Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would’ve laughed at you and said you watch too much James Bond. But today, if you tell me that hackers with malicious intents can use my toaster to break into my Facebook account, I will panic and quickly pull the plug from the evil appliance.
Welcome to the era of the Internet of Things (IoT), where digitally connected devices are encroaching on every aspect of our lives, including our homes, offices, cars and even our bodies. With the advent of IPv6 and the wide deployment of Wi-Fi networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 40 billion.
The upside is that we are able to do things we never before imagined. But as with every good thing, there’s a downside to IoT: It is becoming an increasingly attractive target for cybercriminals. More connected devices mean more attack vectors and more possibilities for hackers to target us; unless we move fast to address this rising security concern, we’ll soon be facing an inevitable disaster.
IoT Vulnerabilities Open Up New Possibilities To Hackers
Some of the more frightening vulnerabilities found on IoT devices have brought IoT security further up the stack of issues that need to be addressed quickly.
Earlier this month, researchers found critical vulnerabilities in a wide range of IoT baby monitors, which could be leveraged by hackers to carry out a number of nefarious activities, including monitoring live feeds, changing camera settings and authorizing other users to remotely view and control the monitor.
In another development, it was proven that Internet-connected cars can be compromised, as well, and hackers can carry out any number of malicious activities, including taking control of the entertainment system, unlocking the doors or even shutting down the car in motion.
Wearables also can become a source of threat to your privacy, as hackers can use the motion sensors embedded in smartwatches to steal information you’re typing, or they can gather health data from smartwatch apps or health tracker devices you might be using.
Some of the most worrisome cases of IoT hacks involve medical devices and can have detrimental — perhaps fatal — consequences on patients’ health.
What Is being Done To Secure The IoT?
The silver lining is that IoT security, previously ignored, has now become an issue of high concern, even at the federal government level. Several measures are already being taken to gap holes and prevent security breaches at the device level, and efforts are being led to tackle major disasters before they come to pass.
After the Jeep Cherokee hack, automaker Fiat scrambled to have the problem fixed and quickly issued a safety recall for 1.4 million U.S. cars and trucks to install a security update patch. The whole episode also served as a wakeup call for the entire IoT industry.
Now security firms and manufacturers are joining ranks to help secure the IoT world before it spins out of control. Digital security company Gemalto is planning to use its experience in mobile payments to help secure IoT devices. Gemalto will be offering its Secure Element (SE) technology to automotive and utility companies. SE is a tamper-resistant component that gets embedded into devices to enable advanced digital security and life-cycle management via encryption of and access-control limitation to sensitive data.
Microsoft also is entering the fray, and has promised to add BitLocker encryption and Secure Boot technology to the Windows 10 IoT, the software giant’s operating system for IoT devices and platforms such as the Raspberry Pi. BitLocker is an encryption technology that can code entire disk volumes, and it has been featured in Windows operating systems since the Vista edition. This can be crucial to secure on-device data. Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. Its implementation can prevent device hijacking.
The IoT security issue has also given rise to new alliances. A conglomeration of leading tech firms, including Vodafone, founded the Internet of Things Security Foundation, a non-profit body that will be responsible for vetting Internet-connected devices for vulnerabilities and flaws and will offer security assistance to tech providers, system adopters and end users. IoTSF hopes to raise awareness through cross-company collaboration and encourage manufacturers to consider security of connected devices at the hardware level.
“The opportunity for IoT is staggering,” said John Moor, a spokesperson for IoTSF. “However, there are ever-real security challenges that accompany those opportunities.” Moor stressed the importance to address security from the start. “By creating a dedicated focus on security,” he promised, “our intention is simple — drive excellence in IoT security. IoTSF aims to be the home for providers, adopters and beneficiaries of IoT products and services.”
Other companies are working on setting up platforms that will enable large networks of IoT devices to identify and authenticate each other in order to provide higher security and prevent data breaches.
There also is research being conducted to enhance IoT security through device and smartphone linking. The effort is being led by experts at the University of South Hampton, who believe smartphones can help overcome IoT devices’ limits in user interfaces and complexities in networking.
What More Needs To Be Done?
While the effort to tackle security issues regarding IoT devices is laudable, it isn’t enough to ensure that we can leverage the full power of this new technology in a secure environment.
For one thing, the gateways that connect IoT devices to company and manufacturer networks need to be secured as well as the devices themselves. IoT devices are always connected and always on. In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system.
Also of concern are huge repositories where IoT data is being stored, which can become attractive targets for corporate hackers and industrial spies who rely on big data to make profits. In the wake of massive data breaches and data theft cases we’ve seen in recent years, more effort needs to be made to secure IoT-related data to ensure the privacy of consumers and the functionality of businesses and corporations.
There also must be a sound plan for installing security updates on IoT devices. Each consumer will likely soon own scores — if not hundreds — of connected devices. The idea of manually installing updates on so many devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business. Proper safeguards must be put in place to prevent updating interfaces from becoming security holes themselves.
What is evident is that the IoT will become an important part of our lives very soon, and its security is one of the major issues that must be addressed via active participation by the entire global tech community. Will we be able to harness this most-hyped, emerging technology that will undoubtedly revolutionize the world, or will we end up opening a Pandora’s Box that will spiral the world into a new age of mayhem and chaos? Let’s hope for the former.