IoT Security: Connectivity Creates Vulnerabilities

Illustration of connected devices laid over a world map representing the Internet of Things (IoT).

The Internet of Things (IoT) refers to everyday objects that are able to connect to each other using the internet. These objects include smart devices like wearables, home appliances, electrical and lighting products, home security systems and self driving cars.

IoT will introduce unprecedented growth in devices and data,” according to Cisco. “There may be as many as 50 billion IP-connected devices by 2020, with the potential to generate ten times the amount of data produced today.”

Smarter devices can add convenience and comfort, but the connected lifestyle comes with security risks. Hackers are finding ways to exploit everyday IoT devices. Vulnerabilities must be addressed for the IoT to keep personal data, consumers and the general public safe.

IoT Security Concerns

Seventy percent of the most commonly used IoT devices contain serious vulnerabilities, according to a study from HP. On average, 25 vulnerabilities were found per device, and the study noted that these devices often collect personal information such as name, address, date of birth, health information and even credit card numbers.

  • 80 percent of devices raised privacy concerns.
  • 80 percent failed to require passwords of sufficient complexity and length.
  • 70 percent did not encrypt communications to the internet and local network.
  • 60 percent raised security concerns with their user interfaces.
  • 60 percent did not use encryption when downloading software updates.

 
These trends are reflected in security scares and breaches. Smart TVs using an older version of Android are at risk of a known exploit that provokes consumers into downloading malware, according to the TrendLabs security intelligence blog. Once installed, the attacker can trigger the vulnerability in the system and gain elevated privileges in the system. Consumers should keep their smart TV sets updated to the latest version and consider installing protection solutions.

A version of the NissanConnect EV app only required a car’s vehicle identification number to gain access to a Nissan Leaf, Wired UK reports. Nissan researchers found the vulnerability and were able to remotely control the car’s heated seating, heated steering wheel, fans and air conditioning. A hacker would have been able to see the owner’s username and eventually obtain personally identifiable information like the individual’s address. Nissan removed the app and announced it would release an updated version.

The Nissan Leaf is not a smart car — smart cars are vulnerable to intrusive attacks that can steal personal data and take over controls, Information Week reports — but the model’s connectivity means that hackers can access vehicle control systems. The FBI and U.S. National Highway Traffic Safety Administration have warned automakers that motor vehicles are “increasingly vulnerable” to hacking, according to Fortune. Connected devices like cars and home security devices, which are also now connected to the internet, pose similar concerns for consumers.

Another type of vulnerability is seen with wearable devices, which are expected to number 780 million by 2018. Wearable devices provide hackers with “plenty of opportunities to steal sensitive data and benefit financially,” TechRepublic reports.

How IoT Security Concerns Could Impact Public Safety

The IoT can enhance public safety. Examples include:

 
However, the IoT introduces risks that can undermine public safety. “A cyber-adversary could use IoT to compromise automobiles, shut down transportation systems, destroy industrial components, or alter medical devices,” Cisco says. “These threats aren’t theoretical.”

  • Stuxnet, a malicious computer worm, was used to disrupt atomic research in Iran.
  • Researchers demonstrated how to hack an insulin pump at a security conference.
  • Hackers proved it is possible to take control of critical automobile mechanisms, including brakes and steering controls.

 
Health care is moving toward 24/7 monitoring and treatment, where IoT technologies can help administer remote treatment and devices will alert physicians when vital signs change. A connected transportation system will link traffic lights to vehicle control systems. The electric power industry could rely on the IoT to reduce costs and increase efficiency.

Vulnerabilities in these and other applications could impact public safety negatively. “The FDA issued an alert about a connected hospital medicine pump that could be compromised and have its dosage changed,” ZDNet reports. “A cyberattack on a German steel mill left a blast furnace running with no perceived means of shutting it down.”

Our IoT-Connected World Needs Cybersecurity Experts

Most cybersecurity professionals believe that network security has become much more difficult or somewhat more difficult over the past two years, Cisco found. Malware attacks on IoT devices run embedded operating systems and applications with little if any malware detection or prevention capabilities. The IoT demands data security improvements to support the increase in devices, users and network traffic.

The state and growth of IoT devices across industries means that cybersecurity will grow dramatically. Industry statistics reflect this trend, as Forbes contributor Steve Morgan reports.

  • The global cybersecurity market is expected to be worth $170 billion by 2020, up from $75 billion in 2015.
  • The global cyber insurance market is expected to reach $7.5 billion in annual sales by 2020, up from $2.5 billion in 2015.
  • The IoT security market is expected to grow to nearly $29 billion by 2020, up from $6.89 billion in 2015.

 
Cybersecurity experts should be in demand for businesses. By 2017, 81 percent of companies intend to roll out IoT devices, according to Inc. Seventy-three percent of companies were attacked in 2015, and only 34 percent of companies with IoT devices are focused on keeping them secure.

Aurora University’s online Bachelor of Science in Computer Science equips students with the knowledge and skills needed to pursue a future in cybersecurity or for roles like computer programmer, web developer and computer systems analyst. The program takes place in a fully online environment, allowing students to manage their work and personal schedules.