Solving Today’s IoT Security Issues Is No Easy Feat, But with the Right Tools It Can Be Done Quixxi Follow Dec 21, 2017 · 6 min read

The Internet of Things (IoT) is a system of interrelated computing devices that have the ability to transfer data over a network without human-to-human or human-to-computer interaction. While these devices are making our lives easier, it is virtually impossible to adequately secure them, rendering IoT devices extremely vulnerable to hackers.

Recently, noted security experts Charlie Miller and Chris Valasek, commented on the security of IoT devices at the Black Duck Software’s Flight 2017 conference, saying it can’t be secured, but it can be tamed.

Miller and Valasek, who are vehicle security architects at GM’s Cruise Automation, say that comprehensive security is expensive, and that it’s virtually impossible to solve today’s security problems with the current resources available. They allude to the fact that it will never be cost-effective to build world-class security into the devices they make. This reality is cause for concern, as the world of IoT is growing, and it doesn’t look like it’ll slow down anytime soon.

The definition of IoT is expansive, and it includes items such as insulin pumps, pacemakers, automobiles, and more. It touches virtually every industry — agriculture, aviation, healthcare, energy, mining, and transportation — and it’s significantly advancing the influence of the internet as we know it.

The influence of IoT devices is far more reaching than it’s ever been. Photo credit: Shutterstock.

By 2020, it is estimated there will be 28 billion connected devices, 20 billion of which will be IoT devices that are prone to security attacks. A new survey commissioned by ForeScout Technologies suggests that IoT will have a serious impact on the way businesses conduct themselves, specifically in that a lack of appropriate security practices will open up businesses to devastating cyberattacks.

The survey, conducted by Forrester Consulting, found that 77 per cent of companies admit that increased usage of IoT devices creates significant security challenges. As a result, most companies will need to reassess how they secure their networks.

But where do we begin? Securing every single network is next to impossible, especially considering that everything from toothbrushes to automobiles run on this IoT technology. Imagine having dental care products with heightened security? It would cost consumers hundreds of dollars for a toothbrush!

Industry experts argue that the focus should be on important products that need heightened security, with the remainder of the not-so-important products, like toothbrushes, left behind in a constant state of vulnerability. But what is considered “important,” and what can be left vulnerable to cyberattacks?

Earlier this year, over 100,000 internet-connected security cameras were accessed via the open web for surveillance, thanks to a massive security vulnerability.

But the poor security in IoT products isn’t just limited to security cameras, it includes anything that is connected to the internet, like climate control and energy meters, smart video conferencing systems, connected printers, smart fridges, and even smart light bulbs.

Experts say hacking these devices is so simple it takes mere minutes to do so, but the consequences are long lasting. Internet connected security systems are particularly dangerous because they use wireless communication to connect with other smart devices associated with securing a building. If hackers are able to break into one of these devices, remotely taking control of it becomes a heightened possibility. This hack can lead to a physical break-in by criminals, just by turning off cameras, and opening and closing doors.

Hackers could destroy organizations through something as simple as a climate control device. For example, if a cyber attacker were able to remotely change the temperature in a room that housed servers or computers, it could cause physical damage to the hardware. This type of attack may not sound dangerous, but what if those servers managed important government information? Such an attack could compromise the integrity of public records, government intelligence, and the like.

Vulnerabile IoT devices could be disasterous for individuals and organizations alike. Photo credit: Pexels.com.

The same theory could be applied to servers housing sensitive medical information. Hacking of smart video conferencing systems or VoIP phones could allow hackers to snoop on organizations by listening to calls through insecure systems.

Experts are bracing for what could be the calm before the storm when it comes to IoT security violations. Currently, there are 10 areas of IoT vulnerability to consider, as identified by OWASP. OWASP is an Internet of Things Project designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. These include:

Insecure Web Interface Insufficient Authentication/Authorization Insecure Network Services Lack of Transport Encryption/Integrity Verification Privacy Concerns Insecure Cloud Interface Insecure Mobile Interface Insufficient Security Configurability Insecure Software/Firmware Poor Physical Security

These IoT vulnerabilities prompt major problems that won’t be solved overnight, and if you still think these problems don’t impact you, think again. In October 2016, the largest DDoS attack was launched on service provider Dyn using an IoT botnet. This attack lead to huge portions of the internet going down, including Twitter, Reddit, Netflix, CNN, and the Guardian.

Earlier this year, in the United States, the Food and Drug Administration confirmed that St. Jude’s medical cardiac devices have vulnerabilities that could allow a hacker to access the device and Owlet developed a WiFi enabled baby heart monitor, announced that their heart monitor was also susceptible to vulnerabilities.

Back in July 2015, a team of researchers managed to take control of a Jeep SUV by sending messages to the vehicle’s internal network, also known as a CAN bus. They hijacked the vehicle via the Sprint cellular network, prompting the vehicle to speed up, slow down, and even veer off the road.

In the future, it will be difficult to ignore security vulnerabilities. It has become of paramount importance that IoT security threats are addressed and remedied immediately. It may be the responsibility of developers and companies to provide heightened security for IoT devices, but it’s up to the consumers to be aware of potential vulnerabilities before purchasing a smart device. Consumers should put more pressure on companies to be transparent about their security and vulnerabilities. When pressure is placed on developers and companies, it can encourage positive change and result in tighter security measures.

One possible solution to this problem could be to incorporate blockchain technology into the design of these IoT products, as blockchain’s decentralized feature strengthens the security of data running on its network. This idea is being floated around by manufactures, but has yet to be implemented. Whether or not blockchain technology will be used as a solution to ailing security in IoT devices, the fact remains that we need to address the issue today if we are to effectively secure our lives tomorrow.

About Quixxi

Quixxi provides a security solution for app developers and is currently developing blockchain capabilities to add to it’s marketplace of services, via the Quixxi Token Distribution Event (TDE). Register to find out about pre-sale bonuses by joining the Quixxi newsletter. Stay in touch by following Quixxi on Facebook, LinkedIn, and Twitter, and lastly, keep an eye out for updates on their TDE

For NextGen solutions to capitalise on NextGen opportunities, join the Quixxi community today!