Skip to main content
banner image
venafi logo

Internet of Things: The Dangers of Blindly Trusting Keys and Certificates

Internet of Things: The Dangers of Blindly Trusting Keys and Certificates

generic_blog_banner_image
January 18, 2016 | Kevin Bocek
Key Takeaways
  • Our reliance on keys and certificates is growing exponentially, fueled largely by the Internet of Things
  • Hackers recognize the increased opportunity to use stolen or misused keys and certificates for malicious gain
  • Our internet-enabled life is threatened by cybercriminals abusing the trust established by keys and certificates
  • We need new ways to determine which keys and certificates should be trusted and replace those that are vulnerable

Originally published as Rise of the Robots: How our love affair with automation could spell the end in Computer Business Review on January 13, 2016.

There's an old adage which began its life back in the 1990s - and was perfectly illustrated in a New Yorker cartoon - which says: "on the internet no-one knows you're a dog." It neatly summarizes a core cyber security problem that we still face to this day: how do we know who to trust online? For the last twenty years we have taken the same approach to this problem by using cryptographic keys and digital certificates to establish trust.

By and large the system worked: ecommerce boomed and the economy and society as we know it was transformed, all thanks to a little website padlock here and there. Worryingly though, over the past five years, we are seeing cracks in the very foundation of the internet begin to emerge.

As we hurtle towards a future powered by the Internet of Things (IoT), with automated machines playing an ever-greater role in our day-to-day lives, these cracks will split into chasms that threaten our modern world. Could internet-enabled life as we know it soon be coming to a crashing halt? How can we stop the sinkholes from emerging?

The Internet of Things and the dangers of automation
Robot photo by Humanrobo, significant changes to the original image were made. CC BY-SA 3.0

The problem with trust
Cryptographic keys and digital certificates tell us whether an entity is what it says it is. We use them to authenticate web servers, code on devices, apps, and even for enterprise VPN access. It all comes back to that binary decision that machines have to make - is this thing part of "self", trusted and safe; or not trusted, and therefore dangerous - which certificates and keys provide. It's the foundation of cyber security and the whole global economy and it's built on sand.

Over the past five years, hackers have caught on to the potentially lucrative opportunity that keys and certificates offer. We have all seen the scene in a movie where the bad guy dresses up as a painter to gain access to a building, or steals someone's swipe card; this is what is happening in the cyberworld too. Bad guys are trading keys and certificates on the dark web and using them to crack into company systems - just look at Sony, Careto, the Snowden revelations and Flame or Stuxnet. They all involved stolen or misused keys and certificates.

Read the rest of the article on Computer Business Review.

Like this blog? We think you will love this.
internet of things, iot, malware, data protection, shadow iot
Featured Blog

How to Secure Your Company’s Shadow Internet of Things (IoT)

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Kevin Bocek
Kevin Bocek

Kevin is Vice President of Security Strategy & Threat Intelligence at Venafi. He is recognized as a subject matter expert in threat detection, encryption, digital signatures, and key management, and has previously held positions at CipherCloud, PGP Corporation and Thales.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat