Snapchat spectacles, Apple Watch, Google Glasses and connected cars: what do all of these things have in common? With the right development, these connected devices have the power to revolutionize the way we live and interact. However, the increased popularity of the “Internet of Things” comes with a lot of security risk that tends to be overshadowed by the rapid technological advancements that come with it.
There are many benefits and uses these Internet of Things devices provide. Smart homes, connected cars, lifestyle and medical devices can help you allocate your precious time to where it matters most by automating some simple, but time-consuming tasks.
A lot of new exciting technologies are being developed, but it comes at a cost: many devices exhibit vulnerabilities in security.
Imagine driving your new connected car on a highway, when suddenly you feel cold, but don’t remember turning on the air conditioning. Then, the radio turns on to the local hip-hop station and the windshield wipers start moving rapidly when it’s not even raining! This is what one of the testers of the new Jeep Cherokee experienced during a test drive. You can only imagine how vulnerable he felt behind the wheel while the safety of himself and those around him was at risk. Little did he know that two hackers were behind the whole thing.
A 2015 report by Ernst&Young reports that a startling 70% of the most used IoT devices contain vulnerabilities, and 56% of the companies interviewed would not be able to detect such sophisticated attacks. It goes without saying that IoT developers must prioritize security when designing the operating system for these devices.
Last month, on Oct. 21st, a wave of distributed denial of service attacks against dynamic domain name service providers caused outages of services across the Internet. This caused a number of high-traffic websites such as Twitter, Pinterest, Reddit, and GitHub to face technical difficulties. Attacks were coming from a number of different locations. Nevertheless, an Internet of Things botnet called Mirai, made up of home Wi-Fi routers and Internet Protocol video cameras, was identified.
Therefore, it has now become clear that hackers can perform DDoS attacks through the backdoor of millions and millions if improbable (but connected) devices, from fridges to thermostats. The advantages to connectivity for the more banal items in our households are obvious and numerous – but the problems equally so.
More connected devices mean more attack vectors are available to hackers. Moreover, the increasing standardization of ARM architecture, present in most IoT-capable hardware, is removing one of the biggest barriers to a hacker, which was that previously nearly every instance had its own bespoke operating system.
There are many variables and factors that come into play when it comes to security issues with IoT devices. One of the most significant factors is that firms insist on launching a minimum viable product (MVP). The point of a MVP is to build something fast and put it on the market to learn about customer reactions, regardless of how ready the product seems to be. The focus on getting a product launched as soon as possible causes security and privacy to be overlooked, leaving the product vulnerable to attacks.
Another instance that may contribute to security issues is that security experts may be difficult to come by. With the rapid growth of technology comes the demand for engineering talent to oversee security and privacy. However, this demand does not come at a cheap cost and is difficult to find. At this point, firms are more focused on getting a product out to the market.
Lastly, another significant factor that contributes to security risk with IoT devices is the “ship and forget” mentality. Firms often get carried away with keeping up with the market trends and developing newer versions of products, that they neglect the risk of security vulnerability for earlier products. This leaves first and second generation products with outdated security features. New methods of cyber attacks are being used every day and customers are prone to these attacks. However, regardless of if the firm decides to offer software updates, how often does the typical consumer actually update their software? How often do they change their passwords? The risk is also at the hands of the consumer. Firms must encourage routine security practices to create maximum efficiency when it comes to preventing cyber attacks.
While the potential for Internet of Things devices is massive, the importance of security should not go overlooked. How can users enjoy implementing these devices into their lives, while the risk of a security attack will always be on their mind? As more firms come out with products, they must work collectively with their users to develop and sustain a secure environment for the use of these devices in order for the world to really experience an Internet of Things revolution.
Valeria Savatteri and JR Montes