Security in IoT – The flip side of the next big thing in technology
Touted as the revolution that would change the world as we know it, the Internet of Things is a phenomenon that’s been gaining steady mileage over the years. In fact, GE predicts investment in Industrial Internet of Things to top $60 trillion during the next 15 years.
Every business wants to leverage IoT – from manufacturing to utilities, from healthcare to customer electronics. Think predictive maintenance of plant-floor machinery, automatic information transfer from electricity meters to service providers, auto-purchase of supplies such as shampoo by a carwash machine, and many such use cases that would enable businesses to improve user experience.
So much so, that even banks are exploiting IoT. Case in point is Capital One exploring Amazon Alexa, and adding another avenue in its omni-channel strategy. Capital One customers can now just talk to a device connected with Amazon Alexa, and easily learn their account and transaction status. Check out the video:
It is easy to predict the question running in your minds now. “My bank account details are with a device, out in the open for hacking and misuse?” Well, sometimes convenience doesn’t come without risks. And while IoT makes our lives easier, it can easily turn them into nightmares.
Weaponization of IoT?
How secure is the data that these ‘things’ or devices pass among each other?
The truth is, not so safe.
As per a 2014 report by HP, 7 out of 10 IoT devices have security flaws – with an average of 25 vulnerabilities per device.
Today, any attacker worth their salt can hack into an IoT device and manipulate it to act on their orders. Bank account numbers and credentials can be accessed and used to cause fund diversion. Smart electricity meters can be rigged to cause power outages.
And though it may seem far-fetched, pacemaker transmitters can be ‘doctored’ to deliver deadly shocks to patients connected with pacemakers.
While your device control may be taken over and data be stolen, you may also be subjected to denial of service attacks. On October 2016, widespread Distributed Denial of Service (DDoS) attacks were reported in the US, that affected 80 major websites like Amazon, BBC, Twitter, Slack, etc. Thought to be the largest-ever, the attack was caused by a botnet that had injected the Mirai malware, into a number of IoT devices such as printers, IP cameras and even baby monitors. Mirai scanned for IoT devices that had weak factory default setting (hard-coded usernames and passwords), converted them into bots, and then used them to launch DDoS attack.
In another DDoS attack, connected heating devices were hacked, leaving Finnish residents in hazardous sub-zero conditions.
Such events can cause widespread chaos and mayhem among the general public.
Making IoT more secure
Security in IoT is a key concern that’s hounding the aficionados. The benefits are aplenty, and usher our world into a new era in technology, but at what cost? It is important for businesses and consumers to reflect at the following security aspects of IoT:
- Device password – The Chinese firm, TP Link had been shipping routers that by default had the last 8 characters of their MAC addresses as the device password, making it easy for attackers to identify MAC address and hack into these devices. A terrible flaw in info security indeed. This vulnerability can be overcome by eliminating such default settings, and regularly updating passwords.
- Data safety – Businesses are urged to retain data for as short a while as possible and then purge them, akin to shredding information when no longer required.
- Provide security patches – In a rush to take the product to market, manufacturers often disregard the need for security in devices. Manufacturers should release security upgrades and inform their customers to install these to tighten security.
- Implement security standards – The international community is coming together to create IoT security standards to adhere to, and to prevent cyber attacks. There are many associations that are working towards this. Manufacturers should consciously adopt a security first approach and uphold these standards.
While making IoT completely infallible is a difficult goal, it is definitely important to aspire for and ensure security in IoT. Vulnerabilities will exist, but at the end of the day, stakeholders need to work together to make IoT more secure in the coming future, where the world will be populated with around 50 million connected devices. And that’s a battle of a totally different magnitude, for which we aren’t currently equipped.