This post is by Naveen Joshi, Founder & CEO, Allerin
It took a decade up to 2005 for the deployment of the first billion internet connected sensors. On the other hand, a billion sensors were implemented in 2013 alone, and they are expected to reach a trillion in a short period of time. But what we are forgetting here is that the IoT framework represents a totally different level of complexity and scale in case of security and privacy. We can surely expect some specifically targeted attacks on existing and emerging infrastructure along with new forms of blackmailing and extortion schemes, data thefts in the near future.
Many points of vulnerability
Every single device and sensor is a potential risk in the IoT framework. These devices cannot, at all times, be trusted to preserve the confidentiality of the data collected and integrity of the data sent. These devices are often left unattended and can become an easy target. Any malicious software which is able to capture these devices, can extract secrets, modify their programming and keep them under its control.
According to a study by HP, there are on an average about 25 security defects in commonly utilized IoT devices such as web cameras, televisions, home alarms, door locks and thermostats. Some of these devices have weaker factory-made authentication features which also face neglect from the users. Passwords are extremely important when it comes to authentication and many IoT devices rely on them. However, most devices have a limited user interface which makes the implementation of password authentication system weak by default. This makes smart devices susceptible to brute-force or dictionary attacks.
In 2014, an Israeli security firm uncovered some critical vulnerabilities in a telematics device developed by U.S.-based connected-car startup. It was found that the hardware of the device, which tracked the car’s performance to provide driver instructions to improve driving efficiency, did not encrypt communications between device and server. This flaw could help hackers to send malicious updates to the device, steal data on the car’s location and performance and even unlock doors.
IoT devices have specific operational constraints which need to be taken into account before implementing any security measures. A better processing power needed to support encryption is difficult to realize as physical autonomy of the device and cost are given more preference. It is possible that reduced resource capacity exposes the communication between connected devices to risks. Though, it is also necessary that the data controllers comply with the principles of data minimization and limit the processing of personal data to the absolute minimum possible.
Updates and Patches
IoT devices have to be updated on a regular basis in order to remain immune to cyber-threats. In case the devices are updated infrequently, the risk of cyber-attacks increases. In spite of this problem, the updates that are offered are inconsistent and late. There are cases in which a security vulnerability is found very late after production.
There are many reasons for this. The firms involved in the development of low-end devices may lack economic resources to give continuous support. This leaves the consumers with an unsupported IoT unit which could contain numerous security defects. Most of the IoT solutions are built from inexpensive chips, which in itself does not allow manufacturers to provide security patches for them. The reason could also be that the technical expertise required to develop such updates would be difficult to obtain by the IoT vendors. It could also be possible that due to the lack of proper communication channels, customers might not be aware of the updates available. In some cases, even if the customer is aware of the update, they may not be able to access them due to hardware or software limitations.
Too much hype
Due to such intense and frequent press around IoT solutions, there is a restlessness amongst enterprises to launch their devices quickly. This hype, although pushing innovation, also puts developers on a tight schedule. All of their efforts revolve around speedy deployment, pushing security to the background. This results in IoT devices going to market with poor encryption, unpatched operating systems and many more problems.
The brave new world that we have in mind is full of exciting opportunities. Trust is the most important foundation of this world of IoT solutions which needs to be backed up by security and privacy. If we want to reap the benefits of a connected world, this is what we need to concentrate upon right now.
Disclaimer: This is an Influencer post. The statements, opinions and data contained in these publications are solely those of the individual authors and contributors and not of iamwire and the editor(s). This article was initially published here.