The world we live in today is connected 24*7, with people always being attached to technology, even when on the move. And what is taking this mobile connectivity to another level is the Internet of things (IoT). Our household items are increasingly getting connected to the internet, with a simple device like a mobile. And while the purpose behind this effort had been to simplify our lives with providing us the ease to regulate things even while being away from home, it also has served as another channel for hackers to rake in some money.
What is the Internet of Things?
The Oxford definition of the Internet of Things is “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.” Simply put, any ‘thing’ which can be assigned an IP, and is able to connect to other ‘things’, falls under the Internet of Things. Therefore, examples of IoT devices would be toll booths, refrigerators, webcams, cars ( oh yes!), ACs, TVs, lighting systems, telephones, traffic control systems, home security systems, DVRs…even sprinklers and many more…The response for IoT is impressive with many industries adopting this new technology. The concept of smart homes is fast building up throughout the world.
The multi-connectivity of the devices sounds great! But this multi-connectivity is the weakest point for IoT devices. If one device gets hacked into, the hacker can use it to control all the other devices and retrieve sensitive information like bank credentials and passwords.
What do the stats for the future of the Internet of Things say?
The data for IoT growth is overwhelming. The International Data Corporation predicts that 30 billion ‘things’ will be connected to the internet by 2020 and that revenue from the IoT will reach $9.54 trillion. According to Gartner, by 2020 the Internet of Things will be made up of 26 billion units while IDC values the Industry to be around $8.9 trillion and puts the number to approximately 30 bn. Cisco has made a prediction of around 50 billion by 2050, with a valuation of $14.4 trillion by 2023.
The increase in the number of connected devices will directly result from many folds, in the increase in hacking attacks and attempts, and therefore security concerns as well. Hence, it is important to understand which data is accessed by IoT devices to perform their normal functioning and the security risks associated with them.
Security Threats to the internet of things
HP released a study on Internet of Things and found that 7 out of the 10 internet-enabled devices which they tested were vulnerable to some form of attack. 10 of the most used IoT devices were examined. The list included thermostats, smart TVs, webcams alarm systems, device further used for controlling multiple devices, and was found to have a number of vulnerabilities, providing the hackers with not one, but multiple entry points into the user’s premises.
For each device, 25 vulnerabilities were found and the vulnerabilities varied from bad passwords, poor software security, the transmission of unencrypted data, and insecure web interfaces. And all devices included mobile applications which can be used to access or control the devices remotely.
OWASP has released an Internet of Things Top 10 2014 list, which gives an insight on the concerns for the Internet of Things. Vendors can use this to review the IoT devices, find the vulnerabilities and fix them up before hackers exploit them.
The OWASP Internet of Things Top 10 – 2014 list is as follows:
Measures to be taken to protect your security:
Currently, all the threats that are affecting IoT devices are related to the application and mobile security and network security. As the report states, even if there are one or two issues afflicting a mobile application, and this affects the mobile phone, due to inter-connectivity, the issue spreads out to the connected devices, so the vulnerability and therefore the problems multiply much fold causing multiple entry points for hackers.
To protect yourself from being a victim of the Internet of Things attack, you can follow the following steps:
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in the security industry and had held various mgmt/leadership roles in Product Development, Professional Services, and Sales @Entrust.