- Security TWENTY
- Women in Security
Micro teams are key to securing smart home devices, writes Daniel Chandler, Management Consultant in Cyber Security at London-based cyber firm 6point6.
With the proliferation of technology continuing to increase among both consumers and businesses, investment in cyber security has risen rapidly in response. Home device security has now become more important than ever as hackers increasingly look to obtain our personal data in unlawful ways. Because of this, cyber research is fast becoming an attractive field of Information Security, and we are seeing more and more micro cyber research teams in the space to identify device vulnerabilities. Any identified vulnerabilities are shared with manufacturers who are responsible for ensuring that the issues are resolved. Establishing a collaborative relationship between security teams and manufacturers is a key component in the development of device security, as well as ultimately improving the safety of customer’s data on these devices.
Expanding cyber security
Micro cyber security research teams are a new addition to the ever-expanding field of cyber security. As the cyber security industry receives more investment and grows larger in response to demand, teams are becoming more and more specialised.
Micro cyber security teams are highly specialised and have a sole focus on identifying security flaws. Many leading companies within the industry have turned towards micro research teams as an area for growth; with many choosing to purchase micro teams or invest in them. As the number of hackable products continues to increase, thanks to the development of IoT, more security professionals will be needed to identify and help secure devices.
The growing popularity of IoT devices, especially in the consumer space, means that devices are increasingly interconnected, and poses a new challenge for manufacturers when securing their products. Homeowners can now connect TVs, printers, Amazon Alexa and Google Homes. The risk therefore multiplies, as if one device can be infiltrated through a vulnerability, then the data can be at risk across all devices on that IoT network.
Often micro research teams use two main methods for identifying vulnerabilities in devices; they either utilise tools for physical hardware hacking or attack the devices through the Local Network. Hacking can often be made easier by the plethora of product information found on the internet, especially if the device has a wireless connection and a corresponding FCC number online. Manuals, marketing material, public messaging forums and news coverage can help micro research teams complete a robust Threat Intelligence report.
Once identified, vulnerabilities are shared first with the manufacturers and then with the public once three months have passed. The majority of the time, manufacturers will accept the findings from the researchers and fix the identified issues in the products. Despite the severity of these vulnerabilities, the security community opts for cooperation with the manufacturers instead of criticism.
A new partnership
There are many benefits for both micro cyber research teams and manufacturers in this situation. In some cases, manufacturers may feel inclined to offer financial compensation or formal acknowledgement of the research teams and their efforts. However, most of these research teams will be rewarded by industry recognition.
While there may be wider positive results including new business or speaker invitations to big conferences, creating CVE entries can be a massive reputational boost for research teams in a competitive industry. CVE entries are publicly disclosed cyber security exposures and vulnerabilities and are listed on a free public online database. It’s common practice for companies to list their acquired CVE Numbers on their website to demonstrate their cybersecurity expertise.
For manufacturers, these micro cyber research teams provide another layer of security testing that can identify vulnerabilities; helping manufacturers to rectify the flaws before any damage can be done to customers’ data. In the future, this bonus security may help manufacturers cut down on costs by investing less heavily in security testing during the development stage.
However, it’s important that cyber research teams and manufacturers work together in order to develop and smoothen out the security testing process. Collaboration and sharing ideas and best practices can iron out any security issues earlier on in the development and ensure there are less devices on the market with exposures that may leave customers vulnerable.