IoT Devices – with greater connectivity comes greater vulnerabilities
The Internet of Things (IoT) represents an exciting period of innovation in our lives. It describes a world of devices all connected to the internet, a world in which inanimate technology that we use and see every day is becoming smarter. It also predicts a continuous journey towards greater ease and convenience, a future in which technology interacts with us as much as we do with it. As you can imagine, this comes with both perks and drawbacks.
With most companies and consumers so focused on IoT features, security often slips between the cracks. The issue is, with the continued connectivity of devices around the world, the implications of hacking are becoming increasingly severe. I’ll look at three types of attacks.
Some IoT devices, including cars and medical equipment, bring the threat of cyber-physical attacks. A hacked insulin pump or connected car could lead to injury or death for the user. Obviously, any cyber-physical attack needs to be prevented at all costs. However, a cyber-murder would likely also destroy the manufacturing company and set off a maelstrom of government regulations and public outrage.
According to a report from Cisco, the IoT will generate 403 trillion gigabytes of data each year by 2018, which is equivalent to every woman, man and child on earth streaming every episode of Game of Thrones over 6 times every day for a year in 720p resolution. Okay, so kids shouldn’t be streaming the show, but you get the idea. A portion of these trillions of gigabytes contains personally identifiable information (PII) that could be used for identity theft or in phishing attacks. Protecting PII should be at the forefront of every type of IoT security plan.
The third type of attack that will become more prevalent with the growth of the IIoT is Distributed Denial of Service (DDoS). DDoS is an attack where the hacker makes a network resource unavailable to users by flooding the system with superfluous requests. Hackers will take over IoT devices with poor or no security to launch their DDoS attacks. The most famous example of this is the attack on domain name supplier Dyn last October, with a reported 1.2 Terabits of data being sent per second. In that DDoS attack, the perpetrator planted botnets on more than 100K IoT devices, including DVRs, webcams, and routers, using them to incessantly ping the Dyn network. The flood of data eventually brought the Dyn network to its knees, which in turn brought down the websites of Dyn’s customers, including Twitter, Spotify, and Paypal.
This type of attack is more difficult to resolve since the vulnerability lies within the IoT device, but the damage is done to other companies’ networks. Likely, the IoT vendors will not be motivated to stop these types of attacks unless there are regulatory or liability penalties for failing to secure their IoT devices.
While there may not be IoT regulations yet, there are simple ways for IoT manufacturers to better protect their devices and their customers’ privacy. As I wrote in an earlier blog, Trusted Computing is one technology that IoT vendors can use.
The article was written by Gene Carter, VP of Products, and originally was published here. Gene holds an MBA from the University of Southern California’s Marshall School of Business and a BSc in Electrical Engineering from Tufts University.