More and more devices are being connected to the Internet, and we’re not talking about smartphones or laptops. Everyday items like your refrigerator, your TV, and even your thermostat now make up the Internet of Things. Internet of Things (IoT) includes devices like cars, light bulbs, batteries, security systems, and wearable technology, and they have the ability to connect and communicate with the Internet and with each other.
According to a report by Cisco, there are currently more devices connected to the Internet than there are people, a trend that began in about 2007 and is projected to continue. In 2015, there were 25 billion connected devices, an average of 3.47 devices per person. Cisco also predicted there will be 50 billion connected devices by 2020.
It seems inevitable that the more ubiquitous Internet access becomes, the more we will try to leverage it. And why not? There are many advantages to having so many devices online. For one, connected devices can gather and analyze data about our habits and give us important information. Medical devices, such as pacemakers, track the vital signs of patients and report on interruptions or irregularities. This type of information gathering is invaluable, and there is a lot to be learned from access to this type of real-time data. But with great power comes great risk.
Vulnerable Wi-Fi Connections
The same vulnerabilities that exist in your home Wi-Fi connections also exist for connected devices that operate via Wi-Fi connections. Without taking specific security measures, you could be leaving yourself and your devices open to potential hacks.
Newer models released from carmakers GM and Ford are equipped with in-car Wi-Fi and have effectively turned vehicles into mobile hotspots. Sounds awesome, right? Not so fast. While it may be more convenient to access the Internet in your car, connected cars also come with their own set of security risks.
A simulated hack, orchestrated by researchers, showed how a Jeep Cherokee’s control system and brakes could be remotely controlled by an outside party, simple by using an Internet connection. Hackers were able to control settings like climate control, windshield wipers, radio, and even the steering wheel. Overriding data was sent via the car’s Internet-connected entertainment system. In response to this exposed security threat, Chrysler recalled 1.4 million vehicles.
This remote security breach of a car’s onboard control system may seem like an extreme case, but it highlights the potential threat that all IoT devices face. Unfortunately, many of the same security protections used to safeguard smartphones and laptops, like virus protection and firewalls, aren’t employed or even installed on devices connected to the Internet. As more web-enabled devices surface, manufacturers and consumers need to be diligent about installing and using security features.
Massive Data Collection
Gadgets that collect and analysis data are making our lives easier. Smart thermostats monitor a home’s average energy usage and then make suggestions and adjustments to settings that can have energy and cost saving benefits. Light bulbs connected to the IoT can be controlled remotely via an app to make adjustments to brightness and be turned on before the homeowner arrives. All this data collection looked at together can paint a picture of the user’s habits.
And while it might seem trivial to know that homeowner X turns down the heat before he leaves for the day and remotely turns on lights before he gets home, analysis of this data can also show the average times he leaves for work and when his home will be empty. This kind of information could be used by thieves casing the house.
Another threat is where and how the data is being stored. With so many devices collecting data, some 24 hours a day, the secure storage of that data should be of top priority to all users. Cloud-computing, which supports a lot of the devices of the IoT, needs improvements to be able to handle the volume of connected devices. Since most of the devices operating on the IoT need a way to store data, cloud-based storage is a simple and conventional solution. But that also means that a single cloud may be housing data from hundreds of devices, and if breached, could compromise sensitive information for an untold numbers of users.
It seems like every day a new device is being introduced and becoming part of the IoT. And because the landscape of the IoT is constantly changing, keeping up with the latest security threat can be a daunting task. Since there is no standard mode of communication for IoT devices, threats to one device may not be an issue for another. Conversely, security breaches for one device may spread to all devices on the same network, with little or no recourse for tracking and mitigating the infiltration.
A study from HP Security Research finds that of the most commonly used Internet of Things devices, 70 percent have serious security vulnerabilities. And one device’s vulnerability could lead to access to any and all other devices connected to the same network. For example, if a Trojan virus is installed on a smartphone that is used to connect to and communicate with additional smart-devices on a home network, all devices connected to that network are at risk. A single infected device can act like a bridge, gaining access to all other connected devices, bypassing network securities and exposing data.
To combat the standardization problem, or lack thereof, several big-name tech companies are developing stronger, safer ways to connect devices. One such process is called Thread. A Google-powered initiative, Thread is described by a product manager as being “a networking protocol with security and low-power features that make it better for connecting household devices than other technologies such as Wifi, NFC, Bluetooth or Zigbee.” Thread has the ability to accommodate hundreds of devices, without a single point of failure, and will include high-level encryption.
Another networking protocol currently on the market is AllJoyn, developed by Qualcomm. AllJoyn is an open-source protocol that gives developers and manufacturers tools to connect and maintain devices on Wi-Fi networks. Utilizing existing infrastructures, AllJoyn allows users to create their own apps for a more integrated device-meshing experience.
The Future of Security on the IoT
Since there is a lack of security protocol for devices and applications that are part of the Internet of Things, the future needs a leader—someone who can come up with a fail-safe way to secure the data, devices, and people utilizing the ever-growing landscape. While some have made strides in the right direction, a lot more needs to be done. Instead of the current reactive approach to cybersecurity, a more proactive approach should be adopted. This means baking-in security protocols to new devices and networks, instead of waiting for vulnerabilities to arise and trying to patch them. As the number of devices grows, so do the threats and the need for innovative solutions.