The Internet of Things and all of it’s ‘Things’
The Internet of Things is the collection of physical devices connected to the Internet for control and feedback purposes. We have long passed the age where the only things connected to the Internet were computers and smartphones. Modern homes can have a myriad of objects connected to or accessible from the Internet.
Smart TVs, video game consoles, thermostats, door locks, vehicles, even refrigerators and light bulbs are on the menu. For modern businesses there are even more devices.
Smart feedback connections in HVAC systems, hi-tech security systems such as alarms and cloud-based cameras, and point of sale equipment are commonly connected to the Internet. Manufacturing companies have entire machining platforms connected to networks for sending data and reading production & machine health feedback.
The IoT does this wonderful thing where productivity can be maximized and managed in real time. A company can immediately see where time or material is being wasted and make changes faster than ever.
A homeowner can access their music and play games or watch rich media that never would have been available without the Internet. It’s estimated that by 2025, there will be over 1 trillion devices connected to the Internet.
All of This Convenience Comes at a Price
Before the IoT, our biggest concerns in cyber security were protecting computers and smartphones. Educating your user base and good virus protection software were mostly all that was needed to prevent data breaches.
The Internet of Things has changed all of this. With a much greater attack surface to work with, hackers are increasingly using IoT devices as entry ways to a victim’s network.
The 2013 hack of the retail giant, Target, was a result of stolen credentials used to monitor their HVAC systems.
More recently, in October of 2016 many popular sites such as PayPal, Twitter, & Netflix were taken down by a DDoS attack launched not from infected computers (as is usually the case), but from hundreds of thousands of IoT devices. These devices included closed-circuit TV cameras, DVRs, & routers.
The IoT Doesn’t Have to be an Infosec Nightmare
It’s no secret that in many cases, the coolness factor outweighs security. A product which is difficult to use will never make it to the market. Because of this, many IoT devices come with hard coded default passwords.
Additionally, manufacturers rarely release software updates and in the rare instances that they do, there’s little notification to the consumer that updates are available.
For end-users and consumers, protecting yourself from hackers on the Internet of Things starts with some of the same tactics used to protect your computers – change your default passwords.
Every device should have a unique password that differs from the manufacturer default. The DDoS attack that took down Twitter, PayPal, & Netflix was possible because the IoT devices used were accessed using default manufacturer passwords.
For manufacturers of IoT devices, security must be taken into account from the first design steps. This in fact, could become law as the DHS has now opened the door for lawsuits against manufacturers for not providing basic security protocols in devices that make up the Internet of Things.
In order to facilitate cyber security, the makers of IoT devices must provide regular security updates for the lifecycle of their products. Since this is currently not the norm, it’s up to the consumers to be educated and only purchase those devices that meet the standards.
The power to change always lies with the consumer. Do your research before buying an IoT device such as a smart TV. Make sure you’re buying one that’s secure and gets updates from the manufacturer regularly.
If the one you want doesn’t offer that, get a different one and make a habit of filling out those post-purchase surveys so that manufacturers are aware of why consumers make their decisions.
New Business Opportunities Straight from the IoT
As is always the case, when there’s a need, someone will come along to fill that need. Companies like Tempered Networks use special switches specifically designed to cloak IoT devices in an additional layer of security.
Using granular controls, these products allow IoT devices to perform their intended actions across the Internet while remaining hidden from probes coming from unapproved locations.
Ultimately, the consumers have the power to change the Internet of Things by choosing those devices which are secured properly and doing the work to secure them. The future lies in which consumers are going to adapt, and which are going to choose to do nothing and get hacked.
Sharif Jameel is a business owner, IT professional, runner, & musician. His professional certifications include CASP, Sec+, Net+, MCSA, & ITIL and others. He's also the guitar player for the Baltimore-based cover band, Liquifaction.