How the Internet of Things affects security and privacy?
There has been written a lot about the Internet of Things and how it is going to change the world and societies for the better. We probably still cannot imagine the full potential of smart solutions that the future is going to unlock. For sure, the IoT will bring about great technological advancements, wonderful things, new insights and new ways of living. Soon enough, everything will be connected to the Internet: our homes, household appliances, cars, medical devices, clothes. It is just a matter of time before such technological solutions become our every-day reality.
However, what is fueling greatest fears now is that the IoT development is tightly connected with increased surveillance and less control over security and privacy on the Internet. Bruce Schneier in his article states that:
The Internet has turned into a massive surveillance tool. We’re constantly monitored on the Internet by hundreds of companies — both familiar and unfamiliar. Everything we do there is recorded, collected, and collated — sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us.
IoT makes use of embedded sensors which are placed on medical devices, street lights, trash bins, wearables, street lights, or any other device we use everyday. They collect, store, manage and analyze astronomical amounts of personal data (e.g., location, movements, health, purchasing preferences) or very sensitive industry data (e.g., water and electricity distribution infrastructure) which is prone to cyber attacks and identity theft. What makes the situation even worse is the constant increase in connected devices which gives hackers everyday even greater number of entry points to commit cyber crimes.
As it turns out, keeping sensitive information secure is not as easy as installing the best burglar alarm — especially in the era of cloud computing development that lets you use files and applications over the Internet. According to Reuters, cyber attacks via the Internet of Things can be achieved without great effort by hackers. They make use of the weak security and 24-hour connectivity of simple household appliances which are IoT — enabled devices (e.g., toasters, washers or fridges), and change them into botnets — remote-controlled computers which have been infected with malware. Hackers achieve this by scanning the Internet and searching for devices that are protected by weak passwords or devices which contain some vulnerabilities — only then can they gain control over a device and create a botnet. Then they use the botnet to attack other devices — in what is called a distributed denial of service attack, or DDoS, which attempts to knock a website offline by flooding its DNS provider with traffic.
Interestingly enough, the Accenture report states that for 47% of consumers privacy and security issues are major barriers to purchasing IoT devices. What is more, from all people owning or planning to buy an IoT device and aware of data security risks:
- 37% decided to be more cautious when using IoT devices and services,
- 24% decided to postpone purchasing an IoT device,
- 21% are not too concerned about security breaches such as hacker attacks,
- and 18% decided to quit or terminate an IoT device or service till they were assured of safety.
Reading this article, you must have already asked yourself why such a smart and modern technology as the IoT is so much insecure and full of threats. The research paper by Business Insider Intelligence “Examining How The IoT Will Affect The World” (November 2015) may help explain it. The paper provides some reasons why manufacturers and systems providers very often do not take necessary steps to secure their IoT devices:
1. Startup companies making IoT products lack experience with IT security. Many are rushing to get their products to market as quickly and cheaply as possible. In some cases, they don’t even have any IT security professionals on staff.
2. Established companies that make products not traditionally considered internet-connected are now effectively digital companies. Automakers, manufacturers, and mining firms — companies that have little prior experience in stopping cyber criminals — now have to figure out how to protect their newly Internet connected products and equipment.
3. Traditional IT security solutions designed for PCs and mobile devices don’t work on many IoT devices. Many IoT devices like sensors and smart meters are designed with little or no computing power or memory to run security applications like antivirus software.
The Internet of Things gives a great number of benefits to consumers and has the potential to change the ways people interact with the world around. However, the concerns about the IoT security seem to be growing faster than the IoT is developing. Undeniably, manufacturers of IoT devices should take immediate steps to make the IoT secure before the problem becomes unmanageable.
author: Natalia Sokal, IoT creators
