The Internet of Things will always be vulnerable

JC Torres - Aug 12, 2016
8
The Internet of Things will always be vulnerable

The “Internet of Things”, also known as the “IoT”. A made up marketing buzzword now used to refer to anything and everything that can connect to the Internet, or at least a local network, that isn’t a traditional computer or mobile device. But as dreamy as the idea of being able to command your entire home, as well as your car, with just a few taps on your smartphone or smartwatch, this new trend in consumer electronics does come with some risks. As IoT brings these devices right into our homes and deeper into our lives, they also pose bigger threats to our privacy and security. Because try as we might, the Internet of Things will never be truly and absolutely secure. But that’s also alright, because no connected device really is.

Where danger lurks

To some, the idea of an appliance or a car getting connected to the Internet is as strange as the idea of a phone without physical keys was back in the day. It holds the promise of a future still unimaginable to the common folk, but one with nearly unlimited potential. Unfortunately, it also holds unprecedented danger: danger that could go far beyond the risk of smartphones or computers getting hacked. Because although it is terrible, and inconvenient, when online accounts and sensitive data get pilfered, the effects are still predominantly in the digital world.

When the Internet of Things goes bad, the danger to human lives becomes even more real.

Cars

Whenever you think of the dangers involving connected things going awry, intelligent car systems will most likely be the first to come to mind. After all, they do seem to have the most immediate risk factor as far as safety is concerned. It perhaps doesn’t help that every incident, every hacking proof of concept, gets media focus, sometimes to the point of being sensationalized.

The dangers are, of course, real, even if mostly theoretical. Car makers are increasing their reliance on computer and Internet technologies in a drive to make their newer models more appealing to a new, tech savvy market as well to introduce unprecedented conveniences. From remote control to location tracking to even automated driving, the trend is to decrease the necessity of manual human intervention in an attempt to lessen the chance of human error.

image

Time and again, however, security researchers and hackers have proven how fragile these smart systems can be. And while the most extreme cases sometimes do require physical access to the vehicle, a.k.a. carjacking, simpler methods can sometimes be applied to cause anything from pranks to potentially dangerous accidents. Fortunately, unlike self-driving cars, there are very few reported serious incidents involving hacked vehicles: at least, not yet.

Home sensors and monitors

The dangers, however, are closer to home than we think. Quite literally, too: a good number of IoT products zero in on the home, especially the living room, as the next frontier after our pockets or bags. The number of appliances, sockets, and bulbs that can connect to the Internet, either directly or through a local network, is increasing exponentially every year. With both Apple and Google pushing their own IoT platforms forward, there is no stopping that trend either.

It is, of course, almost perfect in theory. Imagine not having to worry about whether you left the iron turned on, or coming home to a comfortable temperature instead of having to wait for the A/C or the heater to kick in. Imagine being able to monitor the security of your house or the safety of its inhabitants from afar, confident in the knowledge that should an incident or accident occur, the proper people can be alerted immediately.

But it also means that someone else could be doing the same, someone you didn’t intend to access that information. Yes, hackers. Maybe even government spies. Internet security cameras are naturally the most common suspects, because of how they can provide audio/visual information to anyone with access, authorized or otherwise, but even simple sensors and bulbs can be unwilling accomplices to a crime in the making. Aside from doing some nasty damage, data pilfered from these smart appliances could be of use to, for example, profile the homeowner, his or her habits, their arrival or departure times. Even worse, as these devices are usually connected to a home network, they can become gateway to it, giving hackers access to more personal data.

Healthcare

The scariest IoT threat is thankfully also the least common and will also be the most scrutinized. Connected devices are no longer just limited to our traditional concepts of consumer electronics. They can even be inside, or even just on, our bodies as well! There are already pacemakers with wireless capabilities, body sensors that transmit the state of our physiological data every few seconds, or even pills and contact lenses that do the same. It may sound like science fiction, but these types of devices do already exist, even if they’re not yet in the market. In the hands of creative but mad geniuses, they can be tools for harm as well.

image

Fortunately, medical and healthcare devices receive far more scrutiny than even cars, so the pace of commercialization of these devices is slower than the previous categories. Still, it’s really only a matter of “when”, not “if”.

Still a computer, still a network

As worrying as these scenarios may be, they all boil down to one cause really: whatever their form, all of these devices and technologies are, put simply, computers that connect to a network. And therein lies their almost absolute nature to remain vulnerable to attacks, as well as a target of such. The moment computers stopped being hulking cabinets that required physical presence and access in order to use, the moment it was possible for computers to communicate with one another even if far apart, they have become vulnerable. Hacking, whether the good or the bad kind, has never really gone away. The tools have changed, the cultures have changed, the technologies have changed, but the possibility of breaking into fortified systems and the desire to do so has never disappeared nor even waned.

It is, perhaps, really the nature of computers. There is no hardware nor software so sophisticated that they cannot eventually be compromised. Sure, it may take years, depending on the amount of interest: it was only 20 years later that someone finally cracked the SEGA Saturn’s DRM (though the process, of course, took far shorter). Even iOS is not invulnerable. The fact of the matter is that the Internet of Things will never be completely safe from these things either, just as no computer or smartphone is totally safe.

image

En garde!

So should we just drop all of these time-saving, oh-so-convenient gadgets? Hardly. This is the future: it may take a year or maybe ten, but IoT devices will become as common as the bulb in your lamp. And, while it’s admittedly a rather depressing outlook, the story need not end there. After all, security researchers have never thrown in the towel in the rather colorful history of computing. It is a tug of war between hackers and security experts, with lines sometimes blurring in between. Though there’s no clear winner in sight, that’s no reason to give up the fight, especially when the benefits do – or at least will – outweigh the costs.

Meanwhile, you can do your own part to at least ensure that, while not completely invulnerable, your IoT life won’t be an open invitation to miscreants. A few simple steps could make life just a wee bit safer, without missing out on the latest trends in technology.

Fortify your networks: This is probably something that should have been done the moment you connected your home to the Internet. But now it becomes even more critical if you have something connected 24/7. IoT devices, especially those that can send data over the Internet, can become points of attack. Making sure that only authorized devices and people can listen or nothing gets in without your consent and knowledge is always the first line of defense against attackers.

Stay up to date: Security is a never-ending dance, and so security updates are almost never-ending as well. But people are terrible at keeping things up to date, which gives a little justification to Microsoft’s rather heavy-handed forced updates. Gone are the days when users could simply set and forget without a care in the world. Keeping updated doesn’t just mean updating software, too: it also means staying abreast of potential issues your devices might have.

image

Know what goes in or on your body: People can generally only hurt you if you allow them to, and they can only put things inside your body with your consent. If you will be getting something new implanted on your person, be sure to be clear on what that device is capable of. Read the fine print or seek professional opinion if necessary.

Wrap-up

The future painted by proponents and fans of IoT is bright. But bright lights also cast dark shadows: while the benefits and conveniences promised by connected things are undoubtedly mouth-watering, they sometimes fail to mention the risks that always accompany any computer connected to a network. Computers that connect to the Internet have existed for decades and they have never completely been safe from any sort of intrusion. It is hardly imaginable that IoT will be able to accomplish that in a shorter time span.

The Internet of Things is never going to be completely safe. But that doesn’t mean it’s not something we should look forward to. It just means that we, both producers and consumers, should be better prepared.

image


Must Read Bits & Bytes