Security of the Internet of Things (IoT)

Artificial Intelligence Internet of Things Startups Technology Security

Posted by Enrico on Oct 01, 2016 1135

Current technologies are not able to secure Internet of things (IoT) devices effectively. This is mainly due to the fact that an IoT device is, in practice, a system of systems, in which each child system is conceived with different standards and protocols. Engineers can mitigate the IoT risk of the child systems they are responsible for, but what happens when we connect two or more systems developed by different engineers? Don’t the vulnerabilities of one affect the overall security of the final smart IoT device? The answer is yes, they do!

For instance, closed-circuit cameras and smart-home devices could be hijacked by malwares and used by hackers to reach the central operating server – your computer.

The main challenges for IoT security come from the following factors:

  • Many IoTs (with more devices interconnected) are poorly designed and use protocols that often conflict with one another.
  • IoT privacy concerns are complex and not always easy to spot.
  • The technologies for IoT are changing fast, making it difficult for security experts to keep up.
  • There is a lack of standards and regulations for authentication and authorization involving IoT devices.

Although technologies such as Blockchain could solve the issues brought about by the IoT centralization aspect, many other issues, such as the lack of interoperability, remain unsolved.

Understanding IoT security – the IoT journey

To understand the security of IoT devices, one needs to take a holistic approach. Consider the complete journey of a functioning IoT device from the collection of data via its sensors to the maintenance required during its life cycle.

  • Sensors
    The IoT relies on sensors. Can you trust them? Security breaches can occur by fooling the sensors installed in the IoT. Think of corrupted card readers, for example, where you get your card cloned.
  • Sensor connectivity
    How are all the sensors interconnected?
    • How much can you trust Bluetooth?
      Hackers can pick Bluetooth energy locks from a kilometer away.
    • What about CAN protocols, typically used in the automotive industry?
      Well, hackers have developed cheap tools to penetrate devices via this protocol.
    • And wired networks?
      Hackers have become expert at reverse engineering network protocols.
    • What about new trends?
      Drones have been used to attack industrial wireless  systems. Wireless mice have been used to inject keystrokes into a device under attack.
      Do you get the picture?
  • Aggregators/Gateways
    Once the data are collected by the sensors, they need to be aggregated. Aggregators act by consolidating large volumes of data into lesser amounts: clusters and weights. These could be attacked by denying them the ability to operate/execute or by feeding them compromised data.
  • Upstream networks/protocols
    Are the systems used to upload/download the aggregated data reliable? Hackers are able to clone 3G/4G cards with a PC and an oscilloscope! Internet-connected gas pump monitoring systems have also been hacked. Similarly, seismological networks have been exposed remotely. In practice, every Internet-facing piece of equipment can be hacked.
  • Storage
    Where are the data stored once uploaded/downloaded? A physical hard drive on a computer? In the cloud? In either case, the physical data could be accessed and compromised.
  • Data analysis
    Where is the software analyzing the stored data operating? Hackers could install malware for the purpose of altering the data.
  • Installing/Maintenance
    Who is taking care of the physical maintenance of IoT devices? Hackers could take advantage of planned maintenance moments to hack into a device.

Share this post on social media:

Contact me if you'd like to become a contributor.

  • Thumb img 2844

    Enrico Tam

    MBA, PhD, tech entrepreneur, maker

    Hi, I’m Enrico and I started hacking at 9 years old back when it was Visual Basic. After trying to become a professional tennis player I somehow got entangled in a PhD in engineering, an MBA programme and a big consulting fir... (continued)

Join the discussion

Never miss a post!

I’m Enrico, I write to learn and to share my adventures :)

Don't hesitate to write to me on twitter!

Popular bloggers

Popular posts

See all posts

Cookies help us deliver our services. By using our services, you agree to our use of cookies.