Security and the Internet of Things (IoT)

IoT security
Image credit: Zapp2Photo |

Today, it seems everything is automated. We can set the coffee pot to begin brewing at 6:30am sharp, turn the lights off with a remote control, and start the car from inside the house, all with the push of a button. 

Once we start going digital it’s hard to stop; we want to automate every single part of our life. We can travel to any destination, regardless of whether we actually know how to get there, trusting our car’s navigation system to lead the way. It’s even easy for people to turn on their home alarm system or adjust aircon settings, all from their smartphone. 

By 2020 the amount of internet-connected things is predicted to reach 50 billion. These numbers are exciting, as they mean that we will become more efficient and technologically advanced. But although the Internet of Things (IoT) is making our lives so much simpler it can also pose security concerns. As automation increases it is important that security measures are also stepped up, so that we can safely reap all the benefits the IoT has to offer. We must never forget that without proper security, we are putting ourselves at risk.

Potential negative effects

In amongst the hype is a growing awareness of the potentially negative effects of the IoT. There is an increasing number of reports of connected devices being hacked, often with calamitous results. In a 2015 experiment, a team of researchers was able to take complete control of a Jeep using the vehicle’s Controller Area Network (CAN) bus. They were able to increase or decrease the Jeep’s speed and even drive it right off the road. In the next few years, approximately 90% of cars will be connected to the internet. Given our reliance on cars, whether traditional, electric or driverless, the prospect of our vehicle systems being hacked is quite frightening. 

From dolls to aquariums

More recently, hackers have exploited everything from children’s wi-fi enabled dolls in Germany to a thermostat in an aquarium in a casino – which allowed hackers to access the high-roller database. Office printers, home controllers, smart TVs and baby monitors all offer bad actors a gateway into data that users believe is secure. In the worst case, hackers could unleash an IoT botnet – a group of internet-connected computers, appliances or devices that have been co-opted to launch a cyber-attack – with devastating results.

Transforming healthcare

IoT is already transforming the healthcare industry.  With pill bottles that remember when they were last opened, wireless devices to monitor heart rate and body fat percentages, and digital glucose testers, it is much easier for patients to practice at-home-care. Doctors are able to remotely track all of these statistics to make sure their patients are well, avoiding unnecessary trips to the office. These devices also let doctors take care of more people throughout the day. But as our data is being sent back and forth to different devices, and stored in multiple data centers, it is at risk of being compromised, especially if the third party vendors don’t take proper security precautions. 

Personal information compromised

With an increase in devices that connect to the internet there is a natural increase in points of entry for hackers to access our data. As more industries automate, more sensitive information will become vulnerable. Our medical records, social security numbers, passwords, and alarm codes are just some of the data that is at risk. There have already been extensive breaches just by having credit cards and digital medical files. If our stance on security remains the same, imagine how much worse it will get when everything is digital. You might not think someone hacking into your wearable device is a problem, but if hackers install malware that uncovers all of your passwords and is able to access your smartphone, all of your personal information and accounts could be compromised.

Hong Kong no exception

Hong Kong has seen an increasing number of cyber attacks. Mirai malware was a big IoT hacking outbreak in 2016, targeting vulnerable IoT devices like IP cameras and home routers. The infected IoT devices formed a botnet that launched a massive distributed denial of service (DDoS) attack on major websites globally. 100,000 IoT devices were compromised by Mirai.

2017 saw 6,506 cyber attacks, a 7% increase on the previous year, and the Special Administrative Regions (SAR) can anticipate more financially-motivated cybercrime last year.  According to Hong Kong Productivity Council’s general manager of IT Wilson Wong:

“The growing use of Internet-enabled devices in all aspects of life, and the popularity of mobile payment services will attract more attacks on ‘Internet of Things’ devices and mobile payment apps in 2018. In addition, more attacks targeting service providers with the aim to bypass users’ defence are anticipated.”.

Identities for control and compliance

IoT takes human interaction out of the equation; instead we have machines making decisions for us. It might seem more precise to have computers zeroing in on our target or deciding when it is safe to change lanes; however, these methods are a lot more volatile than those of human operators if not properly secured.

In order to reap all the benefits the IoT has to offer, we need to make sure that security is a chief factor going forward, specifically as it relates to Identity. The enterprises developing these exciting technologies need to be able to place an identity on all of their devices, users, and machines that contribute to the development, testing, and production of IoT. With these newly-created identities, enterprises can then manage the authorization and authentication of their environment for maximum control and compliance. Without this important data, organizations will be flying blind with no insight into who has access to what, when.

Written by Jeffrey Kok, Vice President of Solution Engineer, Asia Pacific and Japan, CyberArk

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.