February 12, 2016
IoT is one of those mysterious topics emerging a lot of curiosity and excitement. Although the term has been around for a while already, with the rapid advancement of technology, belonging to IoT suddenly became a pass to the community of the hottest innovators. According to TC, by 2020, the number of active wireless connected devices will exceed 40 billion.
The very idea of the things around us being able to communicate and perform actions is intriguing. Endless opportunities lay in the interception of IoT and a range of industries. While the real-life application of IoT can benefit a human life by leaving less space to the errors related to the human factor in industrial production, medicine and other industries, there are certain threats that have been left out of focus.
The especially vulnerable societies are the ones that are most connected to the global Web with the highest device adoption. The higher one’s engagement and connection in the Web and across devices, the more questions of privacy intimidation will be raised. IoT will not bring any relief as by its nature, it will be plugged deeply into society and will be able to reach every corner of our digital presence. Powered by the actual devices, IoT won’t leave our physical lives untouched as well.
With the adoption of intelligent and interconnected devices, the question of personal protection from those devices is becoming especially alarming. Not only will the question of privacy be compromised, but public safety may become a question of a concern. As we become increasingly reliant on intelligent, interconnected devices in every aspect of our lives, how do we protect potentially billions of them from intrusions and interference that could compromise personal privacy or threaten public safety?
Unfortunately, the flexibility of IoT in terms of cross-industry adoption doesn’t allow addressing a set of common threats all at once. In order to ensure the security, each application requires a redesign of the security systems. Embedded security devices can serve as protection, but they have very limited intelligence as there is a need for a human operator manually filtering incoming tasks. In the case of the absence of a human operator, the embedded security system makes its own judgment, which may have an undesirable outcome for a human.
The IoT threat is such a complex topic that there is not only a cross-industry axis but also different types of threats leading to different negative outcomes. The first type of threat is the capture of private information. If hacked, connected devices can provide visibility and opportunity to observe, record and capture personal information of any kind. The other type is related to anything that damages or destroys information or even the device itself. In the same way, if a private device is "broken into" to steal information, it can be injected with a malware to destroy files. The last type of threat is manipulation. Interconnected physical devices open up an opportunity to manipulate them and possibly, cause physical damage or damage to privacy. Examples could be connected cars, connected cameras or connected robots.
The endless variety of IoT applications poses an equally wide variety of security challenges. Wind River, an embedded security software company for interconnected devices, suggests some interesting examples of those threats:
One of the examples of a possible threat is related to industrial production. Deeply embedded programmable logic controllers (PLCs) that operate robotic systems are typically integrated with the enterprise IT infrastructure. How can those PLCs be shielded from human interference while at the same time protect the investment in the IT infrastructure and leverage the security controls available?
Another example is related to the control systems for nuclear reactors attached to infrastructure. How can they receive software updates or security patches in a timely manner without impairing functional safety or incurring significant recertification costs every time a patch is rolled out?
While some examples are related to technology itself, there certainly will be human-posed such as interest from cybercriminals. More connected devices mean more channels for an attack; there are already examples of such activities. Just last year, a number of baby monitors and interconnected cars were compromised raising concerns on the level of personal security.
While IoT imposes possibilities, it certainly opens up doors for hackers looking to steal financial data as well. Any Internet-connected device can be hacked. Wearables, phones and other devices plugged into the Web will become possible sources of information leakage. Given that banking is moving digital, connected phones can help hackers read the PIN input either through the phone itself or through tracking motions on one’s wearable device. The same can be done when someone is uses ATMs.
If applied in healthcare, IoT may bring the most disastrous consequences if the security is compromised.
Some of the threats will be related to technology and others to the human factor. Human behavioral traits and habits, as they may relate to IoT devices, also pose a threat. While it is in our habit to protect laptops and notebooks, the smartphones are the actual loopholes. Public Wi-Fi usage and corporate IT are often cited as examples of the habits that may get one in trouble. The more IoT is plugged into daily life through the range of personal devices, the more threats the users will face with every other device’s use. However, the same could facilitate sharing of knowledge and the diminishing of risk over time as users become more knowledgeable.
But enough of dramatic possibilities; it would be unfair to say that IoT is the only industry that may cause significant damage to a human life if compromised. Regardless of threats, there are certainly outstanding opportunities in the application. Advanced IoT devices with a proper security system may significantly transform one’s life in a positive way. IoT devices have already flooded the developed world and have released the creativity of a human to use time in a better way. Undeniable threats may stop conservative institutions and individuals, but early adopters will be able to unleash the power of technology to make life better.