The Internet Of Things (IoT) Security Concerns

Security7
6 min readDec 3, 2016

--

Around the world, city, state and federal governments, as well as other public-sector organizations, are leading the way in bringing the Internet of Everything to life. According to one of the company that is leading the charge, there are many examples of how the Internet of Everything is improving the lives of citizens everywhere. Being able to get information quickly which in some cases could be critical to saving lives is really important. This is the exciting part of IoE. Information will and can be gathered at a moment notice from the Cloud. Big data is coming fast to all smart mobile devices.

But with every good things, there are concerns. The internet today have now given access to all types of people with good and bad intentions. We now have all types of hackers, people spreading propaganda based on beliefs and others things that I dare not mention.

So even though the internet is and has been a great invention and is now getting ready to triple connected devices in our homes. It will bring a mixtures of bad and good. The car, the home and all connected devices MUST be protected like never before. The consumers should be educated on all the downsides to free access to our homes and devices without restrictions. So unless security is at the top of our minds as we put IoE together we will leave ourselves open to all types attacks from all over the world.

According to Symantec:

“As the Internet of Things (IoT) begins transforming entire industries, threats are quickly evolving to target this rich and extremely vulnerable new landscape. With each industry embedding computing and connectivity into a wide variety of devices, such as cars, jet engines, factory robots, medical equipment, and industrial programmable logic controllers (PLCs), the consequences of security issues are increasingly serious. Consequences now include physical harm to people, prolonged downtime, and irreparable damage to capital equipment such as pipelines, blast furnaces, and power generation facilities, particularly in the industrial IoT. IoT systems are often highly complex, requiring end-to-end security solutions that span cloud and connectivity layers, as well as resource-constrained IoT devices often aren’t powerful enough to support traditional security solutions”.

Here is another article from Dave Lewis from Forbes around security and IoE:

“One of the terms out there that is getting more and more visibility is the “Internet of Things” or IoT. I’ll admit that I have fought hard against even invoking the term for fear some evil apparition would appear if I were to say it three times. Alas, it has come to the point where I know I have to comment. I’m realizing that, when relatives are asking me how to know if their refrigerator is online or not, it is well overdue.

What is the Internet of Things anyway? This refers to the interconnections between all manners of devices with an addressable interface that can communicate online. So many devices now have embedded operating systems that introduce a wealth of new opportunities for the end user as well as ne’er do wells who may not have your best interests at heard. Whether it is your thermostat communicating with Google GOOGL -1.72%, Apple AAPL -2.86% Watch collecting your health data, your car receiving firmware updates or your fridge sending you a text to remind you to pick up a carton of milk, it has arrived. The terminology first reared its head in 2009 in the RFID Journal. The article “The ‘Internet of Things’ Thing” by Kevin Ashton is given the hat tip as the point at which this all began.

From RFID Journal:

If we had computers that knew everything there was to know about things — using data they gathered without any help from us — we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best.

We need to empower computers with their own means of gathering information, so they can see, hear and smell the world for themselves, in all its random glory. RFID and sensor technology enable computers to observe, identify and understand the world — without the limitations of human-entered data.

A lofty ambition. Of course the comedian that lurks in the dark spaces of my mind cracks wise about Skynet and evil robots from the future bent on our destruction. What is troubling is the possibility that security not taken into account with these carious implementations. All of that data being harvested in an automated fashion but, who has access to the data? What type of information is actually being collected? Has my coffee machine been pressed into service by a foreign government? Sure, I’m being just a little facetious. It is not too far of a stretch to think that problems could be in the wings when you have devices that can monitor environmental controls, critical infrastructure such as smart grid, medical devices and transport systems.

Ether-internet

Businesses love the idea of the Internet of Things. It opens up new markets while providing more information on customer buying habits. I on the other hand sit back in my chair and look at the darker side of IoT. Case in point, how do you go about managing the username/passwords for your ever increasing number of connected devices and appliances? What about the privacy of your information? Take as an example various Internet connected video cameras with easily defeated security controls or baby monitors. These are all issues that will need to be dealt sooner rather than later.

Recommended by Forbes

This summer the Open Interconnect Consortium was created. This is an organization that purports to create a framework for the Internet of Things. From their July 7th press release:

Leaders from a broad range of industry vertical segments — from smart home and office solutions to automotive and more — will participate in the program. This will help ensure that OIC specifications and open source implementations will help companies design products that intelligently, reliably and securely manage and exchange information under changing conditions, power and bandwidth, and even without an Internet connection.

It is nice to see that there groups are popping up with the state mission to add frameworks to “securely manage” information that is being transmitted and at rest. There is a question that I have which is, are we too late? I was working on smart grid deployments seven years ago and this group was announced in 2014. I’m hopeful that security will be taken seriously but, I must admit that I do fret as I think that the horse has already bolted from the barn.

What are the implications to the individual? Imagine the new announced Apple Watch as an example. This is a device that will know 1) who you are 2) where you are via GPS 3) What you’re doing via accelerometer and gyroscope 4) your health and 5) even be able to monitor your mood. While I’m sure they have taken time to secure these devices, the ramifications could be significant if there was a failure. I once had a rotary phone and to see that a Dick Tracy-esque watch that can monitor my health and act as a phone is amazing to me. I’m always enamored with new technology. The Internet of Things brings with it huge benefits but, we must be sure to include security and privacy at the outset across the board.

We should not sacrifice security and privacy on the altar of convenience”.

In my opinion and warning, security should always be front and center with anything we do online.

We heard in the past year of many breaches into many US companies and government agencies. Most of the breaches happened to companies and organizations with 100 times better security than what you would find in a home that may or not be protected by a wireless router or CMTS that may or not be password protected.

The consumers MUST be protected before big companies sell them products they have little to no understanding of and expose them to risks that may steal their live savings.

--

--