Forensics Foreshadowing: Acknowledge the security issues – Minnesota Lawyer
12/7/16, 11(59 AM
Forensics Foreshadowing: Acknowledge the security issues
!
By: Mark Lanterman
"
December 1, 2016
#0
The internet of things, as I discussed in an earlier column in Minnesota Lawyer on Nov. 28, 2016, requires us to
secure all our devices properly. There are four considerations: acknowledging security issues, the huge amount of
data involved, privacy and self-protection.
Acknowledge the security issues
Since devices essentially “talk” to each other, security breaches that disrupt the collection and sharing processes
often happen. The consequences can be disastrous for individuals and organizations alike, depending on the severity
of an attack. Our digital lives pose a number of entry points for potential hackers and therefore the security risks are
almost endless; cyberattacks have taken on a whole new dimension as the internet of things becomes more
expansive and sophisticated.
With the ever-increasing number and variety of connected devices, there are a corresponding number of potential
vulnerabilities for hackers to access, but even one may provide a hacker with the opportunity to cause serious
damage.
Since internet-connectivity now extends far beyond our computers, we have to start thinking about the other
avenues that a potential attacker might take. Instead of stealing private information from a computer, for example,
an attack may come in the form of hijacking a car via its connected media system. While the internet of things
allows us to access information that was previously inaccessible, it also provides cybercriminals with access to us.
Given the relative newness of the internet of things, it must be recognized that proper security measures have not
been fully created or implemented to support it. It is important that everyone recognizes this lapse, not only those
within the cybersecurity community.
http://minnlawyer.com/2016/12/01/forensics-foreshadowing-acknowledge-the-security-issues/
Page 1 of 3
Forensics Foreshadowing: Acknowledge the security issues – Minnesota Lawyer
12/7/16, 11(59 AM
Recognize the huge amounts of data involved
By just scratching the surface of the internet of things, we are presented with a huge amount of data. Our society is
increasingly marked by a particular consumer demand; that is, if something can be connected, it should be. “I want
to be able to open my garage door remotely,” or “I want my thermostat to send me notifications.” These
conveniences require data collection and storage.
As a computer forensic analyst, I investigate digital devices to uncover the truth. My analyses normally revolve
around computers and cell phones, but as smart devices become more prevalent, I have learned to extract data
from devices that didn’t even exist when I first started conducting forensic examinations. In fact, I frequently
encounter new devices or applications which require an adaptive forensic approach.
The fact is, the technological climate is constantly changing. People are regularly using devices that efficiently track
and record personal data. These devices are our record-keepers, and as such, they are invaluable for a number of
reasons. Digital data is often called upon as a critical source of evidentiary information both for law enforcement and
in court. With the increasing emphasis placed on providing the best resources and protection for victims, information
stored on devices is often critical in establishing narratives and identifying perpetrators.
Consider privacy and points of vulnerability
Appliances, cars, toys, medical devices—formerly isolated technologies are now connected through the internet of
things. Accordingly, the data these devices contain is now much more vulnerable to attack. Though convenient, this
kind of platform greatly diminishes our ability to keep our personal information private. Given how convenient and
engrained into our culture the internet of things is, it may seem like a worthwhile tradeoff. However, people are
often shocked when I explain how much information is actually being stored on these devices and who may have
easy access to it, and how hard it is, if at all possible, to get rid of this data.
When you’re considering the internet of things, and your own digital footprint, take into account the possibility that
you may be underestimating exactly how “connected” you really are. Even though you may not have rushed to the
store to get an Apple Watch or you don’t use a smart phone, it is important to recognize that your information in
some capacity is being stored digitally by companies and organizations. It is wise to be invested in how your data is
being collected and stored. And if you do have a number of connected devices, recognize that each one is a possible
point of entry for a hacker. “Smart” devices are able to automatically transfer data over a network—the scope and
implications of this kind of sharing are not always fully grasped.
Analyze the potential threat and protect yourself
Once both the positive and negative aspects of interconnectivity are realized, many decide to take on additional
security measures to protect themselves. Careless maintenance of devices may lead to compromising the
storehouses of information that are so valuable to hackers.
Having a greater and more detailed base of information allows for tailored, and therefore stronger, cyberattacks. For
example, by using information you have stored on a fitness tracker, a hacker can create a personalized spear
phishing attack. Instead of sending a general, poorly composed, and easy to spot, email requesting your personal
information for a fake credit card offer, you’ll receive an email that looks like it’s been sent from a workout clothing
retailer. It becomes much more likely that you will click on a link contained within the email, embedding a virus into
your system.
http://minnlawyer.com/2016/12/01/forensics-foreshadowing-acknowledge-the-security-issues/
Page 2 of 3
Forensics Foreshadowing: Acknowledge the security issues – Minnesota Lawyer
12/7/16, 11(59 AM
Each device that offers a hacker even one bit of personal information can be used to create stronger, customized
attacks. As the devices we connect through the internet of things become more sophisticated, hackers must match
this challenge by constructing better attacks on your security and privacy. Social engineering attacks in which a
cybercriminal preys upon human, rather than technological, weaknesses are greatly facilitated by the amount of
private information we collect and store online.
As a first step to protect yourself from the risks associated with this degree of connectivity while still enjoying the
convenience, identify the number and kind of internet-enabled devices you currently utilize. Assessing your level of
connectivity is the first step to figuring out your digital security posture and taking measures to ensure that you are
prepared. This small step may also inspire you to research how certain vendors use your consumer data. Are
companies you trust ensuring that the data they collect is being gathered and stored in a safe way? Is this
information shared with other parties?
Knowledge is power and assessing your own degree of risk may lead you to change your security protocol, perhaps
starting with your passwords, or even reduce the number of devices you tend to use. Determine what kind of data
you want stored about you and recognize that if it’s being stored, it may be accessed and used.
To better assess threats to your security and privacy, it is beneficial to subscribe to a security email list or blog to
receive updates on current cybersecurity trends. As threats are constantly changing and hacking adapts to our latest
technologies, staying informed about the latest warning signs is critical. It is also worthwhile to stay apprised of how
the internet of things is being regulated and what measures are being taken to keep it secure on the national and
global levels.
Copyright © 2016 Minnesota Lawyer, 222 South Ninth Street, Minneapolis, MN 55402 (612)333-4244
http://minnlawyer.com/2016/12/01/forensics-foreshadowing-acknowledge-the-security-issues/
Page 3 of 3