intentions could wirelessly transmit commands from remote locations and have his insulin pump disabled.
This is scary since security vendors are reactive and not proactive – they can only address threats after they have appeared and done the initial damage.
For truly securing the Internet, we have to design means of changing the basic Internet protocols and have unequivocal authentication introduced. Vint Cerf, considered a legendary figure for his Internet work of creating TCP/IP stack for building the Internet infrastructure, has clearly ruled that he could have addressed the authentication aspect differently.
There is no doubt that Cerf along with others, who made the Internet, has indeed greatly benefitted society. However, lack of authentication provides great cover to the bad guys as their actions are virtually untraceable. In the broader perspective, anonymous postings on the net have greatly damaged reputations of companies and individuals. So damaging has been this aspect that the Companies have been forced to create a new position called “Reputation Specialist”, whose sole job is to minimize these damages.
Individual patching of each and every appliances and vehicles used by us, would be a naïve exercise. Greater accountability is required on the network and for the same to happen; the authentications have to be in-built within Internet protocols.
This is certainly not an easy task, as can be seen from the experiences that Cisco, the biggest pioneer of building e-mail authentication, has faced.
But to address these major issues, some major players, have to take the lead to make a big commitment towards making this authentication mandatory on the Internet.