The original article was published at Dark Reading on October 16, 2015.
As billions of devices come online, it will be critical to protect the keys and certificates we use for authentication, validation, and privileged access control.
As technology becomes more interconnected with the Internet of Things, we should expect to see more insidious hacks like those demonstrated at Black Hat USA this past summer that will -- at some point in the near future -- strike close to home. It’s one thing when your company gets hacked and quite another when your pacemaker, commercial airline, or traffic light control and coordination system gets pwned because of security vulnerabilities in IoT devices.
What is the core of the problem?
There are two technologies that are foundational to enabling our world economy today. They are DNS and keys and certificates. According to Gartner, there is an estimated 4.9 billion IoT devices connected to the Internet, a number that is estimated to grow to 25 billion devices by 2020. As was so clearly displayed in the GM RemoteLink app hack at Black Hat, at the core of IoT are keys and certificates; SSL/TLS validation, or the lack of validation, was exploited as part of the hack.
As billions of devices come online, it will become all the more critical to protect the keys and certificates that are used for authentication, validation, and privileged access control.