Editorial N°8 – 2019 will be the most dreaded year for IoT security

Apart from the DDoS attacks launched from IoT botnets and the compromise of connected cameras, the discovery of new and increasingly critical vulnerabilities only confirms the failure of the security of connected objects. All sectors are concerned, from home automation to connected health and industrial systems.  For example, several security breaches on ballistic missile systems used as a means of defence in the event of a nuclear attack have been discovered by the US Department of Defense. Some of them dated back to 1990… In the medical world, between hacking into connected implants, stealing medical data and threats of ransomware, connected health has become a cyber battleground. After decades of developing connected health, American hospitals now have an average of 15 connected objects per room, most often infusion pumps and patient health monitoring systems. However, most of these devices are vulnerable to hacking.  In 2018, ten years after the first vulnerabilities were discovered, the biomedical hack had its stand at DEFCON, and the demonstrations were spectacular…  The year 2018 seemed only a foretaste of what could happen in 2019, as attackers developed new hacking techniques. In the future, there is a risk that systems will spread autonomously, in disconnected mode. The worst would happen if an attacker exploited a “zero day” flaw on connected systems. Possibilities of hacking into connected objects seem unlimited due to their lack of security, the ease with which they are compromised and their increasing development in all sectors of activity. Regarding the future, there are many dreaded scenarios… especially since most of them have already been realized. It would not be surprising to learn that a network of connected cars has been used to carry out DDoS attacks or that a wastewater treatment plant has been subjected to a ransomware.