December 15, 2015
Even just a quick google search on “The Internet of Things” yields an eclectic mix of ideas, responses, and projections. AT&T is excited about the future prospect of connected cars, wearable devices, and smart cities. Meanwhile, others are connecting devices we never thought were necessary, like Hamwell’s e-Shower. Still, one undeniable trend is clear. The Internet of Things is growing larger, and we have no reason to expect it to plateau.
Aside from visions of a sci-fi universe akin to Total Recall or Star Trek, the IoT presents interesting challenges on the security frontier. Infecting a network and stealing data can be a disaster, but a car hacked on the highway could be life-threatening. Furthermore, many of these devices lack the standard security measures we’ve come to expect on our devices.
For example, at the Black Hat Conference in 2014, University of Central Florida researchers demonstrated how easily they could hack into the prominent Nest Thermostat and use it, as the report describes, “as a beachhead to attack other nodes within the local network.”
On the IoT frontier, we must remember to look before we leap. Proper security procedures must be developed and implemented in these connected “things” before many of these products are adopted by the mass public.
A Connected World
The Internet of Things is a term used to describe the concept of applying internet capabilities and data generation to everyday household objects that traditionally do not bear such connectivity. Watches, thermostats, DVD players and Blu-Ray players, lighting systems, security cameras, door locks, garbage cans, cars, and street lights can be or are now connected to the internet. And the list goes on.
Security Concerns in the Internet of Things
In all areas of technology, security is a concern and must be taken seriously. In the IoT, however, we have a tendency to forget that they are operating on all the same principles as a desktop computer, and as such, suffer from all the same vulnerabilities.
- At the Device Level: Many IoT devices have at least a small amount of personal information on them. The DVD player connected to a Netflix account may not have direct credit card information, but it does have a login password. From there, it is an easy step to breach the Netflix account and steal other, more valuable information.
- At the Support Level: Data does not exist in the ether. Everything from click-history to a social security number is store somewhere in a data center. The same is true for all information gathered from the Internet of Things. While a particular device may hold some sensitive data, the source is still where it has always been. It is important not to lose sight of traditional security procedures like next generation firewalls (NGFW) and intrusion detection and prevention systems.
Pointing Fingers: Who’s Responsible for Security?
One may expect that manufacturers should be responsible for providing a complete, secure product for use by the mass public and businesses, but don’t be so quick to assume. Remember, personal computers are not shipped with a permanent licensed anti-virus software installed. PC manufacturers may have partnerships with third party anti-virus companies, but there is no guarantee that the PC will always have access to it, at least without paying a renewal fee. It is likely the IoT world will pan out much in the same way. This trend is already taking root in the Internet of Things space. Companies like Symantec offer packages to protect customizable numbers of endpoints in one to three year plans.
However, non-for-profit organizations like the Open Web Security Project (OWASP) devote their time to educating developers and users about the security concerns of the IoT. Through their efforts, it’s possible manufacturers could shoulder at least a portion of the burden.
Like what you read?
Mindsight, a Chicago IT consultancy and services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We’ve always prided ourselves in delivering the full spectrum of IT services and solutions, from design and implementation to support and management. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for a local business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.