The problems of Cybersecuirty, similar to DUI, which is troublesome for everyone but many people still think it will be no problem for them to drive under influence, most people are not aware of the problem of Cybersecuirty. The 11^th annual Hacks in Taiwan Conference (HITCON) was held in Taiwan in Aug. 28 to Aug. 29 in 2015. The theme of this year in HITCON is “Security of Things” to wake the public’s awareness of securities of “Things” in the era of Internet of Things (IoT). The agenda in conference was to challenging for the layman, but in this article, PunNode will explain in an easier way to give the public some general knowledge from the conference.

Did We Learn the Lesson from Incidents of Hacks?

Shin Adachi, a Japanese expert in Cybersecuirty, gave a speech in the topic called “Are we Making Cybersecurity Crisis? Or How Can We Stop Making Small Things Big?” At first, he mentioned the book “Cuckoo’s Egg” published in 1989 discussing about the hack of Cybersecuity. “Anyone wonders why the problems discussed in 30 years ago still exists nowadays?”

He gave the audience some examples, “according to the statistics of NetMarketShare, until today, WindowXP has around 12% market share, but Microsoft stopped its support to XP in 2014. The situations is similar to Window Service 2003, in which the Microsoft also stopped its support to this version on July 14 this year, but is still used by the public. The fact that Microsoft stopped its support to XP and Service 2003 will become a serious issue on Cybersecurity in the future.

In addition, the ignorance of the public will also bring the crisis of Cybersecurity. For example, in World Cup 2014, the picture uploaded by a security of the stadium was accidently published on the wall of the wifi account and password; further, due to the password was shown accidently in the TV screen, the French TV station TV5 was attacked by the Internet in April this year. Shin Adachi also reminds us that, “we should particularly pay the attention to personal smart phones because there are many Apps in our phones with functions on identities or the data memory that will cause more Cybercecurity problems. Beside mobile installations and the Internet, the firewalls and HR information in companies, incident records and supervision, and contractor services are all Hacks’ targets.

The Era of “Internet of Things” is The Era of “Hacking” Everything to Cybersecurity Experts

In “Building Automation and Control: Hacking Subsidized Energy Saving System” forum, Philippe Lin from Trend Micro Inc. mentioned that BACnet, a smart architectural system, exposes their information setting by applying “internet of things” in hardware. The system is a published Internet setup with no authentication code and examination system. Trend Micro Inc. is able to find every set up of BACnet in Taiwan and commands input to those without passwords settings. For example, they can get relevant information of one of the supervising system in underground (Do not be panic. This is just an example discussed in the forum, and Trend Micro will never hack the system of Cybersecurity in any industry) “BACnet now has mobile version that is more convenient for people, but it also increases the risk of Cybersecurity,” said by Philippe. “I suggest people not only set up the password, but also routinely upgrade the internal IP, firewalls and SDN in system.”

Be aware of the importance of Cybersecurity

BACnet is just one of examples in Cybersecuirty. The issue of Cybersecuirty will be more serious because of the trend of Internet of Things. Some factors of hacking incidents in IoT in these years include:

1. Users are affected by IoT even without using it after the “connection” between the hardware;
2. Ignorant users are serious threat to Cybersecurity in the Internet;
3. Received information are mostly sent to unprotected Cloud forums;
4. People are not aware of Cybersecurity: 23% of global IoT systems do not have safety protections.

“It will be too late after the Cybersecuirty problem happens,” said by Shin Adachi. “Industry should prepare for Cybersecurity protections by giving relevant education and exercise. Also, people should keep in touch with all related teams so that they can recover from Hack attack efficiently if the problem of Cybersecurity happens within the company. Adachi gave the audience a useful advice at the end of the speech:

“To be aware of what you are dealing with and to keep yourself prepared, and you will nail the problem easily. If you keep yourself prepared but are ignorant the environment around you, you are in a half win-half lost situation. However, if you do not keep yourself ready nor ignore environment around you, you are putting yourself in a serious situation.”

中文版連結

• HITCON 2015 年會教我的事：別讓「萬物皆聯網」變成「萬物皆可駭」