Internet of Things – Security Concerns

Internet of Things – Security Concerns

Security has always been at or near the top of the to-do list for all heads of IT.  The last two years have given security considerations a savage twist.   Working From Home and providing remote access to systems and data has become a necessity for many organisations.   Because IT has little or no control over remote devices, that in effect, is an implementation of an IoT environment.

Simply put,  IoT expands the attack surface exposed to threats and potential malware attacks. Add to that, many organisations don’t have the resources or skills to implement the best practices in IoT security.   The increasing spread of IoT devices into homes also opens domestic networks to attack. 

Estimates put the number of IoT devices in 2022 at over 50Billion worldwide. 

IoT Security – Why is it Important?

One simple example illustrates the point.  Driverless Vehicles.  Hacking into a sensor or control mechanism could have serious or even fatal consequences.   Extend this to automated manufacturing environments, and the seriousness of potential malware attacks on IoT devices is obvious.

IoT devices are not just for businesses.  Fibre to the Home and domestic WiFi has brought IoT into the front parlour.  A smart home could have a security system with IP cameras, smart locks and motion sensors.  Individuals could have smart devices, laptops, digital wearable devices like watches and fitness monitors.  Internet attached Smart TVs have recently become common, with the children using gaming consoles to compete on Internet gaming platforms.   Some cable companies offer an Internet-based streaming service. 

The wide diversity in IoT devices brings security and operational issues in its wake.  Currently, there is a determined move towards standardisation and compatibility between devices, but this is by no means complete.  Device portability also raises security concerns.   These gaps are exploited by hackers to carry out information thefts and attacks on corporate and increasingly on home networks.

Unfortunately, as described below, as yet, IoT security has not had the rigorous attention as have other aspects of network security.

IOT Security Issues

Device Vulnerabilities

Many IoT devices have not been designed with security in mind, and many lack the capacity to operate a security environment.   Another reason is the short development cycle of secure firmware and limited budgets intended to ensure a fast time to market and a low price point for the devices.

Two malware attacks have been recorded on IoT devices, URGENT/11 and Ripple20.

A second attack surface is the applications software used to manage the IoT device, which sometimes is not part of the anti-malware defence environment.

Device portability is also an issue.  Users can bring flash drives, smart devices and e-readers from home to work and attach them to the corporate network.   Even if they do not carry malware, they can be used to steal confidential information.

Hijacked Devices

This is a particular issue of home systems, where users don’t activate or configure the inherent security features in their IoT device.   They may also use easily hacked passwords.  Hijacking an IoT device can be used as a prank or can be used as an entry point to a domestic or corporate network.

Malware

Cybercriminals are increasingly looking at IoT devices as a target in themselves, or as an entry point to networks and systems.  One recorded exploit was when the Mirai botnet downed major websites and services worldwide.   Ransomware is a recent and rapidly growing threat.

Compromised IoT devices can also be used as the base for DDoS attacks, as the source for infecting other devices, or as an entry point to a corporate network.

Data Security

Quite apart from using an  IoT device as the entry point to a corporate network, some devices store information that could be stolen.  In a research environment, this could be valuable IP data.

Operational Issues

The FBI say that most successful malware attacks are because of actions, malicious or otherwise, initiated between the keyboard and the back of the chair.  A complex network (some home networks are at or beyond this status), needs proper management, an understanding by users of what constitutes a  cyber threat, and what to do if they suspect they have found one.

One other operational issue is the misconfiguration of IoT devices, or not setting up the security features at all.

Protection

Step 1 – Does it need to be on?

Look at all your IoT devices.  Not all will need to be switched on and connected 24/7/365.   Switch them off when not needed.

Step 2 – Create a separate network for IoT devices

If a hacker does manage to break into an IoT device, limit his ability to move on into the corporate network by having all IoT devices on a separate logical network.  This means that your router needs to be completely secure.

Step 3 – Check for Updates

Regularly check for firmware upgrades for your IoT devices.

Step 4 – Check your Anti-Malware Software

Make sure you are using anti-malware software that provides coverage for IoT devices. Not all do.  If necessary change.

Summary

IoT security can be a minefield, particularly for the home user.  However, there are tried and trusted solutions and techniques too make an IoT environment as secure as possible.

Internet of Things

Internet of Things

Internet of Things – What is It?

