The Internet of Things, simply known as IoT, is comprised of uniquely identifiable objects along with virtual representations in an Internet-like structure. According to Cisco Systems, the IoT refers to the network of physical objects that are accessible through the Internet. Objects in the IoT have network connectivity capabilities, allowing them to send and receive data with or without human interaction. The number of Internet-connected devices, or things in the IoT, is growing rapidly and is expected to reach 50 billion by 2020. These IoT devices can include advanced medical devices, automation sensors, self-driving cars, commercial drones, and industrial robotics.
Things in the IoT are shifting more and more control and responsibility away from humans, and with this shift, problems will arise when things in the IoT malfunction or when the security of these things is compromised.
The security of things in the IoT is a major concern because it could be extremely vulnerable to hackers. In this day and age, when consumers’ private information is susceptible to data breaches, technology experts believe that people’s private information will be especially susceptible as more and more things become part of the IoT. The ability to manage so many devices in the IoT was addressed in a recent Computerworld report that provides a laundry list of IoT items. According to this report, “Everything from house automation devices including security cameras, smart thermostats, microwaves, refrigerators, home entertainment pieces like gaming consoles and TVs to control devices and modern retail shelves.” The main challenge of protecting devices like these in the IoT is preventing hackers from stealing private information and selling it for a profit on the black market.
There is a lot of buzz around the Internet of Things. In the security sphere, there’s much fear, uncertainty, and doubt. Let’s take a few scenarios into account:
Taking the scenario of hacking vehicles, trucks are the major concern. They contain control area network (CAN) bus protocol, used for internal communication of devices. The open architecture of the truck CAM bus makes it very easy for it to be tracked and controlled; however, any wireless technology that can receive an external command that affects the operation of the truck can pose a potential danger. Connected cars are also vulnerable to hacking attacks. 60 Minutes aired a segment demonstrating a hacker using a laptop to turn on windshield wiper fluids, the horn of the car, and even accelerating the car and disabling the breaks. The potential for injuries due to hacks on connected cars is quite startling.
Connected homes can be hacking targets as well. One example of this is a hack on a connected TV that runs Google’s Android operating system. These TVs are very vulnerable to the same type of attacks as those on smart phones. Anyone hacking your TV could take photos, provided the TV had a built in camera and possibly spy on viewers. This similar weakness had been discovered in multiple ad libraries used by many free apps. Home routers are also a source of vulnerability. Hackers can use the security hole to redirect victims to the particular website they want when accessing the Internet.
Hackers are not only attacking big business and the government. Hackers have also breached hospital networks. Medical devices are very susceptible to cyber-attacks. These devices can be altered to perform tasks not set by medical professionals, which in turn can injure or kill patients. Some of the medical devices hackers can access include implantable heart devices, infusion pumps, hospital networking systems, and medical imaging equipment.
Having a computer networking system in a hospital has its perks, but a system that is not well secured can put the patients at risk of a cyber-attack. Medical devices with software, Internet, computer chips, and wireless technology are more exposed to attacks. The Food and Drug Administration has put up a set of guidelines to companies and medical professionals to help regulate the sale of medical devices that can connect to the IoT, though not much else has been done to protect patients from cyber-attacks. These flaws in security can be managed and even fixed with careful steps: focusing on security by design, a good collaboration among manufacturers, regulators, industry, and medical practitioners, a change in regulatory approval paradigm, and encouraging feedback from patients and their families.
The IoT will enable organizations and individuals to benefit from its convenience and lower costs in their daily lives. Sadly, hacking, exploitation, and malware are likely to happen. The security techniques deployed thus far have proven ineffective, and as more and more people are subjected to cyber-attacks and identity theft, the manufacturers of these connected devices will be subjected to lawsuits. As the IoT continues to grow, it also continues to shape into the next big area of mass torts litigation.