One day, you arrive home from work to discover that your cloud-enabled home security system has been breached, and your house has been robbed. How could such a thing happen? Well, if you’re an early adopter of the Internet of Things (IoT), you could find out the hard way.
What’s this new buzz-phrase mean? The Internet of Things is what technology enthusiasts call the integration of devices (things) with the Internet. Essentially, a smart refrigerator that emails you when you’re running out of milk; a cloud-based, wearable fitness device that dials emergency services when you’re having a heart attack; a smart alarm clock that starts your coffee maker only when you turn off your alarm and get out of bed.
These are the devices of the future , networked together and uplinked to a cloud where you can access the information no matter where you are in the world. Even away from home, you can be plugged in to everything that’s important to you at home. It’s a futurist’s dream, but it’s also a security expert’s nightmare.
So what is the Internet of Things in reality? Aside from the pie-in-the sky future vision listed above, there are already technologies branching into this realm. For example, the popularity of the FitBit is a first generation of this kind of concept.
The FitBit is a wearable device that logs how many steps you take, distance you travel, calories you burn, and even when and how well you sleep. When the device comes in range of the wireless base station, it ships off all that data about you into an online profile that you can use to watch your progress.
It’s a fun, convenient way to get in shape, right? But, with the Internet of this thing storing all of your private health and activity data, you can imagine just how valuable that may be to various people. Marketers would love to learn whether you struggle to get a good night’s sleep, whether you struggle with weight, or how often and how much you travel.
On an ominous side, criminals would certainly love to know your sleep patterns, and the frequency with which you upload data at the base station – providing insight into when you’re usually home. Smart cameras could be hacked to visually spy on you right in your home. The security dangers of data collected by such devices aren’t always obvious on the surface, but when you look at how much information it reveals about you – it can be disconcerting.
Smart refrigerators could reveal your eating habits and food preferences – a gold mine for marketers. A GPS-enabled unit in your car that unlocks your home and opens your garage when you arrive home could tell would-be thieves when you’re away from home. Essentially, any personal data about you that makes it onto the Internet becomes fair game – and with the Internet of Things movement, nearly everything you own becomes “Internet-enabled”.
Security Weak Links
So where are the weak points in the brave new world of Internet “things”? The danger comes at every “junction” in the system. In other words, where devices link to the Internet, and where that data is transmitted to some secure destination.
Stuart Dommett, Intel’s head of business marketing explained it best in an Inquirer interview:
“You’re going to have to secure the device or the sensor, you need to secure the data, and you’re going to have to secure that across an open network – it really is a massive, massive change.”
This is similar to the case with emails , where the security dangers are mostly on the device side of things – from users falling for phishing scams , to malware and adware capturing your passwords. In the case of smart sensors, the data that exists on the sensors is vulnerable, the data being wirelessly transmitted from the sensor to the Internet is vulnerable, and the data transmission to the remote server is also at risk.
In the future heyday of the Internet of Things, which is sure to come quickly, these sensors will include home thermostats and lighting, health monitoring devices, automobile monitoring and navigation, and the bounty of smart appliances that are already showing up on store shelves today. That means each one of the “smart” sensors you’ll be bringing into your life become yet another potential security vulnerability.
Forget about whether someone is going to hack your email account, the worry of the future will be whether someone remotely disables your “smart” home security system , or hacks into your health monitoring device and learns every detail of your medical history.
Is IoT Doomed to Hackdom?
Is the sky falling when it comes to IoT? Is our world inevitably going to become a goldmine for hackers and government agents looking to peek into every aspect of your life (more than they already do)?
If security experts out there have anything to say about it, the answer will hopefully be an emphatic “no!” In fact, there is already an Open Interconnect Consortium in place, which includes major corporations like Intel, Dell, and Samsung, who are all hoping to establish a common standard for a robust and secure method to connect devices together regardless of OS or platform. It is still in the early stages, where proposals for such a standard are being accepted for consideration. Its mission statement reads “We want to connect the next 25 billion devices for the Internet of Things.
It should make anyone hoping for a secure IoT future very pleased to learn that as of July 2014, McAfee has joined the consortium. With the security experts of McAfee driving the early adoption of standards, you can be certain security will be a core aspect. Gary Davis, chief security expert at McAfee Blog Central explains it this way:
“Smart refrigerators can be used in botnets. Smart televisions can be used to spy on its owners. But these dangers are preventable through good consumer practice and better industry standards.”
In other words, if the manufacturers of these new types of devices can build security right into the devices at the sensor level and in how sensors communicate wirelessly to other devices, you’ll have 90% of the vulnerability secured, without the consumer having to do a single thing. That is in an ideal world. Whether the Open Interconnect Consortium can accomplish that lofty goal remains to be seen.
Are you going to embrace the Internet of Things? Or are you going to avoid it like the plague? Share your own thoughts in the comments section below!