The Internet Of Things (IoT) refers to devices that collect and transmit data via the internet. But how does the IOT impact our security?
Anything that can be connected, will be connected. In 2008, there were already more objects connected to the internet than people. By 2020 there will be an estimated 50-200 billion connected devices, According to Behmann & Wu.
Spamming is already a widely known problem on the Internet and could also affect the IoT. For example, criminals could change EPCs, so that tags point to banner ads instead of an ONS server, which would result in revenue for the spammer for each tag read (Weber & Weber 2010).
“As an industry, the IoT has failed to make it clear that if you put software on something attackable and connect it, it’s exposed. We have to aggressively and sanely excel the benefits of connected devices, while mitigating the risks. If we move too fast in developing new IoT applications, but don’t make security a paramount consideration, we’re leaving ourselves vulnerable for massive breaches with massive consequences.”
With billions of devices connected together security becomes a big issue.
The IoT holds great promise for cybercriminals who can use our homes´ routers, televisions, refrigerators, and other Internet-connected devices to launch large and distributed attacks. Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply will not work to solve the problem (Behmann & Wu 2015). Do not buy devices which have default passwords. Once you connect the device is exposed on the internet so anyone could find an address to a machine and connect to it and do whatever they please.
All IoT devices should have authentication. The password needs to be unique for every device so only the owner can log into it. Every IoT device should use encryption while uploading to the cloud, sharing data etc. so only the people that are meant to are getting the information. Protect your privacy. we don´t want these IoT devices to reveal things about where they are or who the owner is and how long they´ve been running. That sort of information needs to be hidden so only the right people can see it.
Attacks launched using IoT devices
We´ve already heard stories of Malware which searches for IoT devices and tries to take them over. Why is it so simple to do this? Computers have built-in security features, they have firewalls and antiviruses. But all these IoT devices have no security what so ever and most of them have a default access. In other words, the same set of password for all the devices from the manufacturer. If I buy a coffee maker and connect it to my Wi-Fi my new IoT device is exposed to the internet. Every IoT device has some sort of mini-computer inside it. Hackers are able to take over and use the device to launch DDoS attacks. Therefore, reasonable security measures need to be made.
Behmann, F & Wu, K (2015). Collaborative Internet of Things (C-IoT): For Future Smart Connected Life and Business. United Kingdom: John Wiley & Sons Ltd. 7-36.
Beaver, K & Rouse, M. (-). distributed denial of service (DDoS) attack. Available: http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack. Last accessed 13th May 2017.
Hanson, J. (2015). Internet of Things Security Risks and Challenges. Available: https://www.pubnub.com/blog/2015-06-05-internet-of-things-security-risks-and-challenges/. Last accessed 11th May 2017.
Weber, R.H. & Weber , R (2010). Internet of Things Legal Perspectives . London, New York: Springer. 44.
-. (2016). DDoS Attack Against Dyn Managed DNS Incident Report for Dyn, Inc.. Available: https://www.dynstatus.com/incidents/nlr4yrr162t8. Last accessed 12th May 2017.
-. (-). Big Data and the Internet of Things. Available: https://www.infragistics.com/community/blogs/mobileman/archive/2015/12/15/big-data-and-the-internet-of-things.aspx. Last accessed 12th May 2017.