The Internet of Things: Groundbreaking tech with security risks
The Internet of Things (IoT) is the latest buzzword taking hold of the technology industry, but what does it mean exactly and how does it impact citizens and businesses? We look into a technology that not only has huge potential but also security pitfalls.
The definition of IoT: A more connected world
There are multiple definitions, but perhaps most simply, the IoT refers to the growing trend of connecting everyday objects to the internet. These devices could include everything from mobile phones, wearable devices and thermostats to coffee machines, refrigerators and the latest automobiles.
All of these devices, which are sometimes branded as “connected to the internet” or “smart”, are embedded with electronics, software, sensors and network connectivity so that they can connect to the internet in order to transmit data and communicate with other endpoint devices.
A more digital life has inspired the rise of the IoT
The IoT has been a huge and growing trend as of late. This is a result of hardware and software companies realizing the commercial opportunities in offering new products to consumers, who are increasingly spending their daily lives glued to the internet.
There has subsequently been a huge number of IoT products and services to come onto the market. A number of commentators have questioned the need for some of these – like a connected fridge that tells you when you’re out of milk, or a doll that uses the internet to “talk to you” – but there are numerous real benefits behind IoT and beyond the gimmick.
For example, the sensors in smartphones and smartwatch devices are already helping healthcare providers to diagnose illnesses and monitor wellbeing, while “blackbox” telematics in cars can assist insurers in informing policyholders how safe their driving is (helping shape their insurance rates).
In addition, retailers have used iBeacons to offer more tailored marketing, while big ships use sensor to improve maintenance and reduce downtime. The possibilities are seemingly endless.
The history of the IoT goes back to the 1980s
Despite these real life examples – and the recent excitement over products like Google’s Nest – the IoT can actually be traced back to the 1980s. Researchers at Carnegie Mellon University first came up with an internet-connected Coke vending machine in 1982.
The term the Internet of Things later gaining traction in the late 1990s due to the ascent of technologies like RFID, near-field communication (NFC), barcodes and QR codes.
Today, the IoT is now a part of everyday life, although it is less visible. This is sure to change, with Gartner, for example, estimating that there will be nearly 26 billion “connected things” by 2020.
“Its disruptive impact will be felt across all industries and all areas of society,” it said last year, adding: “It is likely that within the next few years, some level of built-in intelligence and connectivity will be regarded as standard, and this will rapidly filter down to mainstream products and services.”
For all its brilliance, there are security and privacy concerns
This huge influx of connected devices isn’t without its shortfalls. Because they naturally generate huge amounts of data, which is not only difficult to manage but also difficult to protect from cybercriminals.
As such, the rise of IoT hasn’t been without incident, especially where information security and privacy are concerned. White hat hackers have also already demonstrated that these devices often come out with numerous and easily exploitable vulnerabilities.
For example, at the Black Hat security conference last year, security research students from University of Central Florida demonstrated how they could hack into Google’s Nest thermostat within 15 seconds, leading many commentators and experts to question what is being sacrificed in the name of convenience.
Daniel Buentello, one of the team members, was quoted as saying: “This is a computer [the Nest] that the user can’t put an antivirus on. Worse yet, there’s a secret backdoor that a bad person could use and stay there forever. It’s a literal fly on the wall.”
Crucially, IoT can also make bigger objects at risk. Back in January, security experts Charlie Miller and Chris Valasek demonstrated how they could hack a connected car on the move, while their industry counterpart Chris Roberts was held by FBI for reportedly taking control of one of the engines of an aircraft … while he was on board.
The growing importance of boosting IoT security
A World Economic Forum report found that the risks associated with IoT will be taken advantage of by cybercriminals, unless regulatory and industry bodies acted to provide “effective governance”.
“While the Internet of Things will deliver innovations, it will also entail new risks,” the authors of the paper stated. “Analytics on large and disparate data sources can drive breakthrough insights but also raise questions about expectations of privacy and the fair and appropriate use of data about individuals.”
Righard J. Zwienenberg, a senior research fellow at ESET, recently discussed these security issues in-depth exclusively for We Live Security. His key point was that protecting devices must not be an afterthought, which he acknowledged was easier said than done:
“The big challenge is that it will not be possible to secure all devices as there may not be enough memory to run security software on them, so the network has to be better protected to discover breaches or even better, prevent them entering the network.”
Veteran security researcher Graham Cluley also agrees, adding earlier this year that the
advantages of IoT would soon be forgotten in the event of a security breach.
“There is a huge problem with many of these internet-enabled devices, whether they be cars or something else around your house or person” he said.