What is IoT?
The Internet of things (IoT) is a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
Let’s see why IoT is that much important.
Why is IoT so important?
The IoT provides a platform that creates opportunities for people to connect these devices and control them with big data technology, which in return will promote efficiency in performance, economic benefits and minimize the need for human involvement. It’s the most important development of the 21st century.
What are the risks associated with IoT?
- IoT device manufacturing process
Manufacturers release an untold number of IoT devices into the market each day. Many of these are new models and have undiscovered vulnerabilities. Manufacturer omission is responsible for the vast majority of security issues bedeviling IoT devices. Many device manufacturers see Internet connectivity as a plus to their device’s function and not a core feature. They, therefore, do not devote as much time and resources as they should on ensuring their product is secure from cyberattacks.
For instance, some fitness trackers with Bluetooth connectivity remain visible after their first-ever pairing. Some smart refrigerators expose Gmail credentials. There isn’t a universal standard for securing IoT devices. That, however, is not a justifiable reason for creating poorly secured devices. The biggest IoT risks emanating from the manufacturing process include weak passwords, unsecured hardware, absence of a patching mechanism, and insecure data storage.
- Lack of user awareness and knowledge
Thanks to decades of awareness, the average Internet user is fairly adept at avoiding phishing emails, disregarding suspicious attachments, running virus scans on their computer, or creating a strong password. But IoT is new territory and remains unfamiliar and misunderstood even for many seasoned IT professionals.
Whereas the majority of the biggest IoT risks can be traced to the manufacturing process, users are a far more dangerous driver of IoT security risks. This is especially so when users are ignorant of IoT functionality. Deceiving a human is often the easiest means of infiltrating a restricted network without raising suspicion. Hackers can do that using IoT devices.
The 2010 Stuxnet worm attack on an Iranian nuclear facility was caused by the infection of centrifuge-controlling software via a USB flash drive plugged into one of the plant’s computers. Modern centrifuges are a type of IoT device as they are heavily IT-dependent. Some reports estimated that Stuxnet physically damaged about 1,000 centrifuges.
- Physical security
IoT devices should run with little to no human intervention. Sometimes, these devices are installed in remote locations where they may stay for weeks or months without anyone physically checking on them. Such isolation leaves them in grave danger of theft or physical tampering. Criminals could steal the device or use a flash drive to introduce malware. This could see the attacker gain access to sensitive information. They could also interfere with the functioning of the IoT device rendering any data it collects and relays, unreliable.
The massive 2016 Mirai botnet DDoS attack is an indicator of the potential danger posed by unsecured IoT devices. A single infected IoT device isn’t a significant threat except to the data it collects. However, it’s different when centrally commanded malware infects thousands or millions of devices. The destruction such a multitude of rogue gadgets could cause to websites and networks is immense. IoT devices are much more vulnerable to malware botnet takeover since they are less likely to receive regular updates. IoT-powered botnets can not only bring down leading websites but also jeopardize electricity grids, transportation systems, water treatment facilities, and manufacturing plants.
- Loss of privacy and confidentiality
Hackers, governments, and business competitors can use IoT devices to spy on and intrude on the privacy of unsuspecting individuals and organizations. Such third parties may access, compromise, and use sensitive confidential information without the owner’s permission or knowledge. At the most basic level, someone could take over a security camera and use it to spy on their target’s movements and habits. At a more industrial scale, hackers may capture data from multiple IoT devices and use it to extort their target or sell it to competitors in the black market.
How to minimize those risk factors?
Controversially, the authors say the IoT security problem is not a technological one; it’s cultural.
“In the end, what we have learned by this excursus is that the main problem and concern with IoT security is that security culture is nearly non-existent in our society,” the authors write.
The solution, they say, is to integrate human understanding and algorithms. They recommend creating and strengthening a security culture in which security is considered throughout the entire development lifecycle of an IoT product, not treat security as a single instance.
“This is surely a long-term goal that has several dimensions: developers must be educated to adopt the best practices for securing their IoT devices within the particular application domain; the general public must be educated to take security seriously, too, which among other things will fix the problem of not changing the default password,” the authors write.