IBM Corp. and Visa Inc. introduced a cross-platform solution Feb. 16, 2017, designed to improve security on the Internet of Things (IoT) by aligning the global brands’ patented technologies and capabilities. By integrating IBM’s Watson IoT Platform and Visa’s Token Service, the companies will enhance security in payment-enabled devices, including wearables, appliances and cars, the companies stated.
“The Internet of Things is not only driving a more connected world; it’s changing the way we live, shop and pay, by moving data and the point of sale to wherever the consumer wants it to be,” said Jim McCarthy, Visa’s Global Head of Innovation and Strategic Partnerships. “With the power of Watson’s cognitive technologies and IBM’s leadership in IoT and security, they are the ideal partner to help us deliver secure payments to ‘virtually anywhere’ and on the enormous scale of the IoT.”
IoT’s broad attack surface
Marc-Roger Gagné, Principal at Ottawa, Canada-based Gagné Legal Services and board member of the Privacy and Access Council of Canada, stated the IoT represents a broader attack surface for cybercriminals, providing opportunities to exploit operating system weaknesses, infect connected devices with malware and spoof legitimate apps to steal login credentials.
“For security professionals, the difference between defending a corporate data structure from attack and defending that same structure once it’s connected to the IoT is vast,” he said. “Compare it to defending a bank and defending a country.”
Indeed, Wired journalist Andy Greenberg reported Russian cybersecurity firm Kaspersky Lab found serious, distinct flaws in nine Android-connected car apps. In Android Phone Hacks Could Unlock Millions of Cars, published Feb. 16, 2017, Greenberg also cited independent security professional Samy Kamkar, who planted sniffing devices in cars to hack their apps. These included the General Motors Corp. OnStar, Fiat Chrysler Uconnect and Mercedes-Benz mbrace. Once inside the app, Kamkar could locate and unlock the cars, and sometimes start ignitions, Greenberg stated.
“Encrypting or hashing the credentials stored on the device, adding two-factor authentication or fingerprint authentication, or creating integrity checks that the apps would perform to see if they’ve been altered to include malicious code would all go a long way toward mediating the problem,” Greenberg wrote.
Multifactor security schemes
A December 2016 report published by the Financial Services Information Sharing and Analysis Center, Retail Cyber Intelligence Sharing Center and United States Secret Service urged the retail community to mitigate cyberattack risks by adopting the stronger encryption, end-to-end encryption and tokenization of card account numbers.
Multibrand, multifactor solution
Visa and IBM representatives stated the companies will leverage Visa Token Service, which replaces sensitive account information found on payment cards with unique digital identifiers to process payments without exposing actual account details. The service, part of the Visa Ready partnership program, is used by third-party Visa-certified token service providers.
The companies additionally plan to roll out Visa payment services in the IBM Cloud, making Visa Tokens available to IBM’s Watson IoT Platform customers, enabling merchants and consumers to connect to billions of devices, sensors and systems worldwide. The partners are confident the co-branded solution, combined with their immense global footprints, will help the solution rapidly scale.
Consumer technology experts have seen steady growth in connected cars and expect the trend to continue. The Watson IoT Platform is designed to enhance connected cars by securing information in the cloud and alerting consumers when vehicles need updates and renewals. “With this information, the driver can order parts with the push of a button or schedule a service appointment at their preferred local garage,” IBM representatives stated. “The driver could even pay for gas through a direct interaction between the car and the gas pump.”