What is an IoT device and its security vulnerabilities
Posted on: September 4, 2019
By: Shampa Sen, Leonid Datta, Sayak Mitra
About 7.6 billion people will be connected via 50 billion IoT devices worldwide. Business analysts predict it will lead to an economic growth of 4.6 trillion dollars globally in the public sector by 2020. No wonder the Internet of Things has become the buzzword of the decade. One of the first IoT devices was a Coke dispensing machine at the Carnegie Mellon University, which kept records of its inventory and also determined if the drinks recently loaded were chilled. Besides being a pretty simple idea, it demonstrates how the Internet helps us find intelligent solutions to problems.
In simple terms, an IoT device provides an end-to-end solution where the device acquires information continually (through sensors), processes them to produce meaningful data, and which can be then fed to other devices (as input to process further), or can be used directly by users. Due to the wide applicability of such an end-to-end solution, and will become an integral part of technology in the coming decades. However, some have argued that if all objects and people were equipped with identifiable security tags such as radio-frequency identification devices (RFID), computers would be able to manage and inventory them, which would imrpove improve security measures and speed of crossing border control.
Disadvantages of IoT
Like any other technology, there is no magic wand. Although IoT ventures into areas deemed unfathomable earlier, the solutions it provides comes with limitations. If these are not understood completely, it can render the technological revolution useless. For example, consumers need to have the right to control how their data is collected, including the option to delete it if they choose. As stated by Accenture Digital Consumer Survey in 2016, privacy concerns have moved from being a nagging issue to a top constraint as consumers now choose to abandon the devices and services over security concerns. Therefore, we must open ourselves to these possible challenges and fully understand them. Among the many limitations in an Internet-based system, the most important are those involving security and privacy.
IoT security
Our basic understanding of these types of devices tells us it creates an ecosystem of continually connected devices communicating over numerous networks, which leaves the network exposed to various kinds of attacks: more devices lead to more opportunities for compromise. Internet of Things systems’ nature of amorphous computing is a major security concern for many, as it does not always allow the patch fixes to reach every subsystem in the entire net of devices. When security patches do not reach older, outdated systems, some estimate it renders 87% of active devices vulnerable. Additionally, it allows for post-sale manipulations by corporations. The lack of strong security protocols fuel increased risks of other types of compromise, namely, sensor-related risks and ecosystem risks. Sensor-related risk is susceptibility in various types of connected devices:
-
Counterfeit products: Duplicate products ingrained with malicious programs. At times only, certain components are modified to allow unauthorised access to the system or subsystems. Identity spoofing is a commonly used technique for gaining such access.
-
Information extraction: Malicious code designed to extract sensitive information from any sensor or connected device(s).
IoT privacy
Although the IoT claims to revolutionise active user engagement, it has already proved to be a great tool for passive engagement with users; especially in situations where a single device is used by multiple users, as for instance in public places. Privacy concerns have nudged many experts into believing that infrastructures based on big data are inherently incompatible with the concept of privacy. The recent example of hoardings and billboards containing hidden cameras to track the demographics of the commuters who showed considerable interest in a specific advertisement was cited to support the claims of “invasion of public space.” Considering the smart home systems, we can easily realise how the security and privacy of most households are susceptible to compromise by a simple analysis of the smart home system traffic patterns.
The sheer variety of applications creates a need to classify them. Although many different aspects can be considered for the classification of applications, the most popular scheme is based on the end-user, which is:
-
Consumer application: For the general consumer. For example, home automation solutions, wearable technology, etc.
-
Enterprise (business) application: For providing business solutions to a myriad of enterprises.
-
Infrastructure applications application: For maintenance and improving infrastructure. For example, smart traffic control, automatic toll collection, etc.
-
Health care application: For improving efficiency, accuracy, and precision of current medical instruments through responsive and integrated systems.
|