The rise of the internet of things has brought with it some of the most convenient, user-friendly applications we could ever dream of.
You can track the amount of steps you’ve taken in a day on a small device that wraps around your wrist. You hardly notice it, but it notices the way you move and stores valuable data about your health that you can consume later.
You can come home from work and speak to a digital assistant with artificial intelligence that was built into a simple Bluetooth speaker. It can be programmed to turn on your lights or play music or preheat the oven for dinner.
With the development of these devices comes the urgency to connect them all. They are made for easy connectivity. This, in theory, makes our lives easier. It optimizes our time. It streamlines simple tasks. It allows the phone or the laptop to be a hub of information, the central point that connects all these other devices.
If someone told you about where this technology was going ten years ago, you would think either it would be extremely expensive or that they were describing science fiction. But it’s not—it’s the reality we’re living in. These devices are affordable and are undeniably essential to modern culture.
And like science fiction, every technological advancement comes with a frightening counterweight. With all these new devices that can send and receive data comes a string of serious security problems.
Why Internet of Things Security Is Concerning
A lot of these connected devices become IoT security issues because they are cheaply made and have far inferior security standards than say, a smartphone. Many of them have no security system in place or even basic security measures like a password or passcode.
They’re wide open and easily accessible—by anyone.
And while it’s not likely that a cheaply made baby monitor could offload valuable data from a large corporation, it’s possible to imagine. And, there’s even precedent.
You can point to the time a botnet of internet-connected home appliances sent over 750,000 malicious emails in 2014 or the DDoS attack that took over unprotected building management systems in Finland and left residents of two apartment buildings without heating or hot water. Even these are small potatoes compared to the Mirai botnet.
But not every concern has to be devastating. Some IoT security issues are smaller risks, but more and more the IoT has been a fixture in organizational security and policy-related conversations. In the next section, we’ll tell you about some of the more common problems, big or small, and explain where they may be going in the future.
Internet of Things Security Problems
The Proliferation of Connected Devices
This has already been covered in some detail, but we’ll shed more light on it because it’s the primary security issue with the Internet of Things. More devices means that there are more “things” to protect on your wired and wireless networks and more devices that can potentially become compromised.
This is of particular concern for larger organizations. Only high-quality tools can give you the visibility over the network to detect rogue devices and respond quickly. More devices, especially those that are unsecured, can quickly cause problems.
If you know a device is unsecured, you have to think about how it can be a tool for hackers. Phones and laptops are obviously at the top of the list as they may contain or share sensitive data for organizations, but what about the coffee maker in the office kitchen or the digital assistant that your coworker uses to play music.
If these things have voice command, they can pick up sound. If they can pick up sound, they can pick up conversations. More than anything else, the constant stream of connected devices has organizations worried about how they can even keep track of them or how they can know when one is compromised.
This moves the conversation away from organizational concerns to personal risks. You need to think about the devices you use and their potential for invading your privacy.
For example, there are a ton of personal privacy concerns surrounding the Amazon Echo and its artificial intelligence persona, Alexa. Is it possible to know what’s “off the record,” and is it listening in when it’s not summoned to play another song or set a wake-up alarm? Say you were talking about needing new socks—can it use this information to market products to you?
Another concern is workout trackers. If your company gives you a wearable workout tracker that can access your heart rate or physical activity in a day, like many corporations already have, can they store this data and use it to inform health care policy?
A lot of questions like this are still unanswered, and consumers may be unaware of the underlying impact of a lot of the devices they regularly use.
Not Enough Updates
While some IoT devices may have been safe when you bought them, that security can be lessened over time. Many companies that produce these devices do not update them often enough to ensure safe use away from hackers.
Again, computers and mobile devices may be outliers here—most of them have automated updates to ensure proper security protocol. But too many other devices have security flaws that are going unchecked due to a lack of system updates. This can leave the door wide open for a rogue actor to gain access to your device, and potentially, the other, more secure devices that it connects to.
Unaware or Unconcerned Consumers
Internet of Things security is a relatively new concept. A lot people who use connected devices throughout their lives don’t track what information they are potentially sharing. Because it doesn’t always hit close to home, it’s difficult to broaden the dialogue outside of organizational security.
This also bleeds into the previous point. Consumers who don’t know the security risks of leaving connected devices vulnerable often won’t take the time to install a software update. Many of them can easily be ignored.
This is why Bring Your Own Device programs can be alarming for larger organizations. In fact, 74 percent of companies are using or have adopted BYOD policies, but too many are unable to enforce proper procedure. It’s difficult to get employees to buy in and see the bigger picture, and a lot of them will find workarounds anyway.
Where is Internet of Things security going?
While the number of connected devices continues to rise, hackers won’t stop using attacks, and they have the potential to become even more powerful. The fact is that the technology is just too efficient and convenient to halt.
The same way most industries are becoming more automated and tech-savvy, city, state, and federal government offices will likely do the same. This means more surveillance, more collection of public information, and a bigger database of information to secure.
While, in a vacuum, this is progress and may ultimately end up being a net positive, if not done correctly it can be devastating. If hackers can gain access to personal identity information or medical records, they can do a whole lot more than try to sell you socks.
The reasonable and hopeful expectation is that as more devices are created, security becomes a bigger piece of the puzzle. Software and device creators can be more responsible and thorough in placing proper security measures. Employers and organizations can adopt better tools, like Pwn Pulse to secure their networks.
This technology doesn’t have to be concerning, we just need to better protect ourselves from its potential negative impact.