The Internet of Things (IoT) is a collective term that is applied to a very complex system of interrelated computing client thin machines and devices of differing sorts that are all connected in some way to the internet, they cover a wide range of devices including home and commercial CCTV systems, smart TVs, mobile phones, toys, wearables, smart meters, smart fridges, webcams, solar arrays, robot hoovers and lawnmowers, the smart city tech such as those of traffic lighting systems and weather monitoring hardware, a growing number of vehicles now feature integrated IoT into their standard onboard hardware.
There will be an estimated 20.4 Billion IoT devices brought to existence by 2020 and they provide people, animals, machines and objects with unique identifiers (UIDs) with the ability to transfer different data sets over internal networks and the wider internet without requiring costly human-to-human or human-to-computer interaction.
Alexa is a prime example of an artificial intelligence IoT device and can be very helpful around the home and office with system connectivity for data services including those of home automation, on demand video and more. Distributed computing and thin client systems can also be considered to be a part of IoT.
These devices link us and our data to then assist for a very wide range of services and some are treated with a “set and forget” mindset for their usage, there are many IoT devices installed in service cupboards, lofts, under and above roads, within conduits in buildings and so on – some are working away in plain sight and some hidden away clunking data and require very little, if any, maintenance.
It’s not all rosey with this technological marvel as there are significant concerns in the areas of privacy and data security exploits with the manufactures of the hardware, governments, industry and home users beginning to set standards working to address these problems.
There are a couple of main problems with IoT devices depending upon their type, real world applications and end-user setup or ongoing interactions with vulnerabilities such as the unauthorised transmitting of personal data, this can be from a home computer containing documents, a CCTV system where an intruder could watch live streams of you and your families movements or that of a business property. Some hacks are carried out externally with road signs having their messages changed to a funny MEME, sometimes with a social, political or activist message, ATMs are remotely or locally set to eject the money cassettes for thieves to simply pick up and walk away.
As common knowledge and device integrity become more complex for their operation, more and more devices are being hacked and cracked with some being used as part of a much bigger botnet to combine then have a bigger computation presence that can be used for producing DDoS attacks that could cripple our infrastructure and way of life. Daniel Markuson, the digital privacy expert at NordVPD quoted: “If you have multiple devices connected to the same network in your home or office, and a hacker gets access to one device, they could break into all of them.”
Internet of Things devices make our lives easier but also can have devastating effects at the same time mainly simply to do with the fact that they lack advances security protocols like those in corporate servers, home and office computers and even mobile phones. One of the most common exploits are due to devices set up and left with the default access credentials – the password/username are not changed from the factory set one – these catalogues known devices that are simply left open for all to access are then exploited singularly or on mass using scripts, someone could be invading your privacy; watching you on your CCTV system without you knowing, if a device has a microphone and speaker such as a baby monitor or smart doorbell, the hacker could talk to you, through them! (This does happen).
Some attacks such as where that of a set of similar devices are accessed, they can then work together to infiltrate other systems – the originating devices do not need to be localised together but are still connected wherever they are due to the world wide web and can work like they are all together in sync.
So we are all doomed! – rise of the robots and all that?
Not entirely, it is true that some essential and critical medical care systems like defibrillators for shocking hearts back into a regular rhythm sequence, delivery of medicines with automated drips and associated machines have security holes but these are being fixed.
We have no control with a majority of the IoT devices in the wild, with the ones we do have some investigative work is required to check key security rules such as the changing of default passwords, even network names – if you have a number of devices that can be accessed through a control panel – make sure the passwords are all different.
We should be asking ourselves whether that shiny new device in the shop window or online is really required for your needs, do you really need a TV with a camera in it? If so be sure to change the default access password. We should all learn about our devices even before purchasing if possible as well as inline existing hardware auditing. Consider the use of a Virtual Private Network (VPN) – this changes your online presence to a different location, also closing security holes.
Should you be interested, there is a database, search engine and other information of the known crawled IoT devices from all over the world and can be found at https://www.shodan.io/about/products.
If you have not already, start locking your devices down now.
Stay safe out there.