The Internet of Things defines numerous connected devices to the Internet with the goal to advance the quality of people’s lives, both personally and professionally. They represent the interface between the digital and the physical world. SecurView Cameras, Insteon, Samsung TVs, cooling systems, and many more have recently made headlines for the ‘’wrong reasons’’. They were not mentioned for amazing innovation. They were mentioned for vulnerabilities which may lead to privacy and security breaches.
The Internet of Things (IoT) or connected devices are fascinating. They help with our daily tasks, and make our lives easier and more comfortable. However in most cases, companies or manufacturers do not enable strong privacy and security controls by default. The weak protection on such intelligent devices can harm individuals, violating the their privacy and personal security. Cyber criminals might use these weaknesses to access the devices, and gain controls on the main corporate network.
Security breaches due to IoT are definitely not a new sensation. In 2013, weaknesses in the Insteon home automation system allowed someone with the know-how to take control of household devices. In the same year, Samsung caused a big scandal when reports of vulnerable cameras on their TVs allowed hackers to spy on users. This was also the year Charlie Miller and Chris Valasek hacked into a Toyota Prius and a Ford Escape using a laptop. The vulnerability allowed the team to take control and remotely operate the car’s steering, breaking, and headlights.
Internet of Things initiatives are failing
Around three-fourths of Internet of Things initiatives are defined as failures according to Cisco Systems in a survey conducted earlier this year. In 2014, Cisco Systems estimated that there are 14 billion IoT devices and projecting 50 billion in 2020. Additionally, according to the Internet Society, 99% of all products will be connected to the Internet. IoT will be even more part of our lives, it will be integrated into temperature control, building security, health technologies, traffic management, monitoring of customer behaviour, etc., we will have even more categories of IoT devices, including:
- Smart health and wellness
- Smart homes and buildings
- Smart energy
- Smart mobility and transport
- Smart manufacturing and industrial IoT
- Smart cities
- Smart farming and food security
Gartner’s definition of the Internet of Things is: “the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.” This definition is perfect to understand and realize the related risks to IoT devices. In fact, “Trust” is an essential concern as important data will be transiting over the networks and will be available through those connected devices. While users are concerned around the reliability of those devices and their results, privacy and security related challenges will grow due to the complexity of an interconnected environment. Challenges to secure and preserve confidentiality, integrity and availability will be a concern, and will increase over time. Vendors and manufacturers must undertake a tremendous effort to integrate security in the early design of any IoT device. They will need to be transparent with their customers, and clearly define boundaries around data ownership.
Despite the big challenges, companies are still initiating new projects around IoT devices. However, if you are a customer or a manufacturer, do you have the right answers to these questions:
- In an era where traditional patch management is a challenge, how will that be addressed for an IoT network?
- How can you eventually discover a misbehaviour in your IoT network?
- What about IoT devices that control human lives ? Who will take that responsibility and who will be liable?