Securing the Internet of Things (IoT)

Ever wondered how effective your morning would be if your toothbrush could communicate with your exercise machine, refrigerator and maybe your laptop, so everything could happen at a click of a button? This will be soon become reality!

Internet, ‘Network of networks’ may very well be termed as one of mankind’s finest inventions and ‘Internet of Things’ (IoT) could be pitted as the optimal enablement of this invention, owing to its scale and utility. The scenario outlined earlier will soon be real as Internet is becoming accessible at one’s fingertips and over diverse devices. ABI Research data states that there are more than 10 billion wirelessly connected devices in the market today; with over 30 billion devices expected by 2020. In fact, with millions of devices enabling internet connectivity, this network is not just expanding to reach more individuals, but it is likely to bring about a 360-degree change in the way we communicate and operate. As per Malaysian Communications and Multimedia Commission statistics, there are more than 20.2 million people connected to the internet in Malaysia.

Internet is visibly making every object or machine around us smarter, right from connected toothbrush, wearable fitness tracker with embedded sensors and smart refrigerators. We will soon live in an ecosystem where these ‘dumb devices’ would acquire intelligence through an inbuilt OS enabling the devices to get connected with other paired/authorised devices. For example, consider a power controller at home enabled to communicate with the GPS device of a user’s car. In the world of ‘Internet of Things,’ the GPS device triggers the power controller at home to switch on lights and other important appliances whenever the car reaches a stipulated geological radius. Again, the power controller triggers devices at home which are connected to the internet to schedule tasks as per triggers received. While the ecosystem is being enhanced for all the good reasons, the security aspect is getting immensely threatened because if the object is connected to the internet, hackers will find it, and if it has an OS they can hack it.

The dynamism of the Internet of Things is one of its most challenging features as most of us in our day-to-day lives might come across many of these smart devices, yet be unaware of the consequences that might pop-up if they are not secured appropriately. More the connected devices, greater is the range of “significant” security challenges across data privacy and physical security that have the potential to disrupt functionality of consumers and businesses in new ways.

How secure is it?

The benefits as well as associated risks around Internet of Things will affect organisations and governments to a great extent. For example, in today’s BYOD enabled enterprises, while the device to device communication has become easier, the apps and services that the devices possess, have a potent security risk. More challenging perhaps is the potential for data aggregation across smart devices, internet-based services and existing data pools.

Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking. Our researchers built a number of scanning devices using Raspberry Pi minicomputers and, by taking them out to athletic events and busy public spaces, found that tracking of individuals was possible. Symantec also found vulnerabilities in how personal data is stored and managed, such as passwords being transmitted in clear text and poor session management. And as wearable technology continues to gain momentum, more new devices will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices.

How can organisations be impacted?

In this era of ‘Internet of Things,’ what’s changing is the range and scale of ‘dumb devices’ that are starting to get connected, especially in an organisational set up. Beyond intrusion and direct hacking, organisations are likely to encounter potential risks such as:

  • Denial of service – IoT scenarios are dependent on networks of physical objects – from supply chain to building’s management applications, from smart parking to intelligent waste disposal. DDoS attacks could target all the end points of a particular use case, making the things inaccessible and breaking the use case they support
  • With the advanced ability of getting connected with other paired devices, these smart devices could increasingly be turned to unplanned usage. Imagine if the processor in every plug socket became able to send Spam, to generate costly SMS messages, or indeed participate in a DDoS attack
  • Physical objects were generally not designed to be internet-connected, and therefore network security was not considered by design. So empowering these dumb devices to be able to connect to the internet might lead to weakening of perimeters
  • New devices entering into an organisation’s ecosystem through employees might also bring inadvertent breaches into the system by acting as accidental gateways, providing access into corporate systems

Lessening the risks

Security risks in the world of connected devices have already been demonstrated against smart televisions, medical equipment, security cameras, routers, trash-cans, baby monitors and traffic systems. Yet most of us sitting in our living rooms, roaming in a market place, enjoying vacation might not realise the bane.

Essentially there needs to be a two-step approach to mitigate the security risks posed through connected devices. First, an embedded security software for in-device security can enable devices to filter, as well as prevent proliferation of threats. Secondly from a manufacture’s perspective, major software vendors should figure out how to notify customers and provide patches for vulnerabilities. Manufacture of devices that connect to the Internet need to notify customers of an oncoming security problem and also design user-friendly ways to apply patches.

Without a doubt Internet of Things will enable users to take the next big leap in technology adoption. It will also have a snowballing effect in the way technology is used in day-to-day business and personal functions- enabling digital lifestyle and, at the same time expanding fertile grounds for cyber-attacks. With the evolving dimension of the connected world, the discussion is also drifting towards attention to security to lessen possible exploitation. With the emergence of Internet of Things, the need of the hour is to create a strong framework of policies and regulations to secure the internet enabled infrastructure of government, organisation, household and individuals.

Leave a Reply