Connecting the Unconnected. Securing the Internet of Things (IoT)
Thanks to some of the ideas and research from a presentation by Filip Chytry, a Developer & Hacker from Avast.
"By the end of the decade, everyone on Earth will be connected," says Google chairman, Eric Schmidt.
We’re connected by our Things
What are those things? Those which you already know are laptops, mobile phones, tablets, cameras, televisions, and even the new-generation watches or cars. Those you might know but don’t often see (unless you are an IT geek) are servers, routers, gadgets, and sensors.
The Internet of Things (IoT) has unleashed new trends, and things are now labelled “Smart X.” Replace X with Home, City, Life, Toys, Things, or anything you can think of, and you have an indication of the frontier of Smart Everything. When things are connected and communicate with one another, knowing everything about you, with little intervention, they are “smart”. Your home is smart because your house alarms, sensors, and lights can exchange information, making well-informed, logical decisions about your habits, and then adjusting automatically to suit those variations.
Extend this functionality to your car, and you'll have a smart car; to a public space, and you'll have a smart city.
But wait, there’s more! We can now connect the unconnected. Modern technology will permit cows to be connected. Vital Herd, a Texas-based startup makes it happen via an “electronic pill”. This device sits in the cow’s stomach and transmits their vital signs to farmers who can head off costly livestock illnesses or death. Incredible!
The Barbie doll that your children are playing with can now be connected to communicate with your children. The doll’s internet connection can provide conversational feedback quickly enough to emulate a real chat.
There’s always a Catch
For every new kind of technology, there is bound to be a new kind of problem. Along with the arrival of desktops, laptops, and the World Wide Web (www), we now encounter cybercrime and cybersecurity happening outside in the real world. In the last few years with the advent of mobile technology, both enterprises and consumers were required to deal with a new issue: mobile security. With cloud computing, we then had to deal with cloud security. Now, of course, as we enter the age of IoT, we have to manage IoT security.
Everything that can be connected to the Internet is vulnerable to hacking attempts. Poorly designed or implemented systems can expose serious vulnerabilities that attackers can exploit, according to Symantec. Security is no longer a serious challenge to hackers and poses serious concerns for global corporations and SMEs.
“Even dairy farmers want to safeguard information about the health of their herds,” says Brian Walsh, Vital Herd’s CEO.
Security is a big issue because the data is valuable, including both enterprise and personal data. This information is used for direct marketing, social statistics, and much more. Once stolen, it can be leveraged for blackmailing a company to restore it, or it can simply be utilized to make purchases with someone else’s money for goods that can then be sold. There is a black market, operated by the Russian underground, providing hacking-as-a-service (HaaS); it provides tools, services, and resources for unscrupulous thieves to perform the hacking. And if data alone doesn't catch your attention, or raise enough concern, maybe the threat of death might be sufficient. Security experts now worry that the Internet of Things will be used to kill someone.
Murder by the Internet
Let’s consider just a few of the frightening possibilities:
- A fleet of remote control quad-copters or drones equipped with explosives and controlled by terrorists.
- Someone hacks into a connected insulin pump or a coronary pacemaker and changes the settings in a lethal way.
- A hacker who accesses a building's furnace and thermostat controls and runs the furnace full bore until a fire is started.
We are no longer dealing with young amateurs who do it for the sake of simply testing or perhaps demonstrating their technical skills. It is not a case of skilled hackers that want to raise awareness, prove a point, or simply amuse themselves. We're now dealing with nations, states, and state-sponsored groups.
It is definitely not some ephemeral, ghostly, pseudo-threat devised by security agencies to get more funding. Just browse the news in recent weeks and you will see how terrorists have resorted to truly despicable means to inflict physical harm. It means nothing for them to cause incredible damage using technology to advance a political or religious doctrine at the expense of innocent lives.
The duality of good and evil has always existed, from the simple fairy tales to canonical religious literature. There is no good without evil. The tremendous benefit of the Internet Of Things is real. And our lives will almost certainly become better because of it. But the key point to understand here is that Technology itself is neither good nor evil. Remember: Alfred Nobel (of the Nobel Prize), invented dynamite to save the lives of miners that were using very dangerous Nitroglycerine. He didn’t conceive of the destructive uses it would be put to in wartime. The invention itself wasn’t good or evil. It was only the purposes that humans used it for that had a morality attached.
We should connect the Internet of Things, but we should not do it blithely and merely hope for the best. We know there are evil people in the world that will attempt to pervert anything, whether it is good or bad. Let’s make sure we build-in the security the first time, and not wait for something to go wrong before we take steps to protect people. It is our obligation as responsible human beings to design well, look out for each other, and keep the evil at bay.
Most Recent Articles
- From State Machine to Stateless Microservice
- Entangled ways of product development in the area of cybersecurity #3 - LogMan.io
- Entangled ways of product development in the area of cybersecurity #2 - BitSwan
- Entangled ways of product development in the area of cybersecurity #1 - Asynchronous or parallel?
- State machine miracle
You Might Be Interested in Reading These Articles
Security is an essential part of today’s modern world, especially with the rise of computers and mobile devices. No one questions whether data centers, servers, and computers should be secure, so why are there so many questions about mobile security? Mobile devices face the same security threats and are, sometimes more susceptible to them. It is time to make mobile security a priority.
Published on June 23, 2015
In many respects, today's motor vehicles function as connected devices. With this in consideration, joint EU initiatives have broadened the impact of Cooperative Intelligent Transport Systems (C-ITS) to include more expanded connections, including road infrastructure. This enhanced connectivity is expected to result in significant improvements to both road safety and traffic efficiency.
Published on June 15, 2021
Security Researcher Filip Chytry: Online Security Is an Unattractive Topic - until People Get Hacked
I studied at Applied Cybernetics school and worked on various fields: robotics, networks and programming. There I got curious about security and became increasingly passionate about the industry, trying to learn more about cyber crime and attempting to hack into my classmates‘ computers for fun.
Published on August 20, 2015