Locking down the Internet of Things

Much has been made of the economic benefits of the Internet of Things, but at what cost to our security and privacy?

Keeping securely connected

The security problems IoT could cause is another area that needs to be more openly discussed, states Curran, because it could pave the way for remote attacks against individuals and businesses.

The problem stems from the fact not all connected devices were built with security in mind from the get go, according to the European Commission.

There is still no agreed protocol for access to public data when it comes to law enforcement agencies or other intelligence agencies, and there is a debate waiting to happen here.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Information security, privacy and data protection should systematically be addressed at the design stage. Unfortunately, in many cases, they are added on later once the intended functionality is in place," the document states.

"This not only limits the effectiveness of the added-on information security and privacy measures, but is also less efficient in terms of the cost to implement them."

It is an area manufacturers are becoming more mindful off, claims Curran, but the devices they are trying to lock down sometimes lack the compute power needed to do this effectively.

"There is an international ISO/IEC 29192 standard which was devised to implement lightweight cryptography on constrained devices," he offered.

"There was a need for this as many IoT devices have a limited memory size, limited battery life along with restricted processor...and traditional heavy cryptography is difficult to deploy on a typical sensor hence the deployment of many insecure IoT devices."

Back door bad guys

Advertisement - Article continues below

Connected devices are often fitted with 'back doors' so manufacturers can easily monitor their activity and stop them carrying out particular functions. But these could easily be easily taken advantage of by hackers.

"Every server, router, switch, laptop, tablet and mobile has a back door in it," says former BT CTO Peter Cochrane, who now runs his own IT consultancy business.

"That is the reality of the threat. China has declared that all of the power meters they are manufacturing have got back doors in...so they can [remotely] monitor them and check they are working okay."

In some instances it might be in the manufacturer's best interests to maintain this access point into the product, depending on who it is being sold to.

Advertisement
Advertisement - Article continues below

"If you were a military manufacturer making missiles, for example, you always put a back door in so it can be remotely disabled just in case the friend or ally you sold it to become your enemy tomorrow," he explains.

Remote attacks

Advertisement - Article continues below

Security experts often cite medical devices as examples of connected devices with back doors that could be remotely exploited with devastating consequences.

"There is a pacemaker on the market today, with a wireless interface, that is being fitted to people and somebody has hacked that wireless interface and it has a back door. If I had the knowledge, I could sit in Starbucks killing people as they walk past. It's that severe," says Ciseco's Hodkinson.

"The risk to life of having proprietary security systems is that people don't have the resource to test them in the real world against three billion people."

The 12.1 million smart utility meter deployment project, which will see 53 million connected devices installed in homes and businesses across the UK between 2015 and 2020, could also put households at greater risk of attack in several ways.

Firstly, there is the fact the meters will be monitoring people's electricity consumption, which as in Hodkinson's fridge example from earlier is information that could be of interest to burglars.

"On a larger scale, however, there is a threat whereby smart meters that are connected to smart grids could be attacked leading to complete failure of the system," explains Curran.

Advertisement - Article continues below

"It is an ideal attack vector for rogue nations or terrorist organisations as once the electricity is cut-off, then pretty much every aspect of life in that region is affected."

While it might sound almost fanciful, smart meter attacks are a very real and credible threat, stresses Curran.

Advertisement
Advertisement - Article continues below

"We do know the Chinese authorities have done extensive reconnaissance of Western energy networks, so it is very possible that a nation state might launch such an attack during a time of international tension," he claims.

"If an attacker were to compromise such a critical infrastructure and send commands to multiple meters to stop or modify charging, then the public backlash would be significant. Because when people are left without power, people die."

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/cyber-attacks/354747/apple-mac-malware-detections-overtake-windows-the-first-time
cyber attacks

Apple Mac malware detections overtake Windows the first time

11 Feb 2020