The Internet of Things (IoT) can be classified as a network of connectivity with machine-to-machine communication. In other words, it’s how devices can connect to the internet and communicate with each other. As we’ve seen in recent years with the explosive growth of “smart” devices like smartphones, smart speakers and smart appliances that can all connect with each other, IoT is going nowhere as AI in trends. In fact, from two billion objects in 2006, to a projected 200 billion by 2020, coupled with a total global worth as high as $6.2 trillion by 2025, it’s clear that IoT will see even more growth.
The incredible proliferation of IoT solutions that use network sensors in physical devices to allow for remote monitoring and control makes the need for security in IoT devices clear. For instance, this technology has gained a lot of traction in industries like healthcare, banking and manufacturing because it gives them vital data needed to save lives, increase efficiency and manage machines. But, when hacked, the resulting consequences can be compounded to mean downed networks and crippled infrastructures.
Unfortunately, the problem is that the same features that characterize IoT devices—their interconnectivity—also leads to their vulnerability. For example, think of a hall of doors; a hall of locked doors. In this hall, no one door can be opened from the outside, but once inside, any door can be unlocked. If a thief were to somehow find their way inside this particular hall, maybe because someone left a door ajar, they would then have access to every other door in that hall. Now exchange that hall for a network, and each door with an IoT device. Because a network with IoT-enabled devices can include millions of connections, each of those connections can be the metaphorical door that’s been left ajar. In other words, security risks exponentially increase with interconnected IoT devices; attack one and you attack all.
Part of understanding the importance of designing and implementing secure IoT applications is knowing what happens when an IoT solution is not as secure as previously thought. As the following two examples will show you, everyone is susceptible to vulnerabilities, even the big brands spending millions to develop them:
In July of 2015, a team of researchers hacked a Jeep Cherokee over the Sprint cellular network by exploiting a firmware update vulnerability. As the person inside the car wrote for Wired, “[t]hough I hadn't touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car's digital display.”
As CNN’s headline from a 2017 article read, “It's official: Hearts can be hacked.” In it, CNN confirmed that “[t]he vulnerability [in implantable cardiac devices like pacemakers and defibrillators] occurred in the transmitter that reads the device's data and remotely shares it with physicians.” In the FDA’s own report of the devices, they said that by accessing its transmitter, hackers could “modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.”
Not it’s time to learn some best practices from Hewlett Packard Enterprise (HPE), one of the top IT companies in the world, to design and build secure IoT solutions so you can turn knowledge into practice.
IoT solutions present such a novel and useful way of interacting with your home and the devices in it that it can be easy to forget that, with them, come added vulnerabilities that need to be accounted for. Thankfully, today we learned that there are a couple of IoT security design best practices brands can follow to limit such vulnerabilities and implement secure solutions:
For you and myself, the consumers, there are also a couple of things we can do to add an extra layer of security. For example: