While the Internet of Things (IoT) movement has tremendous potential to change how people work, interact, and live it also, unfortunately, has a big potential downside. That’s primarily due to the evolving cybersecurity landscape, including the potential for data breaches and other dangerous cyber risks. IoT security problems stem from the nature of the technology itself. The technology has an imprecise way of collecting and transmitting data, which makes it difficult for users to know how and when their data is being ‘tracked’ inappropriately.
Take for example when Amazon Echo was recording users’ conversations unknowingly, and transmitting those recordings to someone in the user’s contact list. (Source: qz.com). That type of ‘random’ data collection and data leakage is alarming for many. With many of these remote ‘smart devices,’ it’s very challenging to identify compromises and to know where sensitive data is leaking. There’s also the concern that internet-connected devices can be hacked and controlled remotely. The car manufacturer Volkswagen saw this issue and raised concerns after realizing their vehicles were vulnerable to remote hacking schemes played out by research security teams. (Source: Reddit.)
Not always for good
A report by BeyondTrust maps out the biggest cybersecurity threats and trends of 2019, citing an increasing number of attacks coordinated and delivered by advancing technologies like AI and machine learning. From the report:
“2019 will see an increasing number of attacks coordinated with the use of AI/Machine Learning. AI will analyze the available options for exploit and develop strategies that will lead to an increase in successful attacks. AI will also be able to take the information gathered from successful hacks and incorporate that into new attacks, potentially learning how to identify defense strategies from the pattern of available exploits. This evolution may potentially lead to attacks that are significantly harder to defend against.” (Source: BeyondTrust).
Another report by NetScout points out that IoT devices are particularly vulnerable to brute-force attacks, because, in part, so many devices either have hard-coded user names and passwords or the interfaces are primitive, and they encourage owners to set up simple credentials. (Source: NetScout). Part of the issue also is that traffic from smart, IoT devices is growing at such a considerable pace. According to a recent Gartner report by 2020, IoT technology will be in 95% of new electronic product designs. Those numbers are huge! Many of the IoT devices produced at mass-scale - webcams, mobile phones, medical devices, smartwatches, etc. - don’t have proper security in place to protect user data.
Take for instance an internet-enabled teddy bear produced by Spiral Toys, called CloudPets. This high-tech bear allows parents and kids to exchange instant messages. The problem? Experts discovered that the bears were exposing the credentials of over 800,000 customers and two million messages! (Source: eSecurityplanet). This sensitive data leak is just one of many examples when it comes to IoT. In other cases, popular IoT devices are programmed to ‘share’ user information with 3rd-parties for convenience. When this happens, it’s even hard to know who’s receiving personal information from IoT devices and whether devices are ‘always-on’ and always collecting data, leading to other big-time potential security dangers.
Blockchain is like a ‘virtual handshake’
As consumers and business continue to embrace IoT technology, most of us don’t want to give up security and privacy completely for the convenience IoT devices can deliver. Blockchain technology is one-way manufacturers are building in greater security into IoT devices. When used with IoT blockchain can provide an infrastructure for two devices to directly transfer money, such as used with Bitcoin, or data transfer between one device to another with a secured and reliable time-stamped transaction. Some call it a ‘virtual handshake’ or contract concept where blockchain technology allows IoT processes to be automatically carried out after meeting certain conditions. Big players like IBM are using blockchain for IoT because they believe it’s the best way to close IoT security gaps and to provide audit trails, improve accountability, and to accelerate transaction speeds. (Source: Forbes).
Not all doom and gloom
Getting to the heart of IoT security is about understanding who’s actually responsible for security and having a plan in place to address malware and leaks proactively. And, it’s a balancing act that requires increasing awareness of consumers and demands on manufacturers not to sacrifice security to produce new IoT devices quickly and inexpensively.