Login

Log In

Enter your username and password below

The Biggest Threat to the Internet of Things

What deeply personal information are you willing to sacrifice for the sake of convenience?

Would you publicly share your social security number? Perhaps your credit card information? How about private conversations with your spouse?

Probably none of the above, right?

But consider this: You may have already placed this valuable information in harm’s way with just a single purchase.

Getting Connected in All the Wrong Ways

As we can all attest, we live in an increasingly connected world.

One of the latest – and most promising – pushes to get connected involves embedding sensors, actuators, and systems on chips (SoCs) into everyday physical objects, thus connecting them to the internet and allowing them to share information.

I’m talking about things like thermostats, fridges, ovens, washing machines, air conditioners, lights, power outlets, music players, baby monitors, TVs, webcams, sprinklers, door locks, home alarms, scales, and garage door openers.

This is the mega-growth trend known affectionately as the Internet of Things (IoT).

By 2020, tech research firm, Gartner, predicts the IoT will include a staggering 26 billion devices. Other estimates peg the size of the market as high as 75 billion devices, which would be roughly five times the size of the mobile phone market.

Now, all these IoT products coming to market bear the “smart” label because they can readily share information over the internet and then leverage it to improve efficiency and automate seemingly mundane aspects of everyday life.

It turns out, though, that these devices might end up sharing much more than we bargained for…

Hacker’s Delight

A new study from Hewlett-Packard (HPQ) found that “70% of the most commonly used IoT devices contain vulnerabilities.”

Or, simply put, they can be hacked!

The study found that 80% of devices leaked private information such as the user’s name, email, home address, date of birth, or credit card information.

HP’s findings aren’t an anomaly, either. Consider:

  • Computer scientists at the University of Michigan hacked into “smart” traffic lights with nothing more than a laptop and basic radio broadcast equipment.
  • In August, hackers at the Black Hat security conference compromised a Nest thermostat in front of a live audience.
  • BBC recently assembled a team of seven computer security experts and let them loose in a home full of “smart” devices. In short order, they cracked the security on every last one of them. “The one that people really get concerned about is the microphone on a smart TV,” said one expert. “We were able to bug a living room through it.”

James Lyne, Head of Security Research at Sophos, says, “With most [smart devices], if you can connect to it, you can own it.”

All of this adds up to a massive security disaster waiting to happen, especially since most consumers are unaware that these devices can be hacked or that their data is vulnerable to cyber criminals.

The issue becomes even more problematic when you consider the diversity of connected devices. The IoT encompasses everything from small consumer electronics all the way up to smart industrial equipment, so there’s no single security patch that can be created to protect every device.

Meanwhile, since IoT devices communicate with each other (and also with multiple devices simultaneously), the security concerns multiply exponentially as the number of IoT devices increases.

In fact, a common issue found by HP, known as a “cross site scripting” vulnerability, could enable a single compromised device to infect all other devices on the network.

Or as Mike Armistead of Hewlett-Packard’s security unit, Fortify, said, “[IoT] presents a significant challenge in fending off the adversary given the expanded attack surface.”

Bottom line: All super growth trends hit roadblocks along the way. For IoT, it promises to be security. Connect (and invest) responsibly.

Ahead of the tape,

Louis Basenese