Boom popular for friendly hackers while 5G approaches
As the number of online devices surges and superfast 5G connections roll out, record amounts of companies are offering handsome rewards to ethical hackers who successfully attack their cybersecurity devices.
The fast-expanding field of internet-connected devices, referred to as the "internet of things" (IoT) which include smart televisions and home appliances, are set to be more widespread once 5G becomes even more available -- posing just about the most serious threats to digital security in future.
At a conference hosted by Nokia last week, "friendly hacker" Keren Elazari explained that co-opting hackers -- many of whom are amateurs -- to search for vulnerabilities "was considered a trendy Silicon Valley thing 6 to 8 years ago".
But "bug bounty applications" are now offered by organizations ranging from the Pentagon and banking institutions such as for example Goldman Sachs to airlines, tech giants and a large number of smaller businesses.
The largest bug-bounty platform, HackerOne, has 800,000 hackers on its books and said its organizations paid an archive $44 million (38.2 million euros) in cash rewards this year, up 87 percent on the prior 12 months.
"Employing just one single full-time protection engineer in London may cost a firm 80,000 pounds (89,000 euros, $106,000) a time, whereas we open firms up to the global community of thousands of hackers with an enormous diversity in skills," Prash Somaiya, security alternatives architect at HackerOne, informed AFP.
"We're needs to see an uptick in IoT companies taking hacking electricity seriously," Somaiya said, adding that HackerOne right now regularly ships internet-connected toys, thermostats, scooters and cars out to its hackers for them to try to breach.
"We know from what possesses happened during the past five years that the criminals find incredibly clever ways to use digital units," Elazari told AFP.
A sobering case in point was the 2016 "Mirai" cyberattack, during which attackers took control of 300,000 unsecured products, including printers, webcams and Television recorders, and directed them to flood and disable websites of press, companies and governments all over the world.
"Later on of 5G we're discussing every possible system having high-bandwidth connections, it's not only your computer or your mobile," Elazari warned.
In October Nokia announced it had detected a 100 percent upsurge in malware infections on IoT devices in the last year, noting in its threat report that all new application of 5G offers criminals "more opportunities for inflicting damage and extracting ransom".
The benefits for hackers could be high: 200 of HackerOne's bug-hunters have finally claimed a lot more than $100,000 in prizes, while nine have breached the million-dollar earnings tag.
Apple, which advertises its own bug bounty method, increased its maximum reward to a lot more than $1 million towards the end of last year, for a hacker in a position to demonstrate "zero mouse click" weaknesses that would allow you to definitely access a device without the action by an individual.
"A big driver is of training the financial incentive, but there's this element of a good breaker mindset, to determine how something is made to help you break it and tear it aside," Somaiya said. "Becoming one individual who's able to hack multibillion-dollar companies is a real excitement, there's a buzz to it."
The rush of companies shifting to remote working through the pandemic has also resulted in "a surge in hacktivity", HackerOne said, with a 59 percent increase in hackers signing up and a one-third upsurge in rewards paid out.
The French and UK governments are among those to have exposed coronavirus tracing programs to friendly hackers, Somaiya added.
While 5G internet devices will have new reliability features included in the network infrastructure -- something absent before -- the brand new technology is vastly more complex than its predecessors, leaving considerably more potential for human error.
"I see a large amount of risk for misconfiguration and improper gain access to control, these glitches are one of the key risks," Silke Holtmanns, brain of 5G security exploration for cybersecurity organization AdaptiveMobile, told AFP.
But companies are appearing motivated to act as security movements up the agenda, Holtmanns believes.
The EU, along with governments all over the world, has begun tightening cybersecurity requirements on organizations, and fines for info breaches have been increasing.
"Before now it's been hard for corporations to justify higher expense in security," Holtmanns, who actually sits on the EU cybersecurity advisory group Enisa, said.
But she added, "If indeed they can say: 'With that reliability level we are able to attract a higher degree of client, or lower insurance costs,' people start off thinking in this route, that is a good thing."
Source: japantoday.com
