The FBI is warning that the increasing number of web-connected devices – the so-called “Internet of Things” – “increases the target space for malicious cyber actors” looking to exploit vulnerabilities.
The warning covers medical devices that collect and transmit data or dispense medicines, including wireless heart monitors and insulin pumps, the FBI said last week.
“Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection. These devices may be at risk if they are capable of long-range connectivity,” the agency warned Sept. 10. “Deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.”
The alert comes as U.S. Homeland Security secretary Jeh Johnson called for the Senate to move this month on a stalled cybersecurity bill, The Hill reported. The Senate delated a vote on the Cybersecurity Information Sharing Act in August, planning to revisit the measure this month, but that timeline has been pushed to at least to October, according to the website.
“The greatest thing we need right now is help from the other branch of government to pass cyber legislation,” Johnson said this week at the Commonwealth Club of California in San Francisco. “The House has already passed comprehensive cybersecurity legislation that greatly enhances my authorities, that greatly enhances information with the private sector; in my view that is the key.”
Tech companies and privacy-minded lawmakers have criticized the bill as a “surveillance bill by another name,” saying that it would only give more power to an already intrusive intelligence community and wouldn’t do much to prevent hacks.
In New York, district attorney Cyrus Vance tapped a nearly half-billion-dollar bank settlement to establish a nonprofit data-sharing cooperative to pool cybersecurity threat information among governments and the private sector worldwide.
“The cyber landscape is dotted with entities that are either for-profit or divided by region or industry,” Vance said, according to The Hill. “The Global Cyber Alliance has no such restrictions or limitations, crossing borders and sectors in an effort to map, understand, and thwart cybercrime.”