The term “Internet of Things” was coined by British entrepreneur Kevin Ashton in 1999. As explained on Wikipedia, this term is applied to everyday “objects or “things” embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. The Internet of Things allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration between the physical world and computer-based systems, and resulting in improved efficiency, accuracy and economic benefit. Experts estimate that the IoT will consist of almost 50 billion objects by 2020.”
A thing, in the Internet of Things, can be a person with a heart monitor implant, a car that has built-in sensors to alert the driver when tyre pressure is low, a baby monitor that you can view from the office – or any other object that can be assigned an IP address and given the ability to transfer data over a network. So far, the Internet of Things has been most closely associated with machine-to-machine (M2M) communication in manufacturing and power, oil and gas utilities. Products built with M2M communication capabilities are often referred to as being “smart”. For example, the Smart Meter, which was rolled out globally in homes these recent years.
Although the term wasn’t made official until 1999, the Internet of Things has been in development for decades. The first Internet appliance appeared back in the early 1980’s, at Carnegie Melon University, in the form of a Coke machine. Programmers could connect to the machine over the Internet, and check the status of the machine to determine whether or not there were any drinks left. These days we have all sorts of everyday devices that we can control without even being in the same room. For example, stereos that can be operated from a smart phone, fridges we can sync our calendars to, or lights we can control remotely.
You may remember the episode of The Big Bang Theory, where Sheldon and Leonard connect their lamp, stereo and remote control cars to the Internet for open web access, and two teenagers on their computer in China are able to switch the lamp on and off, change the volume of the stereo and drive the cars across the room. Whilst impressive, this amount of connectivity, however, does have its downside.
One issue is authentication. Once you have authenticated a device on your network, there is no ongoing verification. Devices aren’t asked to enter a password every time they want to upload data. If a hacker can break into the device, what resources do they have access to on a network? Wearable devices and environmental sensors create an equally appealing set of targets. For instance, there are thousands of people around the world who wear Fitbit trackers on their wrists, which are constantly logging data about where people are and what they are doing.
Even if your sensors are secure and you’ve restricted your networks, there is a huge amount of collected IoT data floating around out there. This is a crucial aspect many vendors or users have not considered. Is this critical data being protected from getting into the wrong hands?
There have been a number of recent examples of IoT devices being compromised. From cars to baby monitors to Fridges, the cyber criminals are finding ways to infiltrate those devices that are making our lives more convenient.
Baby monitors: an un-wanted open window on your privacy
A number of Internet-connected baby monitors failed research testing when critical vulnerabilities were found. The weaknesses left the monitors susceptible to hackers from halfway around the world performing a raft of despicable actions. These include monitoring live video feeds, changing camera settings, harvesting video clips stored online, and making an unlimited number of additions to the list of users who were authorised to remotely view and control a monitor.
The researchers also warned that the flaws they found could not only allow voyeurs to invade the owners’ personal privacy, but could also prove valuable in targeting executives of large companies who sometimes work from home or who access monitors from work phones or networks.
Fridges that give away your personal information
A recent study uncovered security flaws in Samsung’s IoT smart fridge which can be exploited to run man-in-the-middle (MITM) attacks. Researchers examined the $3,599 Internet-connected fridge – which features an 8″ Wi-Fi enabled LCD for web browsing and app access – and discovered holes in security which could put users at risk.
MITM attacks can occur when a security weakness allows an attacker to spy upon a supposedly secure communications channel, which may contain valuable data such as credentials and financial information. This can then lead to data theft.
The researchers found that MITM attacks could be launched against “most” connections as a result of the security flaw, such as connections to Google servers when accessing Gmail calendar information on the smart fridge’s display. If an attacker is parked outside, they would theoretically be close enough to steal credentials belonging to the owner, which could then give them access to a host of Google services belonging to the user.
Every day we are adding new Internet-ready “things” to our lives which may compromise our personal security and privacy. A connected home, full of network-controllable devices including lights, fridges and home security systems can make our lives more convenient and efficient, but it is the responsibility of both the vendor and the user to keep these devices safe from attack, starting from the sensor itself all the way back to the stored data.