Internet of things (IoT) is no more just ‘the next big thing’ but has already started entering our lives in different forms. Today there are billions of devices from consumer products (e.g. Fitbit) to Industrial products (Industrial sensors) that are deployed to make life easy and many of them are based on concepts of IoT. It is being touted as the technology that will turn the sci-fi world of fiction into reality. While IoT is surely achieving its objectives of making devices smarter, its security is often overlooked.
The cyber breaches in IoT based systems have already started happening. The Stuxnet attack sabotaged Iran’s nuclear enrichment facility leading to destruction of almost 1000 centrifuge machines. In 2014, hackers shut down an offshore oil rig which took authorities 20 days to make it seaworthy again. On consumer side, in 2016, cyber criminals shut down the heating system of 2 buildings in Finland dropping their temperature to dangerous levels. Similarly, in 2015, many toasters, freezers, and fridges were shut down in the UK due to an IoT attack. This may seem comical but the threat of security breach of IoT devices is real and dangerous. IoT is vulnerable to hacks hence security of IoT systems should be a priority for companies.
The Top 3 Challenges in Securing IoT
1. Innumerable points of vulnerability– Internet of Things means that every device is connected to each other. Subsequently, every device becomes an entry point into the system and each of them can be a target of a cyber attack. For example, in an industrial setting, every sensor along the hundred kilometers oil or gas pipeline is a potential target for cyber attack. Multiply this with the industrial sensors connected to each other all over the world to get the idea of the scale of the threat. At home, a smart TV, a smart fridge, and smart lighting control are all connected to the Internet. Each of these can be a potential target to hack a home automation network, bringing down all devices inside your home. In a nutshell, every device connected to the Internet anywhere in the world is a potential target for attack. With the number of connected devices consistently increasing, the risk is also rapidly increasing.
2. The many software versions– IoT is a fast paced and competitive industry. Companies, entrepreneurs, and innovators are rushing out their products without proper security testing. While the devices are relatively ‘hack-proof’ when they are first released, as time passes by their vulnerabilities begin to show up. This becomes a problem due to multiple reasons.
- The companies are busy creating the next IoT device and pay little attention to the security problem of existing devices. After a few security patch releases, they stop supporting the device leaving it vulnerable to attacks.
- Imagine a smart house where TV, refrigerator, oven, heating, lighting system and even the toaster is smart. As a house owner, one needs to constantly update each of these devices with security patches as they are released. Many home users don’t perform security updates on their home computer. Even one device with an open vulnerability can bring down all the connected devices.
3. Data protection– IoT is built to connect devices to sense and collect data. This data is sent to the main computers for further processing. These computers will generally be hosted by a corporation. This leads to a massive challenge of trust. How much can one trust corporations with their personal sensitive data? When does it become a breach of privacy for the IoT user? For example, British Petroleum distributed Fitbits to its employees so that they can track their health and get better rates for their Insurance. This essentially meant that the company was monitoring its worker’s health 24×7. Now that could be a breach of privacy. Another company RadioShack tried to share such data with other companies which is a clear misuse of data obtained from IoT devices.
IoT is making life easier. Smart solutions are making their way into homes and offices because they increase productivity. However, they are difficult to secure, owing to their design and limited computing ability. While it may not be possible to always secure every individual IoT device, securing the network that is hosting such devices can prevent the security breaches. Further, monitoring of the data that is transmitted from these devices over the network can help in detecting suspicious activities and stop further transmission. Gateway security solutions such as Seqrite Terminator can protect offices, and industries from the attack on their IoT devices and keep them safe and secure.