The (insecure) Internet of Things
Date: Tue, 11/10/2015 - 19:03 Source: Author: John Patterson, Omlis press department
We are living in an increasingly connected world and these connections are extending to a plethora of day to day appliances which we currently take for granted. Everything from heating systems to home entertainment, kitchen appliances to cars will be linked up to provide more personalized services, responding remotely to your commands no matter where you are
The potential of the IoT (Internet of Things) has prompted big names to get in on the act early, such as Amazon and their voice activated ‘home hub’, Alexa. To ensure the best service possible (as well as providing an additional revenue stream for their creators), these new connected products will collect data about your usage and preferences. One everyday example would be your kettle logging what times you use it most frequently, alerting you to the amount of liquid remaining and adapting accordingly. However, despite heightened convenience, there are still issues to be resolved.
With an influx of devices gathering data about every aspect of our lives, there is a pressing need for the prioritization of security. Concerns about data breaches are frequently reinforced as it seems that there is a new high profile attack every other week. While cybercriminals currently favor financial targets, one of the fastest growing threats is that to healthcare data. With the majority of first-wave IoT devices focused on monitoring fitness and wellbeing, it is not a stretch to see the companies processing this data becoming attractive targets for resourceful hackers. In the not so distant future, your home itself may become a valuable target; as the amount of devices on your network increases, a single flaw in security could leave a worrying range of personal information highly vulnerable.
There have already been numerous documented attacks against connected devices and even vehicles. A recent report outlined how malicious code injected into a Jeep Cherokee’s central computer system enables hackers to take over essential controls (including the brakes) remotely, a frightening reminder of the importance of robust security. These risks also extend into seemingly innocuous devices, taking on a much more sinister application as flaws have been identified which allow malicious parties to hack into numerous brands of connected baby monitors, taking over the audiovisual functionality and essentially turning them into spy cameras. In a time when even your fridge isn’t safe from attack, a fit-for-purpose solution is required to facilitate safe usage of the IoT and all of its inherent benefits.
To adequately secure the IoT, many developers agree that standardization (such as IPv6) would help streamline its adoption and enforce regulations to ensure security standards are met. The problem is that the sheer amount of devices which are becoming a part of the IoT looks set to turn this process into a legal nightmare, even the FBI are weighing in on the topic. The reality is that the IoT requires new security infrastructure based on its evolving technical criteria, a factor which is crucial for the platform’s success. The importance of these issues has been raised by the FTC (Federal Trade Commission) who are urging companies to build security into IoT devices from the outset as well as ensuring that their internal and external quality standards align so they are able to take ownership of their security efforts. Another method of reducing risk would be the responsible minimizing of data collection; weighing up the potential rewards against threats to consumer information although, with the data economy becoming big business, this option is not very attractive to many companies.