Internet of Things Hype Hides Deep Cybersecurity Vulnerabilities

tech

[Credit: Blue Coat Photos, Flickr]

Originally published on Sputnik, November 17, 2016.

A market research firm IDTechEx has dismissed claims by tech companies that the so-called Internet of Things (IoT), devices that have Internet access, is the future of technology. One leading cybersecurity expert has told Sputnik’s Nima Green that serious vulnerabilities, including the risk of being hacked, is a concern for many consumers.

In a new report, Internet of Things 2017-2027, IDTechEx said that although companies are spending billions of dollars on IoT on an annual basis, the concept is mostly just hype because real-world deployments and spending have reached only a small fraction of what many experts predicted.

“Our forecasts do not repeat the mantra about tens of billions of nodes being deployed in only a few years. The many analysts sticking to such euphoria ignore the fact that, contrary to their expectation, very little IoT was deployed in 2016. They are ‘bubble pushing’ with their forecasts, predicting ever steeper take-off to the point of physical impossibility. That is a triumph of hope over reality,” IDTechEx said in a statement.

IoT devices include everything from smart fridges and digital video recorders, to CCTV cameras, routers and baby monitors.

Ken Munro, a cybersecurity expert and partner at UK-based security consultancy Pen Test Partners (PTP) and an executive member of the “Internet of Things Security Forum” — a body that aims to promote best security practices for smart device manufacturing — told Sputnik of the inherent security design flaws for IoT devices.

“Where do I start? We see old-school problems like insecure apps used to control IoT devices, things like insecure communications, straightforward vulnerabilities that have been known for ten plus years in apps,” Ken Munro said.

“Typically, they get there before the IT vendors probably outsource the coding and haven’t really thought too hard about asking questions about security of their outsource developers.

“We also see vulnerabilities in Wi-Fi and Bluetooth — if they’re not done properly they can lead to security vulnerability for that site. We see issues with the hardware, software and firmware on devices.

“The problem there is that you’re putting the software in the hands of the hacker, effectively. Anyone who is willing to buy products can potentially access your hardware. What we often find is we can extract firmware form IoT devices, and glean lots of interesting secrets, which can eventually lead to devices being hacked,” Mr Munro explained.

One recent high-profile hacking incident involved the website of prominent security blogger Brian Krebs. In September 2016, the website was overwhelmed by what’s being called one of the biggest ever distributed denial of service (DDoS) attacks in Internet history.

Cybercriminals put together a network of 152,463 hacked cameras and other IoT enabled devices, to create what is called a botnet.

These botnets are used to deliver DDoS attacks, which basically means flooding a network or web server with so much traffic that it cannot cope and crashes.

It amounted to a coordinated an unprecedented targeted cyber assault.

Mr. Munro says that IoT devices are all too vulnerable to exactly this kind of manipulation:

“I think we’re just scratching the surface of denial of service from IoT services right now.”

Market research firm IDTechEx also dismissed ex-Ericsson Chief Executive Hans Vesterberg’s 2010 claim that there could be some “50 billion IoT devices” in the world by the year 2020.

Mr. Munro is equally skeptical:

“I think we’re probably not going to see the growth rates that people are expecting. I think security concerns are going to be a significant break on the growth of IoT. So, until those security concerns are resolved, we’re going to see moderate growth.”

However, Mr. Munro does believe that there is a great deal of potential in future development of IoT.

“I think IoT done well can do amazing things, like for instance with assisted living for the elderly. I think it’s a phenomenal benefit if we can do it securely.

“With all these great new technologies comes a lot of responsibility, if we’re going to make people more dependent when they’re living with physical conditions — there are going to be very vulnerable people — so we’re going to need to be very, very aware of security for them,” Mr. Munro said.

Despite the cybersecurity challenges, the world of IoT has come a long way.

Ten years ago, IoT devices were mainly machines, distinct from consumer gadgets. Now, they’ve diversified into a myriad of different devices. Even your pillow could be an IoT!

No wonder then, that some technology giants like Cisco and Intel speak about the “Internet of Everything.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s