When we talk about cyber security we usually mean locking down laptops, securing desktop PCs and safeguarding mobile phones. But in the brave new world of smart connected devices, often called the Internet of Things
(IoT), cyber security takes on an entirely different meaning.
In a sense, thanks to IoT, our physical world becomes one huge information system
with everything from household devices to heating systems, locks, cars and even light switches chained together in a vast network.
Devices exchange data to communicate and using the cloud transmit information; such as sending information from a smart phone to turn up the heating, checking on IP cameras that scan the home when a thousand miles away and remotely controlling alarm systems. At some point you can probably also remotely turn off the iron if you dashed out of the house in the morning and forgot to pull the plug out.
No limits of the IoT world
The only limit to IoT is our imaginations and it’s already used in cities
to create smart, energy efficient environments
. Some of the benefits might seem trite but many are actually extremely compelling
whether it’s cutting energy consumption at home or a business developing new operational models based on data it receives from connected devices.
By 2020 we’re looking at 20 billion plus connected devices
. By then smart homes with smart devices will rapidly become selling points for estate agents and builders.
We know how much trouble hackers have already caused thanks to the web of connectivity that ties the world together but by 2020 the potential for mayhem and mischief will have increased by several orders of magnitude. This isn’t because hackers are already developing cunning and ingenious plans to exploit IoT, it’s because many IoT devices are already frighteningly vulnerable.
Hackers can gain limitless access to devices
Just imagine this world of connection in which you can remotely connect with your car or home when you’re on the other side of the world, your children can interact with toys over the internet and businesses collect data on how you are using their devices even though you may be in Germany and they are based in Taiwan.
All it needs is a few weak links in the chain and hackers can gain almost limitless access to devices that can lead them to data, whether for cyber blackmail, ransomware
, cyber-crime or simply to build databases of vulnerable smart homes that they can sell to other cyber fraudsters.
Unseen levels of sophistication of cyber attacks
This isn’t far-fetched; the dark web
already plays hosts to many cyber fraud groups that have culled billions of dollars using traditional hacking tools such as ransomware, identity theft or simply to sell information. IoT presents these fraudsters with much more; El Camino Real
to a vast pot of cyber gold.
Hackers can already craft and develop attacks with levels of sophistication never previously seen and bring together information from public networks and private homes such as cars, smartphones, home automation systems and even refrigerators.
Hacking the US Vice President
If you recall former US Vice President Dick Cheney his doctor disabled his pacemaker’s wireless capabilities
to thwart possible assassination attempts. Cheney had severe heart problems, he’d suffered five heart attacks, underwent quadruple bypass surgery, and had a pump implanted directly to his heart.
The doctor disabled the pacemaker because he was credibly concerned that attackers could hack pacemakers and kill their owners. Wireless medical devices are susceptible to malware, unauthorised access and denial of service attacks. Welcome to the grave new world of smart connected devices.
Cyber security experts have been warning about cyber threats
from IoT devices for years. They often stand up at Black Hat conferences
and show how they hacked a smart car by taking over the controls, ran a train through poor security on smart meters claiming they can remotely ignite fires, or showed how a hotel’s smart locks were hacked to gain entry to a corridor full of rooms.
Indifference is bliss for hackers
Hackers have already taken control of heating systems sending temperatures plunging when it was already minus 13 outside, spewed bile from the speakers in hacked IP cameras, hijacked thousands of printers to disgorge hate literature throughout the US and even accessed a nuclear plant’s network.
But people generally don’t seem to care. Either they’re not particularly knowledgeable on the technical aspects of exploits, vulnerabilities and threats or it’s seen as fear mongering, or they take the view that it will never happen to them.
It’s worth noting that when desktop computing began to gain ground many years ago with those funny little Mac towers and green screen PCs, people scoffed at the idea of computer viruses. They found it unimaginable that viruses could infect thousands of computers.
But look where we are today. According to some sources more than 1 million pieces of new malware are released every week
, law enforcement agencies the world over issue dire warnings about the losses from cyber-crime and malware-driven heists which plan to steal USD 1 billion do little more than raise a few eyebrows. And it all started with viruses that nobody believed existed.
But today we know better, today the flaws are staring us in the face, today we can’t say the problem doesn’t exist. In respect to IoT we can point to insecure web interfaces, no data encryption, no authentication or authorization controls, vulnerable software, default passwords, insecure cloud interfaces and many other points of vulnerability for smart connected devices that hackers can easily exploit.
We can spell out why IoT security is often appalling bad
or simply non-existent by rightly pointing out that device manufacturers are driven by profit, hampered by tight margins and too afraid that rivals will steal a commercial march on them to plough R&D spend into security and product redesign. In this rampantly commercial world to put the brakes on and make security a priority means they would become commercial dead ducks so it’s better that they follow the herd and just get their products out there.
The future of smart device security
But it’s not all gloom, doom and dire forecasts. Just by reading this hopefully you’ll be aware that smart device security is important and not just an exercise in fear mongering. There are organisations with members banding together that are exploring the issues and looking at security standards for device manufacture and then there are governments doing what governments do, passing the buck but in doing so funding outfits that explore potential solutions.
Taken together these and other actions signal the first stirrings of a move towards future security standards for secure smart device environments. And then there are those who are well ahead of the field such as Dojo by BullGuard
Fusing a raft of technologies, such as artificial intelligence
, crowd sourced security learning
, advanced intrusion prevention and detection, and intelligent network traffic analysis, Dojo by BullGuard not only provides the most advanced protection for smart homes in the world but it is also blindingly easy to use.