Not too long ago it would have been a wild guess to assume that your phone will be able to do everything your computer can. Couple years from now your toaster will most likely also have cool new functionalities. These new possibilities, however, provide also complete different angles to cyber security. The Internet of Things (IoT) era is upon us and millions of devices from your office to your car will be connected. Introducing the IPv6 and ever-increasing amounts of wi-fi networks are the main predispositions for an estimation of 40 billion IoT devices by 2020. However, we must act adequately to anticipate threats, since more connected devices present more avenues for potential attacks.
The good news is this issue has already caught the attention of security specialists. In October this year researchers were able to notice susceptibilities in different brands IoT baby monitors which could be used by hackers to gain access to live feeds or tamper with camera settings. Another security breach was found in Internet connected cars. Hackers have the capability to take control of the entertainment system, unlock the doors or even turn off the automobile while in motion. All smart devices pose a threat to your data, even wearables – hackers can use motion sensors to access what you are typing or gather health data through installed apps. Worst of all is possible hindering of people’s health through medical device breaches.
Serious actions have already been taken on a federal level in the US in order to reduce the gaps against malicious software. Security firms and manufacturers are joining their efforts In IoT security before the industry goes out of control in its infant stage. Gemalto, a digital security company is using its experience in mobile payments to secure IoT devices. The company will be offering Secure Element (SE) technology to other firms in automotive and utility sectors. SE is tamper-resistant component that gets implemented into devices to allow sophisticated digital security through encryption and access control of crucial data.
Microsoft has also addressed the IoT security issue as it will be adding BitLocker encryption and Secure Boot technology to the Windows 10 IoT – the company’s operating system for IoT devices. BitLocker is encryption technology that can cypher entire disk volumes. Its function is to protect on-device data. Secure Boot is software developed by PC making companies in order to ensure your PC is booting with the software the manufacturer recommends. This is an anti-hijacking software.
Vodafone (along with other tech players) has been very active in the forming of the IoT Security Foundation which is a non-profit organization examining Internet connected devices for flaws and offer security advice to involved parties. It hopes to raise awareness through cross-company collaboration.
While there are notable efforts in the right direction, a lot more needs to be done. Gateways connecting IoT devices to other networks need to be secured, not only the devices. IoT gadgets are always connected and they only go through one-time authentication which makes them a perfect tool for infiltrating company networks. At this point the security of people or organizations is not ensured. Repositories containing big IoT data are also at risk to hackers relying on big data to run their schemes. Recent breaches resulting in data theft should serve as a wake up call. We need unified planning on how to tackle security issues through security updates. Manual installation on numerous devices is certainly out of the question, but automatic updates can also pose security threats.
It is evident that IoT devices will become an inseparable part of our lives sooner rather than later and it is up to the whole tech community to raise awareness and come up with sustainable solutions.