There are two things that almost always come up when someone is speaking about the IoT. The first is how it will change our lives (it will) and the other is how it will leave us vulnerable to security breaches (also true).
It is not surprising then that the government security agencies are pretty pumped up about the opportunities IoT brings to them on the spying front. Richard Ledgett, the NSA’s deputy director spoke about the possibilities that lay in from of his agency in penetrating the defenses of possible enemies, and he was pretty upbeat about it.
He said that ‘Complexity was his friend’ and that the rapidly increasing amount of connected devices offered an unprecedented opportunity to the NSA. It may sound a little unsettling to hear the NSA deputy director talk in such straightforward terms but there is nothing that he said that people did not already know.
We are in the midst of a cyber arms race where the ‘bad guys’ and the ‘good guys’ are all trying to one-up each other. Government agencies are being hacked around the world, often by hackers who are employed by unfriendly nations.
The USA also undertake a large amount of internal spying to isolate those individuals that may not have the country’s best interests at heart. With an estimated 25 Billion devices to enter the market in the next five years and no coherent plan to secure these networks in place, there is little doubt as to why both the hackers and the government agencies are rubbing their hands together in glee.
There have already been devices which have been identified like Garage door openers, baby monitors, CCTV cameras and even thermostats that connect to other appliances being secured by passwords such ‘12345’ or having no password whatsoever.
There is also no requirement for these factory settings to be changed before a person starts to use them. Security flaws once identified also take a long time to be fixed, since an over the air update is not always possible for such devices. Hardware resets are cumbersome and often confusing for individuals, while they are expensive for the manufacturers to implement.
Ledgett is just the latest intelligence official to make such a statement and will definitely not be the last. The director of National Intelligence said in statements made to the United States Senate that foreign intelligence agencies might look to penetrate cyber defenses through weak points in the IoT networks.
It’s just a little strange to know that U.S. agencies are planning on doing the same thing to their own citizens!
In a tip of the hat to the plot twist of popular show ‘Homeland’, Ledgett also said that his agency was investigating the possibility of hacking biometric devices to locate, track and even take out targets. In his words, it would be just another ‘tool in the toolshed’.
The IoT market is extremely nascent right now even though there are already a large number of devices that have been deployed. It remains to be seen how the tech community tackles these important questions of security and privacy otherwise the entire industry is just setting itself up to fail.