By Larry Velez, co-founder and CTO
It may seem paradoxical that a newly discovered Wi-Fi vulnerability supports the argument I’ve been making that devices need to be more connected to the Internet to be secure. Why? Disconnected hardware will not stand a chance with the number and frequency of updates needed to be safely connected to the Internet.
Take the latest Wi-Fi vulnerability scare called KRACK. It’s a serious weakness in the WPA2 protocol, the most common protocol used to encrypt Wi-Fi communications. KRACK allows attackers within a Wi-Fi signal range to intercept passwords, e-mails, and other data presumed to be encrypted. According to a website that announced the discovery of the attack, any device that supports Wi-Fi is likely affected.
According to the website, “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.”
If any device that supports Wi-Fi is affected, some might argue that we should have less connected devices not more.
I take the opposite stance and here’s why…
Consumers and businesses alike are choosing the convenience and efficiencies of being connected over the security of being "off the grid" (so to speak), and there are no signs of it slowing down. And, right now, the policies for securing these devices is in its infancy, increasing the risk for attacks such as KRACK.
That's why I believe cloud-connected hardware will win over disconnected hardware – it brings more needed security. It also offers more mobility and can save organizations the costs associated with managing or configuring hardware. For example, traditional Wi-Fi routers are self-contained with setup and configuration done manually by connecting to the device. It is often a tedious process designed by and for IT people. By contrast, smart Wi-Fi, a new generation of routers already in use by some businesses and recently introduced to the consumer market, is controlled by cloud software and updates occur automatically to better protect against data security breaches. (We've written more about this here: Enterprise Wi-Fi technology comes home.) If you have a trusted tech solution that takes security seriously, you will be better protected than trying to keep up with patches and updates manually.
While vulnerabilities have existed since day one of the Internet, the stakes continue to grow higher as the data gets more valuable and the lag time between patches for disconnected hardware gets too long to protect against keep malicious attackers. Think about all the information that is collected and transmitted via the Internet of Things (IoT) with your “connected home” devices, or via Artificial Intelligence (AI) tools such as Alexa.
I believe disconnected hardware will not be able to compete in the next few years. It will not be able to get patched, updated, and stay secure if we need to count on humans to do it. Our devices need to be more connected (and smart!) before we have AI doing the hacking – at which point only another AI could keep up!