The Internet of Things – a geek’s paradise where interconnected devices such as your speakers, doorbell, car, iWatch, house lights and even your fridge exist for the sole purpose of making your life all that more simple… Unless they get hacked.
Imagine a future where every device you own and every object surrounding you will be connected to the Internet. The Internet of Things (IoT) is exactly that — the complete computerization of every ‘thing’ in our lives, autonomously interacting with each other.
— Vala Afshar (@ValaAfshar) February 3, 2016
Tech firm Gartner projects that by 2020, the world will have 21 billion connected ‘things’ — that’s compared to a 6.4 billion this year. Jim Tully, vice president and distinguished analyst at Gartner, said:
“Aside from connected cars, consumer uses will continue to account for the greatest number of connected things, while enterprise will account for the largest spending.”
Cisco Systems, however, put the number even higher and predict that IoT devices will reach 50 billion by 2020. Cisco also said that more data was generated in the last two years than in the history of mankind. And one of the main reasons behind the spike — the Internet of Things.
IoT seems to be technological breakthrough humanity has long been waiting for — devices used to make our lives as simple as possible. Yet with the transition to every ‘thing’ being connected to the Internet comes the potential threat of a cyberattack.
Vulnerabilities present in the Internet of Things have long been a concern for cyber security experts and are now reaching the public which is purchasing the devices. At a recent CyberTech conference in Tel Aviv, analysts suggested that the IoT is the perfect target for a cyberattack. Whereas a few years ago it wasn’t even a priority, more people are becoming engaged in the debate surrounding how secure the Internet of Things really is.
“Cyber security has basically escalated from being no priority, maybe a year ago, then through the Jeep hack to the Tesla hack, to become top three priority right now,” said Yoav Leitersdorf managing partner at venture capital firm YL Ventures.
Data Theft and Cyberattacks
There is also the question of IoT data which is being collected — analysts suggest that only 0,5 percent of it gets analyzed. And with more data being generated, less of will be analyzed — this means the greater the risks associated with data theft.
— KPMG (@KPMG) January 6, 2016
A cyber security expert told Sputnik that data theft and cyberattacks have been around for a while, however the more devices become computerized the more things can be hacked and compromised.
“IoT is literally, web-services running on different platforms, in the same way there are running on Windows and Mac systems, and the threats transfer seamlessly. All the same security risks are there. It’s just that now with more and more devices there are more and more points of compromise,” a cyber security expert told Sputnik.
So, if an IoT device — for instance, your fridge — is connected to a network and isn’t secure, it will be vulnerable to an attack in the same way your iPhone or Macbook are.
Last week, it emerged that Shodan, an IoT search engine, allowed users to snoop on screenshots filmed by a webcam — including babies sleeping in a cot. A computer expert told Sputnik that devices such as IoT webcams were “hackable with ease.”
Developers behind the IoT devices — whilst competing for our cash — do invest in cyber security, but the efforst don’t even come close to what they should be, according to a cyber security expert.
“The Secure Software Development Lifecycle is something that not all developers are aware of, and it’s a lot to take in if you are a new developer capable of delivering a product but not capable of delivering a secure product.
“Usually security researchers, if they have some spare time and some spare cash will pull apart IoT devices for some good mockery, but the fact still remains, developers are yet to be as security savvy as penetration testers, reverse engineers, and security hobbyests. Every IoT developing company should follow OWASP best practices such as ASVS, understand the top security risks and controls (OWASP top 10) and have a regular pentests before they go live and major releases (as a minimum),” a cyber security expert told Sputnik.
As the IoT market continues to grow, attracting nearly US$7.5 billion in investment over the past six years (according to CB Insights) — from webcams to Barbies, and smart cars to fridges — it seems we can never be fully protected until we’re connected to the Internet.
“Like everything else on the Internet, some companies get it nearly right and still get hacked, other companies with a better security understanding lower the likelihood of compromise (notice I can’t say anyone is safe) and those who don’t understand security will get hacked until they fail or learn… and sometimes at the cost of the customers data being leaked.”