The number of cyberattacks on individuals and corporations in the past decade has increased astronomically in the past decade. In this regard, researchers at F-Secure conduct security research using mimic operational hardware distributed around the world.
These operational hardware devices called honeypots are set up to simply attract traffic attacks. In the first quarter of 2019, these devices attracted over 2.9 billion attacks – a staggering number that is deemed threatening for IoT (particularly hardware) devices.
This number translates a 300% increase compared to the previous data recorded and this increase is directly proportional to the increase in hardware and IoT devices distributed around the world.
The reason for these attacks is partly due to the absence of defenses for aging architectures or firmware and partly due to absence of information security housekeeping. More often than not, IT departments in organizations do not have total information about all the devices on their network, therefore, making the job of fixing security issues nearly impossible.
Effects of Cyberattacks on Hardware Devices
Studies have however shown that the risks associated with the introduction of such devices to homes and workplaces are more than just what it seems. Some of these devices serve as endpoints to wider networks and a compromise on the device could cause devastating effects on the networks they are connected to.
Examples of these are attacks on control and medical devices that harbor or contain sensitive data. Another classic example of this would be an attack on a VoIP phone connected to a secure network. Such attacks are clever on the part of the hackers but seemingly dangerous for the person or organization under attack. Such cybersecurity threats have been noted to be automated and usually originate from an infected computing device that is connected to the others.
Measures to Prevent Hardware Attacks
In preventing such attacks, hardware manufacturers and researchers have developed several algorithms to safeguard hardware devices from hacks and data theft. A popular way by which hackers perpetrate their malicious acts is by detecting varying degrees of electromagnetic radiation and power from hardware devices and making use of these variations to steal information – whether encrypted or not.
IoT hardware devices are often small in size – a feature that translates to the fact that they have to operate on minimal power. This, however, comes with a drawback – speed, area, cost and power optimization usually pose security challenges. A cable box, for example, performs a decoding and encoding process when powered on and this gives off electromagnetic radiations much more than when all other functions are being executed.
These radiations over time, form a pattern that is unique to that cable box and this is what hackers look out for in order to exploit such devices. One of the many ways to prevent such attacks at a firmware level is to develop an algorithm that draws or emits the same power or energy at every operational level, such that if the device’s power readings are obtained by hackers, the information will be useless to them.
In addition to this, the algorithm developed can also be structured in such a way that it secures the hardware component automatically rather than a manual setup. This algorithmic approach will, however, cost devices an estimated 5% increase in power consumption which still seems commercially viable.
HP’s Partnership with ExpressVPN to Curtail Cyberattacks
On a large scale, hardware companies team up with other software companies to provide additional security offerings on their devices. A popular example of this is the recent partnership between ExpressVPN and HP which features preinstalling of the VPN on the new HP Spectre x360 13. Customers who purchase this laptop will have 30-day free access to use ExpressVPN and all of its features after which they would be required to pay a certain amount to continue enjoying the service. This move is aimed at fostering better hardware and personal data security amongst users of personal computers who connect to public WiFi, access unsecured websites or download malicious items without proper knowledge of the risks that come with these acts.