Ever since the first livestreaming sporting event broadcast over the internet in 1995, the subsequent future of media streaming has only grown in popularity. According to one Deloitte survey, 72% of millennials deem video streaming as one of their most valued services, and that’s just for the video industry. Streaming now includes things like music or photo collections and has extended into smart devices like phones, tablets and other objects that might fit the internet of things. But these advancements do not come without their associated risks.
While Netflix and other streaming services have taken precautionary steps toward protecting consumers using streaming devices and systems, unfortunately many have not. Some still view security as an afterthought.
Why streaming services should offer security solutions
In January 2016, Netflix expanded its services to almost every country in the world, a huge step for the streaming service. However, with this expansion came a slew of possibilities for hackers, such as the opportunity to launch phishing campaigns. One in particular redirected users to a forged Netflix website wrought with malicious activity; consequently, feeding into a black market solely for Netflix accounts. Another malware campaign used Trojans to target Netflix’s homepage and download harmful software to steal banking information straight from users’ systems. Since the attacks, Netflix has added TLS encryption to its video streams to increase user privacy and security. But because media streaming is so accessible and convenient for users, cybercriminals have grown more sophisticated in their tactics to target streaming media services, like Netflix, and the systems of their connected streaming devices.
Media streaming devices generally have some sort of media software program either already installed on their operating systems or downloaded from the internet. These programs are designed to play or stream media files from external sources like websites. But if a hacker breaches the media software program in a computer system or IoT device, they may then operationalize their own phishing schemes, malware tactics or social engineering scams to manipulate users into visiting malicious websites. Intruders may also seek to take control of a large number of devices to create a botnet from which to launch attacks. The development of these malevolent ploys could result in things like DDoS attacks or data breach of an entire network. For example, a data breach of one music streaming service in 2015 exposed sensitive customer data through a searchable archive stored online.
To gain consumer trust, responsible organizations should take initiative to protect their media streaming service. Providing basic/core security through things like device and firmware authentication, secure boot and SSL/TLS protocols help secure consumer privacy while streaming media.
A smart solution in PKI
Smart companies are already finding smart solutions. For example, Plex is one media streaming company supporting tens of millions of devices and servers communicating with a variety of different customer platforms. Its customers can even play their Plex collections from hardware devices like Sonos speakers. To secure these communications and protect consumer privacy, Plex uses publicly trusted SSL/TLS certificates together with public key infrastructure (PKI) to add layers of security and create a secure end-to-end connection between users, devices and cloud services.
In June 2015, the company announced its partnership with DigiCert to help strengthen Plex communications. In its blog, Plex mentions how threats have evolved, making TLS protection a necessity:
In today’s internet security climate, it’s a laughable offense if every packet leaving and entering your network is not encrypted, its recipient verified … Certificates are generally associated with a small set of unchanging IP addresses. So we’ve worked some DNS magic to remove that limitation, and make things just work.
PKI helps Plex authenticate users, servers and devices all at scale. Plex provides a unique key pair via SSL/TLS certificates to also provide end-to-end encryption between connection points. This practice creates a buffer against breaches, not only enhancing users’ security, but also reinforcing their privacy. It’s not difficult to see how the Plex use case can fit some IoT security scenarios.
When paired with good security technology and practices, PKI can help solve IoT authentication problems. According to Gartner, “PKI will reemerge as one of the most relevant authentication mechanisms for organizations to address the IoT authentication problem. PKI’s flexibility is important when changing requirements and represent identity in a cross-platform, multiprotocol approach … Gartner predicts that discovery, provisioning, authentication and data protection will account for half of all security spend[ing] in the next five years.”
Implementing PKI solutions into current security strategies allows Plex, and similar companies, to strengthen consumer trust, protect media streams important to their bottom line and strengthen its business credibility by offering end-to-end encryption and authentication. Its customers appreciate the reassurance that their information is private and their devices are secure.
Security solutions need to be simple enough — even transparent — for users to actually use them. Companies like Plex have found solutions by partnering with a trusted certificate authority to implement PKI technology into their systems and platforms. Likewise, PKI can help solve the scalability challenges of IoT implementations that involve millions of connected devices and their associated credentials.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.