News

IoT Security: Risks and Realities

April 29, 2016 by Kate Smith

The IoT is becoming ever more present in our lives. Can security keep up?

The IoT is becoming ever more present in our lives. Can security keep up?

The IoT has been encroaching into everyday life at an ever-increasing rate: The market is flooded with smart watches, smart cars, smart televisions, smart thermostats, even smart ovens. Connecting previously stand-alone tech to the web has given even the most mundane products a sexy new spin.

The IoT is regarded by many as the headwaters of innovative future-tech, hailed as the harbinger of a truly connected world, a sign of the future we’ve been promised in science fiction for centuries. It allows instantaneous software updates, integration with social platforms, and continually improving user experience.

But these benefits require the general populace to integrate the internet into our homes in a significant way. And it turns out that having the digital age so deeply entrenched with our lives comes at a cost.

 

Yes, that's an IoT diaper, developed by the University of Tokyo - Courtesy of Mobile Health News

Interconnectivity Is a Two-Way Street

Security issues are inherent wherever data exchanges occur. The IoT is, in its simplest terms, one giant data exchange. As such, it’s rife with opportunities for breaches.

The IoT supplies users with access to the benefits of interconnectivity, but it also supplies data back to manufacturers. This is necessary in order for those lightning-fast UI updates and other perks. Just as data flows to products, it flows back to manufacturers. This isn’t a design flaw; it’s a feature.

Manufacturers and marketers alike are very interested in collecting data gathered through the IoT. Be it GPS information used for consumer behavior research or biometrics used to better understand the health and welfare of their target audience, our data is valuable.

Difficulties and dangers arise when third parties gain access to that flow of data–unhindered, these parties are able to take information from consumers (such as credit card numbers) but also assert control over the products they access.

Oftentimes, it’s lack of awareness of cyber security issues that leads to security incidents. Many people don’t even realize they own a product that could feasibly be hacked until they see a story about it on the news.

And when the IoT makes the news in a negative way, it surely does make a splash.

 

Footage from a hacked baby monitor in Canada - Courtesy of Ars Technica

IoT Horror Stories

As tech topics go, the IoT has had more bad press than most. Sensationalism abounds.

Some of the most prominent early concerns were that hackers could watch people through their webcams, a fear kept alive by consistent reports that such hacks apparently happen with startling regularity.

But as IoT products become more common, so too do fears surrounding security, extending far beyond webcams.

Did you hear that hackers can watch your kids through baby monitors?

How the fact that police body cams were found to be ­pre-installed with malware?

Did you see that video of hackers shutting down a smart car on a highway from their couch? 

Stories like these highlight how susceptible consumers are to unseen threats on the IoT–and they make people understandably nervous. As new scandals break, we’re reminded of the risks we’ve brought into our homes and we begin to eye our webcams with renewed mistrust.

But it isn’t just our financial information that’s at stake. Our privacy, our livelihoods, and our bodily safety are in the line of fire, as well.

A sobering example of real danger brought about through IoT security issues is an exercise from September when researchers proved that they could hack a pacemaker and potentially kill a person by doing so.

While sensational, these stories place legitimate concerns in the forefront of IoT development. And that may not be such a bad thing.

Security Measures and Countermeasures

Each new device introduced to the market faces its own set of security challenges. It’s difficult to imagine a piece of tech that won’t be hitched to the IoT eventually, after all, if our ovens are smart anything’s game.

And with each new device released, IoT security continues to rise in the public consciousness. Cyber security has consistently trickled into our news outlets, often with a healthy dose of fearmongering.

Rising awareness of IoT security can also be seen in the way our lawmakers and governmental agencies broach the subject of IoT regulation.

Last January, the FTC issued a statement urging companies to provide security measures on their products as well as they’re able. On that front, Microsoft has stepped up by adding their pre-existing Secure Boot and Bitlock encryption software to their beta IoT Core system.

 

The Windows IoT Core Starter Kit for Raspberry Pi has enterprise-grade security - Courtesy of Adafruit

 

Legislators are also battling to update laws and regulations that will proactively protect consumers. In response to the very real risk of car hacking, demonstrated by both Jeep and Chrysler, a bill was proposed last February to address security issues with IoT-connected cars. One of the senators who drafted the bill, Sen. Ed Markey stated,

“We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century.”

Additionally, organizations such as the non-profit Internet of Things Security Foundation (IoTSF) have assembled to spread education about security issues and provide resources for developers to create more secure devices.

With these concerted efforts to plug the gaps in IoT security, as well as the gaps in public understanding, we can expect to see more products and geared towards creating a safer IoT environment for all.

It’s a brave new world for engineers and consumers alike. It’s also a new age of security challenges.

The IoT will continue to dazzle us with the benefits that come with interconnectivity. But it will also likely continue to freak us out us as manufacturers and lawmakers struggle to keep up with the vulnerabilities inherent in this ever-advancing technology.