As the number of online devices surges and superfast 5G connections are rolled out, record numbers of companies are offering handsome rewards to ethical hackers who successfully attack their cybersecurity systems.
The fast-expanding field of Internet-connected devices, known as the Internet of Things (IoT) and which includes smart televisions and home appliances, is set to become more widespread once 5G becomes more available — posing one of the most serious threats to digital security.
At a conference hosted by Nokia Corp last week, “friendly hacker” Keren Elazari said that co-opting hackers — many of whom are amateurs — to hunt for vulnerabilities “was looked at as a trendy Silicon Valley thing six to eight years ago.”
Photo: AFP
However, “bug bounty programs” are now offered by organizations ranging from the Pentagon and banks such as Goldman Sachs Group Inc to airlines, tech giants and thousands of smaller businesses.
The largest bug-bounty platform, HackerOne, has 800,000 hackers on its books and said that its organizations paid out a record US$44 million in cash rewards this year, up 87 percent on the previous 12 months.
“Employing just one full-time security engineer in London might cost a company £80,000 (US$106,287) a year, whereas we open companies up to this global community of hundreds of thousands of hackers with a huge diversity in skills,” said Prash Somaiya, security solutions architect at HackerOne.
“We’re starting to see an uptick in IoT providers taking hacking power seriously,” Somaiya said, adding that HackerOne now regularly ships Internet-connected toys, thermostats, scooters and cars out to its hackers for them to try to breach.
“We already know from what has happened in the past five years that the criminals find very clever ways to utilize digital devices,” Elazari said.
A sobering example was the 2016 “Mirai” cyberattack, during which attackers took control of 300,000 unsecured devices, including printers, Webcams and TV recorders, and directed them to flood and disable Web sites of media, companies and governments around the world.
“In the future of 5G we’re talking about every possible device having high-bandwidth connections, it’s not just your computer or your phone,” Elazari said.
In October Nokia announced that it had detected a 100 percent increase in malware infections on IoT devices in the previous year, saying in its threat report that each new application of 5G offers criminals “more opportunities for inflicting damage and extracting ransom.”
The rewards for hackers can be high: 200 of HackerOne’s bug-hunters have now claimed more than US$100,000 in prizes, while nine have breached the US$1 million earnings mark.
Apple, which advertises its own bug bounty program, increased its maximum reward to more than US$1 million at the end of last year, for a hacker able to demonstrate “zero click” weaknesses that would allow someone to access a device without any action by the user.
“A big driver is of course the financial incentive, but there’s this element of a breaker mindset, to figure out how something is built so you can break it and tear it apart,” Somaiya said. “Being one individual who’s able to hack multibillion-dollar companies is a real thrill, there’s a buzz to it.”
The rush of companies shifting to remote working during the pandemic has also led to “a surge in hacktivity,” HackerOne said, with a 59 percent increase in hackers signing up and a one-third increase in rewards paid out.
The French and UK governments are among those to have opened up COVID-19 tracing apps to friendly hackers, Somaiya said.
While 5G Internet systems would have new security features built into the network infrastructure — something absent before — the new technology is vastly more complex than its predecessors, leaving more potential for human error.
“I see a lot of risk for misconfiguration and improper access control; these glitches are one of the main risks,” said Silke Holtmanns, head of 5G security research for cybersecurity firm AdaptiveMobile Security.
Yet she said that she believes companies are being motivated to act as security moves up the agenda.
The EU, along with governments around the world, has begun tightening cybersecurity demands on organizations, and fines for data breaches have been increasing.
“Before now it’s been hard for companies to justify higher investment in security,” said Holtmanns, who sits on the European Union Agency for Cybersecurity.
However, “if they can say: ‘With that security level we can attract a higher level of customer, or lower insurance premiums,’ people start thinking in this direction, which is a good thing,” she said.
China’s economic planning agency yesterday outlined details of measures aimed at boosting the economy, but refrained from major spending initiatives. The piecemeal nature of the plans announced yesterday appeared to disappoint investors who were hoping for bolder moves, and the Shanghai Composite Index gave up a 10 percent initial gain as markets reopened after a weeklong holiday to end 4.59 percent higher, while Hong Kong’s Hang Seng Index dived 9.41 percent. Chinese National Development and Reform Commission Chairman Zheng Shanjie (鄭珊潔) said the government would frontload 100 billion yuan (US$14.2 billion) in spending from the government’s budget for next year in addition
Sales RecORD: Hon Hai’s consolidated sales rose by about 20 percent last quarter, while Largan, another Apple supplier, saw quarterly sales increase by 17 percent IPhone assembler Hon Hai Precision Industry Co (鴻海精密) on Saturday reported its highest-ever quarterly sales for the third quarter on the back of solid global demand for artificial intelligence (AI) servers. Hon Hai, also known as Foxconn Technology Group (富士康科技集團) globally, said it posted NT$1.85 trillion (US$57.93 billion) in consolidated sales in the July-to-September quarter, up 19.46 percent from the previous quarter and up 20.15 percent from a year earlier. The figure beat the previous third-quarter high of NT$1.74 trillion recorded in 2022, company data showed. Due to rising demand for AI, Hon Hai said its cloud and networking division enjoyed strong sales
TECH JUGGERNAUT: TSMC shares have more than doubled since ChatGPT’s launch in late 2022, as demand for cutting-edge artificial intelligence chips remains high Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday posted a better-than-expected 39 percent rise in quarterly revenue, assuaging concerns that artificial intelligence (AI) hardware spending is beginning to taper off. The main chipmaker for Nvidia Corp and Apple Inc reported third-quarter sales of NT$759.69 billion (US$23.6 billion), compared with the average analyst projection of NT$748 billion. For last month alone, TSMC reported revenue jumped 39.6 percent year-on-year to NT$251.87 billion. Taiwan’s largest company is to disclose its full third-quarter earnings on Thursday next week and update its outlook. Hsinchu-based TSMC produces the cutting-edge chips needed to train AI. The company now makes more
Protectionism: US trade chief Katherine Tai said the hikes would help to counter unfair trade practices from China, while boosting domestic clean energy investments US Trade Representative Katherine Tai (戴琪) defended stiff tariff hikes against countries such as China, saying that paired with investment, they were a “legitimate and constructive” tool for reinvigorating domestic industries. Tai’s comments come a week after sharp tariff increases on Chinese electric vehicles (EVs), EV batteries and solar cells took effect — with levies down the line on other products also recently finalized. The latest moves targeting US$18 billion in Chinese goods come weeks before next month’s US presidential election, with Democrats and Republicans pushing a hard line on China as competition between Washington and Beijing intensifies. In an interview on Thursday