Connecting the Unconnected. Securing the Internet of Things (IoT)
Thanks to some of the ideas and research from a presentation by Filip Chytry, a Developer & Hacker from Avast.
"By the end of the decade, everyone on Earth will be connected," says Google chairman, Eric Schmidt.
We’re connected by our Things
What are those things? Those which you already know are laptops, mobile phones, tablets, cameras, televisions, and even the new-generation watches or cars. Those you might know but don’t often see (unless you are an IT geek) are servers, routers, gadgets, and sensors.
The Internet of Things (IoT) has unleashed new trends, and things are now labelled “Smart X.” Replace X with Home, City, Life, Toys, Things, or anything you can think of, and you have an indication of the frontier of Smart Everything. When things are connected and communicate with one another, knowing everything about you, with little intervention, they are “smart”. Your home is smart because your house alarms, sensors, and lights can exchange information, making well-informed, logical decisions about your habits, and then adjusting automatically to suit those variations.
Extend this functionality to your car, and you'll have a smart car; to a public space, and you'll have a smart city.
But wait, there’s more! We can now connect the unconnected. Modern technology will permit cows to be connected. Vital Herd, a Texas-based startup makes it happen via an “electronic pill”. This device sits in the cow’s stomach and transmits their vital signs to farmers who can head off costly livestock illnesses or death. Incredible!
The Barbie doll that your children are playing with can now be connected to communicate with your children. The doll’s internet connection can provide conversational feedback quickly enough to emulate a real chat.
There’s always a Catch
For every new kind of technology, there is bound to be a new kind of problem. Along with the arrival of desktops, laptops, and the World Wide Web (www), we now encounter cybercrime and cybersecurity happening outside in the real world. In the last few years with the advent of mobile technology, both enterprises and consumers were required to deal with a new issue: mobile security. With cloud computing, we then had to deal with cloud security. Now, of course, as we enter the age of IoT, we have to manage IoT security.
Everything that can be connected to the Internet is vulnerable to hacking attempts. Poorly designed or implemented systems can expose serious vulnerabilities that attackers can exploit, according to Symantec. Security is no longer a serious challenge to hackers and poses serious concerns for global corporations and SMEs.
“Even dairy farmers want to safeguard information about the health of their herds,” says Brian Walsh, Vital Herd’s CEO.
Security is a big issue because the data is valuable, including both enterprise and personal data. This information is used for direct marketing, social statistics, and much more. Once stolen, it can be leveraged for blackmailing a company to restore it, or it can simply be utilized to make purchases with someone else’s money for goods that can then be sold. There is a black market, operated by the Russian underground, providing hacking-as-a-service (HaaS); it provides tools, services, and resources for unscrupulous thieves to perform the hacking. And if data alone doesn't catch your attention, or raise enough concern, maybe the threat of death might be sufficient. Security experts now worry that the Internet of Things will be used to kill someone.
Murder by the Internet
Let’s consider just a few of the frightening possibilities:
- A fleet of remote control quad-copters or drones equipped with explosives and controlled by terrorists.
- Someone hacks into a connected insulin pump or a coronary pacemaker and changes the settings in a lethal way.
- A hacker who accesses a building's furnace and thermostat controls and runs the furnace full bore until a fire is started.
We are no longer dealing with young amateurs who do it for the sake of simply testing or perhaps demonstrating their technical skills. It is not a case of skilled hackers that want to raise awareness, prove a point, or simply amuse themselves. We're now dealing with nations, states, and state-sponsored groups.
It is definitely not some ephemeral, ghostly, pseudo-threat devised by security agencies to get more funding. Just browse the news in recent weeks and you will see how terrorists have resorted to truly despicable means to inflict physical harm. It means nothing for them to cause incredible damage using technology to advance a political or religious doctrine at the expense of innocent lives.
The duality of good and evil has always existed, from the simple fairy tales to canonical religious literature. There is no good without evil. The tremendous benefit of the Internet Of Things is real. And our lives will almost certainly become better because of it. But the key point to understand here is that Technology itself is neither good nor evil. Remember: Alfred Nobel (of the Nobel Prize), invented dynamite to save the lives of miners that were using very dangerous Nitroglycerine. He didn’t conceive of the destructive uses it would be put to in wartime. The invention itself wasn’t good or evil. It was only the purposes that humans used it for that had a morality attached.
We should connect the Internet of Things, but we should not do it blithely and merely hope for the best. We know there are evil people in the world that will attempt to pervert anything, whether it is good or bad. Let’s make sure we build-in the security the first time, and not wait for something to go wrong before we take steps to protect people. It is our obligation as responsible human beings to design well, look out for each other, and keep the evil at bay.
Most Recent Articles
- TeskaLabs helps LINET with cyber security compliance for medical devices
- TeskaLabs and University hospital in Pilsen launches a pilot of zScanner - open source mobile app for medical photo documentation
- EV Charging Station security demonstrator
- Five Ways AI And Machine Learning Can Enhance Cybersecurity Strategy
- C-ITS ITS-S Security microservice
You Might Be Interested in Reading These Articles
I experienced a precious moment, discovering the cause which contributed to today's dire state of mobile application security. App developers think that if their apps do not deal with money, they should not have to care about app security. Is it true?
Published on February 24, 2015
Every week there is a new connected device on the market. A few days ago Tag Heuer launched its smartwatch with Google, and last week I saw a €39 sleep tracker in my supermarket plaster section. Tech conferences are buzzing about the Internet of Things (Consumer Electronics Show 2015, Pioneers Festival 2015).
Published on November 24, 2015
OpenSSL DROWN Vulnerability Affects Millions of HTTPS Websites and Software Supporting SSLv2 (CVE-2016-0800)
DROWN is caused by legacy OpenSSL SSLv2 protocol, known to have many deficiencies. Security experts have recommended to turn it off, but apparently many servers still support it because disabling SSLv2 requires non-default reconfiguration of the SSL cryptographic settings which is not easy for common IT people who have limited security knowledge and don’t know the location to disable this protocol and the way to disable it.
Published on April 12, 2016