22
Mar

The Rise of an Era: IoT and Cybersecurity

The Internet of Things (IoT) is rapidly gaining momentum in various industries, such as automotive, consumer electronics, education, sports, cosmetics, and healthcare sector, among others. The emergence of IoT is expected to be one of the major technological advancements of this era. IoT is a network of devices, which facilitates the exchange of data between devices, resulting in smart devices that provide users with real-time, interactive capabilities among various separate electronic entities. These smart devices can be home appliances, automobiles, or other electronic devices.

Various organizations have been introducing IoT technology to consumer electronics and home appliances, resulting in the smart kitchen, which is gaining popularity among consumers. For instance, in 2016, Samsung Electronics introduced a smart refrigerator to its kitchen appliances product line. The Samsung Family Hub refrigerator is based on IoT and includes an LCD display of 21.5 inches in HD resolution. [1] The technological advancement available in this refrigerator enables a user to share, post, update calendars, track food product expiration dates, and includes a camera that logs door opening and closing activities, and users can access all the activities through their smartphones. The introduction of such products, integrated with advanced technologies, is expected to create new business opportunities for organizations, enabling them to expand their base and maintain a competitive edge in the market.

Further, the IoT industry is anticipated to gain interest as a result of various government-supported initiatives. Governments of various countries are engaged in introducing IoT technology to improve their economic growth. For instance, in 2017, the Government of Dubai launched the Smart Dubai Internet of Things Strategy initiative to enhance the country’s digital wealth and offer enhanced benefits to its visitors, residents, public officials, and business owners. The Smart Dubai initiative is a combination of IoT and cloud computing technologies, through which the government of Dubai aims toward becoming 100% paperless by 2021. [2][3][4] The introduction of such technological advancements is not limited only to a country’s economic growth but also positively affects the growth of various businesses operating within any country’s macroeconomic environment.

The emergence of the connected home technology in the real estate industry, coupled with rising consumer inclination toward smart home devices, is also a factor powering the demand for IoT. In the healthcare sector, IoT is being deployed to enable users (i.e., physicians, practitioners, and patients) to automatically measure body fat composition, monitor body temperature, blood sugar level, and heart rate, among others. Additionally, IoT in healthcare is expected to reduce emergency admissions, in-person doctor appointment visits, as well as in-home healthcare-related visits. IoT is also anticipated to help a doctor to review patient data in real time.

Sano Intelligence Inc., based in San Francisco, is engaged in manufacturing smart patches for monitoring and tracking blood sugar levels. It is a skin patch that enables users to track their glucose levels in real time. Various players are engaged in the adoption of advanced connected training products in order to gain a competitive edge. For example, Apple Inc. is expected to launch a needle-less blood sugar tracker. Moreover, various companies are engaged in entering into collaborations or are investing in small-scale manufacturing companies to expand their geographic reach and product portfolio. For instance, according to CNBC, in January 2018, Fitbit, Inc. invested USD 6 million in Sano Intelligence Inc. to enter the health solutions market. [5]

Rising disposable incomes, stringent government regulations, and the introduction of advanced features in vehicles are some of the factors positively affecting growth within the automotive industry. Rising consumer awareness toward passenger and vehicle safety has paved the way for the introduction of in-vehicle infotainment and navigation systems. The presence of IoT in the automotive industry has resulted in the introduction of predictive maintenance—dashboard reporting and data analytics; safety, security, and surveillance systems; and real-time monitoring, among others. Moreover, IoT in the automotive industry has also paved the way for the connected vehicle ecosystem. Owing to this, key players from various backgrounds and domains, such as software providers, automobile manufacturers, and telecommunication service providers, have collaborated and participated to add value to the ecosystem.

IoT and Cyber Threats

Like Newton’s third law of motion, “Every action has an equal and opposite reaction,” technological advancements can also lead to unintended, negative consequences stemming from the continuous acceleration of cyber threats and cyber criminals. As IoT is entering into and making advances in just about every business domain, security risks and challenges are likewise growing and advancing at a fast pace. Every technology has a loophole that can be identified and exploited by an attacker to gain a competitive edge.

