PHILADELPHIA -- As cable operators go deeper into wireless and WiFi offerings, hackers and cyber criminals pose a constant and growing threat, according to two security experts at Cable-Tec Expo.
By 2020, the average consumer will interact with 26 wireless devices in an average home, said Chris Kocks, director of the Internet of Things practice at Pure Integration, during a Wednesday session. Indeed, many homes, with security, light and doors controlled by WiFi commands, already exceed that number.
And many MSOs are staking out wireless strategies to deploy a WiFi-first network supplemented by a mobile network operator.
The vulnerabilities of a wireless system can be magnified when integrated with the cloud and multiple users. Executives are concerned about insecure interfaces, insufficient authentication and lack of transport encryption just a name a few.
“Wireless security is tough,” said Kocks. “It’s hard because there are a lot of different technologies, a lot of different platforms, a lot of different a lot of different moving parts.”
In WiFi-first applications that integrate with multiple devices, carriers and cells, each of the hand-offs represents a potential threat, said Ram Sridharan, CTO of Applications, Analytics & Cloud for the MSO segment for Nokia.
Sridharan said that security and access management “spans physical and virtual networks,” a reference to the increasing dependence on the cloud for network architecture.
When the Internet of Things arrives over the next decade, among the many threats will be human error: already new WiFi products available at retail are vulnerable, but no one sets a new password suggested by the manufacturer. “Most of us don’t – that’s a reality,” Kocks said.
One example that Kocks gave involved a popular WiFi device: a voice-controlled home automation hub called the Echo that answers to the name “Alexa.” In a demo, a person standing outside a home could unlock the front door by yelling voice commands through the window.
The solutions, while simple, are expensive and difficult to execute as more potent defensive software is evolving: develop an end-to-end, holistic defense for the network. Specifically, Sridharan and Kocks suggested developing a strong vulnerability program and implementing strong access and authentication controls. Simply waiting for software patches isn’t enough of a security plan.
The various attack vulnerabilities of IoT are the biggest threat for cable operators on the wireless front, said Kock, but “it’s also the biggest opportunity.”