Internet Of Things - the security issue (part 2 of 2)

In my recent article, I have discussed the concept of internet of things/ IoT but today I will be focusing on the security part of that subject.

The Internet of Things (IoT) has been an industry buzzword for years, but sluggish development and limited commercialization have led some industry watchers to start calling it the “Internet of Insecure Things”. 

IoT development is in trouble. The hype did not help; and, in fact, I believe it actually caused a lot more harm than good. There are a few problems with IoT, but all the positive coverage and baseless hype are one we could do without. The upside of generating more attention is clear: more investment, more funding, more consumer interest.

Each device which is connected increases privacy and security concerns surrounding the Internet of Things. These concerns range from hackers stealing our data and even threatening our lives to how corporations can easily uncover private data we carelessly give them. While the IoT’s progress will not be stopped anytime soon, here are some of the biggest issues which consumers and businesses need to consider before both using these connected devices.

However, these come with an added level of scrutiny, which has made a number of shortcomings painfully obvious. After a couple of years of bullish forecasts and big promises, IoT security seems to be the biggest concern.

 Security firm Kaspersky recently ran a damning critique of IoT security challenges, with an unflattering headline, “Internet of Crappy Things”.

Kaspersky is no stranger to IoT criticism and controversy; the firm has been sounding alarm bells for a while, backing them up with examples of hacked smart homes, carwashes and even police surveillance systems. Whether a hacker wants to wash their ride free of charge, or stalk someone using their fitness tracker – IoT security flaws could make it possible.

The three current challenges in IoT are:

·        Ubiquitous data collection.

·        Potential for unexpected uses of consumer data.

·        Heightened security risks.

Now even with the security measures, the hardware will still pose an issue:

As the IoT market grows, we will see more investment, and as hardware matures, we will get improved security. Chipmakers like Intel and ARM will be keen to offer better security with each new generation, since security could be a market differentiator, allowing them to grab more design wins and gain a bigger share.

First of all IoT chips won’t be big money-makers since they are tiny and usually based on outdated architectures. For example, the first-generation Intel Edison platform is based on Quark processors, which essentially use the same CPU instruction set and much of the design of the ancient Pentium P54C. However, the next-generation Edison microcomputer is based on a much faster processor, based on Atom Silvermont cores, which is in many Windows and Android tablets, today. (Intel shipped ~46m Bay Trail SoCs in 2014.)

On the face of it, we could end up with relatively modern 64-bit x86 CPU cores in IoT devices, but they won’t come cheap, they will still be substantially more complex than the smallest ARM cores, and therefore will need more battery power.

What is holding us back?

·        Security: Increased automation and digitization creates new security concerns.

·        Enterprise: Security issues could pose safety risks.

·        Consumer Privacy: Potential of privacy breaches.

·        Data: Lots of data will be generated, both for big data and personal data.

·        Storage Management: Industry needs to figure out what to do with the data in a cost-effective manner.

·        Server Technologies: More investment in servers will be necessary.

·        Data Centre Network: WAN links are optimized for human interface applications, IoT is expected to dramatically change patterns by transmitting data automatically.

That’s just the tip of the iceberg; industry must tackle bandwidth concerns, data management and privacy policies, and security. So how much money does that leave for security, which is on top list of IoT challenges?

If I learned anything from the series MR. Robot is that most users don’t care about their security and does not even implement the basic security measures.

Remember the Cayla doll? The doll that could be hacked and let strangers talk to your kids? Spying on them and listening to them while they are playing, not cool eh?

More devices, more problems

The fundamental security weakness of the Internet of Things is that it increases the number of devices behind your network’s firewall. Ten years ago, most of us had to only worry about protecting our computers. Five years ago, we had to worry about protecting our smartphones as well. Now we have to worry about protecting our car, our home appliances, our wearable, and many other IoT devices.

Because there are so many devices that can be hacked, that means that hackers can accomplish more. You may have heard about how hackers could potentially remotely control cars and remotely accelerate or decelerate the car. But hackers could use even seemingly unimportant devices like baby monitors or your thermostat to uncover private information or just ruin your day. The point is that we have to think about what a hacker could do with a device if he can break through its security. 

Updates

As the Internet of Things becomes reality, we have to worry about protecting more devices. But even if you start taking security seriously, the tech companies which make these new devices are too cavalier about the risks. And one problem is that companies do not update their devices enough or at all. This means that an IoT device which was safe when you first bought it can become unsafe as hackers discover new vulnerabilities.

Computers used to have this problem, but automatic and easier updates have helped alleviate this problem. Companies pressured to get their devices out quickly end up compromising on security. Even if they may offer firmware upgrades for a time, they often stop when they focus on constructing the next device, leaving customers with slightly outdated hardware that can become a security risk.

Protecting your data from corporations

Hackers are scary, but they are far from the only threat to the Internet of Things. In fact, the corporations which create and distribute interconnected devices could also use these devices to obtain personal data, particularly dangerous when used for money transfers.

For example, consider how companies are distributing Fitbits to their employees so that they can track their health and thus get lower health insurance premiums. Even if we ignore the worrying idea of workers’ health being monitored by corporations around the clock, there is the question of what corporations can do with the data they have gathered. Some companies like RadioShack have attempted to send or even sell gathered data to other companies, which raises issues regarding our individual privacy rights.

For now, the best protection which consumers have is to actually read any agreement they sign when receiving a device. Also find what that device’s corporation’s policies are in regards to keeping data safe and sharing said data. This may mean refusing to use certain IoT devices, but said device may not be worth the privacy tradeoff.

Lazy consumers

I can’t stress this enough, talking from a point of experience. I can’t recall how many times customers asked for an iPhone instead of an android device since apparently ios does not get viruses. Usually computers have automatic updates partly because most users are too lazy to perform even the basic steps needed to keep their computer safe. And when you consider that protecting the IoT devices will be even harder than a single computer, this problem will get even worse.

While tech companies and the government are taking the IoT security threat more seriously, the first line of defense in your home is you. This means taking the time to think about how IoT devices could be used against you as well as going over their security features. For example, an IoT device from a smaller, less established company may be cheaper or have other attractive features. But if that smaller company folds, then there is no one around to patch its vulnerabilities.

IoT boasts opportunity, but the security risks cannot be ignored whether it is from hackers or corporations. Above all else, the best remedy is to consider the potential risks of installing connected devices and doing your research.

What can we do to improve IoT security?

·        Emphasize security from day one

·        Lifecycle, future-proofing, updates

·        Access control and device authentication

·        Know your hacker (create a security standard)

·        Prepare for security breaches because it will happen trust me

At the end we can only say Si vis pacem, para bellum – if you want peace, prepare for war. It is vital to study threats and potential attackers before tackling IoT security. The threat level is not the same for all devices and there are countless considerations to take into account; would someone rather hack your daughter’s teddy bear, or something a bit more serious? It’s necessary to reduce data risk, keep as much personal data as possible from IoT devices, properly secure necessary data transfers, and so on. However, to do all this, you first need to study the threat. If all else fails, at least be prepared for potential security breaches.