Dissecting Design

Design is incredibly important for modern technology systems. In the past, flaws in design have become the best exploits for those with questionable intent. Let’s peek at a couple examples to dissect how design can influence technology.

The modern email system was modeled from postal mail. The system does not check the sender’s credentials by default. The major flaw in this initial design has resulted in a rather challenging security issue for professionals. Spam is easy to send without any limiting factors, unauthorized or malicious packages can be easily attached to be spread by those not paying attention, and social engineering campaigns have dominated industries attempting to trick people into handing over valuable data. Email has become incredibly popular, and features have enhanced the use for home, work, and hobbies. It would be hard to convince people to give up this system for a more secure one. Since we are heavily invested in the flawed design, it is important to check domains for senders and analyze authenticity before giving up data or downloading new software.

The environment and expected customers back at the invention of TCP/IP and related internet protocols were very different than the ones we see today. The environment was based around the aim to connect computers and the computing community was focused on practical needs. The expected customers were large institutions that could make use of these connections to house and communicate information. Due to the limiting factor that big connections were expensive, no security features were built into the TCP/IP layer. Any bad behavior that was observed was assumed to be from poorly built packets rather than people with malicious intent. Today the expected customer is drastically different as the use of computers and internet has become readily available to individuals, rather than being reserved to large institutions that could afford the high expense. The security problems today were shaped by the lack of security controls in the initial design. An increase in use by individuals combined with the opportunity for financial gain by exploiting a gap in security has made it difficult to make corrections to the live system. Information technology and security professionals are adapting to stay alert and design systems with security in mind for the future.

Internet of Things devices are the new, exciting devices we can see used at work and in the home. It’s amazing to connect to a speaker from another room, be able to change the temperature, or peek at visitors at the door from your mobile device. We have come so far in connectivity and accessibility for device use. The major trade off is in the design of these devices. To achieve such a high user experience, security features were overlooked. Some of these devices were rushed to the market, shedding security controls that were a bit pesky, to capture the profit created by demand. Cyber security professionals quickly realized that these products that are capable of recording and storing visual/audio data were created without the proper security measures.

The design of these IoT devices has shifted drastically and security is starting to be considered at the early steps of design- which is great news. So, what can you do now to secure your IoT devices? We know it can be a pain but download all the latest security patches on the various devices you have. Consider replacing old models lacking security controls, with new ones that can fend off primitive attack vectors. Disconnect from Bluetooth when you are not actively using the device. IoT devices are some of the most exciting devices allowing you to accomplish many things with a click of the button. We like to stay cautious and limit the number of devices connected in the office and home to practical needs. While it’s exciting to have the “smart” element to every piece of technology, there is always the possibility a new exploit may be discovered. An attack on the power grid from a smart refrigerator may sound unlikely, but the more devices we make available with various vendors, security patch levels, and security measures- the harder it will be to stay on top of security.

We hope you are thinking about the designs at your office and home, is there a weak spot you can add some defense?

Thanks for reading and I look forward to seeing you next time.

P.F.