Connecting the Unconnected. Securing the Internet of Things (IoT)
Thanks to some of the ideas and research from a presentation by Filip Chytry, a Developer & Hacker from Avast.
"By the end of the decade, everyone on Earth will be connected," says Google chairman, Eric Schmidt.
We’re connected by our Things
What are those things? Those which you already know are laptops, mobile phones, tablets, cameras, televisions, and even the new-generation watches or cars. Those you might know but don’t often see (unless you are an IT geek) are servers, routers, gadgets, and sensors.
The Internet of Things (IoT) has unleashed new trends, and things are now labelled “Smart X.” Replace X with Home, City, Life, Toys, Things, or anything you can think of, and you have an indication of the frontier of Smart Everything. When things are connected and communicate with one another, knowing everything about you, with little intervention, they are “smart”. Your home is smart because your house alarms, sensors, and lights can exchange information, making well-informed, logical decisions about your habits, and then adjusting automatically to suit those variations.
Extend this functionality to your car, and you'll have a smart car; to a public space, and you'll have a smart city.
But wait, there’s more! We can now connect the unconnected. Modern technology will permit cows to be connected. Vital Herd, a Texas-based startup makes it happen via an “electronic pill”. This device sits in the cow’s stomach and transmits their vital signs to farmers who can head off costly livestock illnesses or death. Incredible!
The Barbie doll that your children are playing with can now be connected to communicate with your children. The doll’s internet connection can provide conversational feedback quickly enough to emulate a real chat.
There’s always a Catch
For every new kind of technology, there is bound to be a new kind of problem. Along with the arrival of desktops, laptops, and the World Wide Web (www), we now encounter cybercrime and cybersecurity happening outside in the real world. In the last few years with the advent of mobile technology, both enterprises and consumers were required to deal with a new issue: mobile security. With cloud computing, we then had to deal with cloud security. Now, of course, as we enter the age of IoT, we have to manage IoT security.
Everything that can be connected to the Internet is vulnerable to hacking attempts. Poorly designed or implemented systems can expose serious vulnerabilities that attackers can exploit, according to Symantec. Security is no longer a serious challenge to hackers and poses serious concerns for global corporations and SMEs.
“Even dairy farmers want to safeguard information about the health of their herds,” says Brian Walsh, Vital Herd’s CEO.
Security is a big issue because the data is valuable, including both enterprise and personal data. This information is used for direct marketing, social statistics, and much more. Once stolen, it can be leveraged for blackmailing a company to restore it, or it can simply be utilized to make purchases with someone else’s money for goods that can then be sold. There is a black market, operated by the Russian underground, providing hacking-as-a-service (HaaS); it provides tools, services, and resources for unscrupulous thieves to perform the hacking. And if data alone doesn't catch your attention, or raise enough concern, maybe the threat of death might be sufficient. Security experts now worry that the Internet of Things will be used to kill someone.
Murder by the Internet
Let’s consider just a few of the frightening possibilities:
- A fleet of remote control quad-copters or drones equipped with explosives and controlled by terrorists.
- Someone hacks into a connected insulin pump or a coronary pacemaker and changes the settings in a lethal way.
- A hacker who accesses a building's furnace and thermostat controls and runs the furnace full bore until a fire is started.
We are no longer dealing with young amateurs who do it for the sake of simply testing or perhaps demonstrating their technical skills. It is not a case of skilled hackers that want to raise awareness, prove a point, or simply amuse themselves. We're now dealing with nations, states, and state-sponsored groups.
It is definitely not some ephemeral, ghostly, pseudo-threat devised by security agencies to get more funding. Just browse the news in recent weeks and you will see how terrorists have resorted to truly despicable means to inflict physical harm. It means nothing for them to cause incredible damage using technology to advance a political or religious doctrine at the expense of innocent lives.
The duality of good and evil has always existed, from the simple fairy tales to canonical religious literature. There is no good without evil. The tremendous benefit of the Internet Of Things is real. And our lives will almost certainly become better because of it. But the key point to understand here is that Technology itself is neither good nor evil. Remember: Alfred Nobel (of the Nobel Prize), invented dynamite to save the lives of miners that were using very dangerous Nitroglycerine. He didn’t conceive of the destructive uses it would be put to in wartime. The invention itself wasn’t good or evil. It was only the purposes that humans used it for that had a morality attached.
We should connect the Internet of Things, but we should not do it blithely and merely hope for the best. We know there are evil people in the world that will attempt to pervert anything, whether it is good or bad. Let’s make sure we build-in the security the first time, and not wait for something to go wrong before we take steps to protect people. It is our obligation as responsible human beings to design well, look out for each other, and keep the evil at bay.
Most Recent Articles
- Creative Dock, TeskaLabs, Indermedica, Czech Ministry of Industry and Trade and Line 1212 launch the indicative test for new COVID-19 coronavirus
- Cyber-health with a password and an antivirus program is not enough
- TeskaLabs at the ETSI 1st C-V2X Plugtest
- TeskaLabs has become a leader of Mobile Healthcare applications in the Health (in) Future Platform
- TeskaLabs at the ETSI 7th CMS Plugtest validating C-ITS security
You Might Be Interested in Reading These Articles
Our Business Development Manager, Pavel Enderle, had an interview with CT24 TV, a Czech television channel, to discuss cloud security regarding the new Barbie product, Hello Barbie. This Barbie can talk to children by using ToyTalk’s system to analyze the child’s speech and produce relevant responses.
Published on June 09, 2015
The automotive industry recently witnessed several cases of cyber-hacking that made driving connected cars dangerous if not impossible. Companies like Jeep, Volkswagen, and Tesla all have recently dealt with cases of hackers taking over cars and stopping them while the cars were in use as well as stealing customers' Social Security numbers, financial details, and other sensitive information.
Published on April 04, 2017
Google has introduced new rules about how mobile app developers and companies deal with customer impact on apps across the board. What is it?
The new regulations call for increased transparency with regards to how apps make use of customer data. Developers need to ensure that the way they handle user data - from how they collect it to what it might be used for - is perfectly clear to all users. In Google’s words, developers must “limit the use of the data to the description in the disclosure”. In layman’s terms, this means that data use and privacy policies need to be clearly visible on app descriptions in the Google Play store, and not simply within the app itself.
Published on October 10, 2017