The scope of the digital revolution has spread over the last few years to devices we would not imagine needed a digital connection.   The media have latched onto this, calling it the Internet of Things (”IoT”). We’ve read of web-enabled fridges that will automatically order replacement food, robot cleaners that will make your home sparkling, and that the day of androids taking over mundane tasks is nearly here.

The reality is a little more prosaic, being the development of driverless cars, smart microwaves, and other digital improvements in transport and manufacturing.

In this series of four short articles about IoT, we will look in hopefully a non-technical way at what is meant by IoT, security concerns around its implementation, how it is affecting manufacturing and what is coming up.

IoT – a definition

Broadly speaking the IoT is about extending the power of the Internet beyond computers and smart devices to other devices, environments, and applications.   One commentator has put it very simply as connecting everything in the world to the Internet.

The process has been underway for a few years and is predicted to accelerate in the next decade.

Why does the IoT matter?

Connecting stuff to the Internet allows them to communicate. A good example is listening to music on a smartphone.  Your phone doesn’t store the music, just pulls it down from a storage location somewhere on the Internet.

Low-cost computing and ubiquitous connectivity enable synergy between the cloud, big data, analytics, and mobile technologies.  In a broader sense that makes devices smarter, and they can carry out mundane routine tasks previously made by people.   One commentator described it as “The physical world meeting the digital world—and they cooperate”.

The Technology base of the IoT

Most of the technologies used by the IoT have been around for a while.  It is only relatively recently that advances in different fields have come together to make IoT a practical proposition:

  • Micro-technology.  Low-power and low-cost sensors.
  • Ubiquitous Connectivity.   The expansion of cellular and WiFi coverage has made it possible to remain connected while mobile.
  • Standards.  New connectivity standards and protocols have made it a lot easier to connect devices for easy data transfer.
  • The Cloud.  Cloud platforms are  more and more common, allowing businesses and individuals to scale their infrastructure without needing to manage it.
  • Machine Intelligence.  There have been significant advances in machine learning and analytics recently.  Applying MI to Big Data gives businesses a competitive edge and can further allow IoT devices to carry out tasks previously carried out by humans.
  • Artificial Intelligence.  Having the data, and connecting to the devices that supply and use it, is not much use if it needs to be processed before acting on it.  New AI environments using natural language processing like Siri, Alexa and other conversational AI systems take the reach of the IoT into both business and the home.

How does it work?

A typical network has a central core where the main processing happens with devices at the edge, such as the PCs and smart devices that people use connected to it.   The Internet is simply lots of these networks all linked together.  An IoT network is exactly the same.

As an example, in an IoT smart manufacturing environment, the edge of the network is a mixture of sensors, operational devices like computer-controlled devices (“CNC”) and user-managed devices.  The sensors record what is happening, pass the information back up the network for processing, and the CNC devices act on the instructions passed back to them.  Operators and managers can see what is happening using their personal devices and if necessary can pass control instructions to the CNC machines.   A loop, if you like.

Why Use IoT at Home?

To take a very trivial example, you wake at the same time every working day when your alarm clock goes off.  Some days, everything goes well, other days things go wrong.  Your train is cancelled or it’s raining, so it will take longer to get to work.

If your alarm clock was an IoT device with an AI capability, it would know these things and reset your wake-up time to earlier to compensate for these problems. A really smart alarm clock would communicate with your IoT coffee maker to tell it to start percolating earlier so your coffee is ready now you are up earlier.

Why Use IoT in a business?

IoT provides better insight for a business into both internal and external operations.  The detailed level of information can be used to identify and implement new efficiencies in an operational process, improve the management of physical assets and assist with compliance with regulatory requirements.

It can also create an entirely new business model.  As an example, in the motor industry, a manufacturer’s involvement with a vehicle ends when it ships to the dealer, where the new owner purchased it.

Having a connected car means that a link between the manufacturer, dealer and owner is established.  Rather than an outright purchase, the owner pays a usage fee to the manufacturer or dealer based on how much they drive.  The manufacturer can also continuously upgrade the vehicle software.  One commentator, rather tongue-in-cheek referred to the concept as MaaS (Motoring as a Service).

Summary

IoT means many different things to many people.  As technology in its infancy and one with the power to generate profound social change, it has a long way to go.  Industry and commerce are already using IoT, linked with other emerging technologies like AI to improve their businesses, both internally and in terms of customer service.

To quote someone or another, I forget exactly who, “You ain’t seen nothing yet”.