Thus, lack of awareness on the part of the user can have a negative effect and may cause the crash of an entire business structure. Nowadays, attackers are technologically sophisticated, and their cyberattacks often negatively affect victims, sometimes with severe consequences. For instance, the recent ransomware attack resulted in a huge business loss to various key players.

Although IoT offers enhanced benefits to various end users, it is also expected to create security challenges due to the presence of connected devices, as connected devices might compromise implicit trust. Implicit or established trust between devices results in automatic transmission of data between those devices without any required testing or approval (for example, no required malware detection tests). In 2016, Mirai Botnet hacked various connected devices, such as IP cameras and routers, and transformed them into a botnet, resulting in a DNS flood attack that blocked Internet access to many users across the globe. [6]

Similarly, smart speakers are constantly in listening mode, and can be activated by using a single voice command and thus are vulnerable to cyberattacks. An attacker can hack a smart speaker by using the “trigger word” and can gain access to the victim’s personal information, such as medical history, appointments, account details, and date of birth, among others. To avoid these vulnerabilities, various safety measures can be undertaken, such as keeping voice assistants on mute when they are not in use, using two-factor authentication to protect account details, and using the WPA-2 encryption technique for protecting Wi-Fi networks.

Effective cybersecurity measures are often difficult to deliver through existing, traditional security methods. As the traditional network perimeter changes, traditional security measures prove less and less effective in defending against advanced threats. As a result, manufacturers and users of traditional security tools (such as end-point protection, security patching, malware detection, IDS, IPS, and encryption techniques) are facing increased challenges to deploy and use these tools effectively. While IoT is creating massive opportunities for various businesses, it also requires increased Internet usage and access to those devices that can reveal sensitive data to hackers or unauthorized users. To help address this challenge, many organizations that deploy IoT devices are introducing new security policies and/or updating their existing security policies that deal with firewalls, anti-malware, application and device control, and intrusion prevention.

So, along with technological advancement, a corresponding advancement of consumer knowledge and awareness must also be an integral part of the IoT evolution. Currently, there seems to be a gap between where the consumers are and where they should be to effectively combat the increased onslaught of cyber-threats. Now, someone needs to follow up and fill that gap between their current blissful state and a state of knowledge.

Sources

  1. https://news.samsung.com/global/samsung-introduces-an-entirely-new-category-inrefrigeration-as-part-of-kitchen-appliance-lineup-at-2016-ces 
  2. https://www.opengovasia.com/dubai-government-launches-internet-of-things-iot-strategyand-data-wealth-initiative/ 
  3. https://smartcitiesassociation.org/index.php/media-corner/news/117-dubai-digital-wealthand-iot-strategy 
  4. https://iot.xische.com/ 
  5. https://www.cnbc.com/2018/01/05/fitbit-invests-in-sano-diabetes-tech-start-up-to-catchapple.html 
  6. https://www.iotforall.com/5-worst-iot-hacking-vulnerabilities/ 

About the Author:

Ruda Rubik Barar has a Master of Technology in Information Security from K.J. Somaiya College of Engineering, Vidyavihar (Mumbai) affiliated to University of Mumbai. She aims to develop her skills in the field of application security and enhance her capabilities regarding threat identification & mitigation, ethical hacking, vulnerability & risk assessment, and penetration testing. Her dissertation internship in the industry and other curriculum projects throughout the duration of her graduate and post-graduate education have been oriented towards increasing her knowledge of skills needed for a strong career in information security. She has also published a technical paper on an undisclosed security application, developed by ECI telecom for the IT industry, which can be found in IOSR – JCE Journal of Computer Engineering Vol.18, Issue 4, Ver.4 July-August 2016. She also wishes to expand her knowledge base and develop the skill set required for digital forensics.

Editor's Note:
Reviewed by David Kosorok, Director, Application security at Align Technology and Vito Sardanopoli, Appointed Task Force Member at the U.S. Department of Health and Human Services (HHS)
  • 110
    Shares
get certified from ec-council
Write for Us