From the moment Kevin Ashton coined Internet of Things term, and started talking about advanced connectivity and machine to machine communication, peoples’ reactions went from idealized picture of smart cities to apocalyptic scenes from Terminator 2: Judgment Day movie. Truth is that people still don’t realize the real dangers that are lurking behind Internet of Things concept. In this article we will discuss Internet of Things’ security and potential issues that might come up, when this concept becomes fully operational in real life.
Awakening Jeep and Tesla hacks
It was a lovely sunny day in St. Louis. Andy Greenberg drove his Jeep Cherokee on the freeway, when SUV’s computer went mad. First it messed in-seat climate control system and made Andy chill, then it changed music from easy hip hop beats to maximum-volume Skee-lo and in the end the engine completely stop running, and the pictures of Charlie Miller and Chris Valaseck showed up on computer’s display.
After this stunt, Miller and Valaseck immediately received competitive job offers from Tesla. But even their advanced hacking and internet security skills weren’t able to protect Tesla’s Model S from Kevin Mahhafey’s and Marc Rodgers’ hack, which used insecure four years old Apple WebKit to shut down electric roadster’s engine. These two car hacks made some of the worst IoT enthusiasts’ dreams come true. They showed that in Internet of Things environment skillful hackers can access various devices and make them run in irregular way. This means that hacker can for example connect to company’s printers, start them all at once and make them print ‘War and Peace’ novels, therefore destroying company’s printing budget. One way out of this issue is to refill your HP toner and forget it ever happened. But traffic, medical equipment and military installations hacks can be 1,000 times more hazardous and even the slightest possibility of hacking some of these gadgets sounds terrifying.
Some of the most common IoT security issues
Internet of Things undoubtedly increases attack surface. Experts are still trying to find effective and scalable solutions that will help them to make IoT more secure, but these are some of the burning issues they are still facing today:
- Current IP is too small for IoT– IPv4’s block space is limited and it is already depleted by American Registry of Internet Numbers. IoT concept involves trillions of new IP addresses, with each one being assigned to every new gadget that connects to the network. Some experts like Francis daCosta claim that this huge number of new IoT devices won’t be individually managed. New devices will only be accommodated by the new IPv6 protocol. This will lead to creation of many new self-organizing local networks. These small networks will enable administrators to have a closer look on devices’ security.
- Future OS wars– Today most devices like Apple watches, sleep monitors and smart locks connect directly to smartphones and desktop computers and use their OS to run their chores and deliver data. In the future when every gadget will be capable of connecting to the network independently, they will all require their own Operational Systems. This will create a huge stir in already messy OS market, and it will be really hard to mash up data from hundred (maybe even thousand) different operational systems.
- Hardware problems– Edith Ramirez, chairwoman of US Federal Trade Commission, is one of the first experts who realized that production of low-cost and low-quality sensor devices increases vulnerability of the whole IoT concept. Most IoT chips that are sold today are based on outdated architecture (like Quark processors). This means they are much easier to breach. That’s why IoT concept still requires standardization, when it comes to both hardware and software, which will drastically increase its security.
IoT devices require complex security
Devices that make IoT concept running require complex security that will cover all possible threats and scenarios and have multilayer approach. Question of IoT device security needs to be addressed throughout devices lifecycle and it should cover all of its phases, from initial design to real time operational environment. Devices should contain all of these security mechanisms and protocols:
- Secure booting– from the moment device is turned on, it should go through system verification, using cryptographic digital signatures;
- Access control– if some part of IoT device is compromised, access control should stop the intruder from obtaining more data from the network;
- Device authentication– each device should authenticate itself prior to obtaining network access;
- Firewalls– IoT devices require firewalls that will control incoming and outgoing information;
- Regular patches– devices’ OS should be patched on a regular basis;
Internet of things is still in first phases of its development. It is very important to say that development of internet itself went through these phases in a very similar way. Two decades ago there were many concerns about network security, and many experts were very doubtful of its use in official communication, banking and sales fields. These concerns grew after the appearance of malware, DDoS attacks and phishing. Despite all these concerns and security risks internet now makes the world moving and represents indispensable tool in all spheres of human life. Hopefully one day, Internet of Things will reach the same status.