Are internet enabled devices a cause for concern for cyber security?
The Internet of Things (IoT), also known as “connected devices” is the network of objects and devices accessed through the internet that can link themselves to other objects and devices that use embedded technology to interact. It’s simply the connection between any device to the internet.
Internet enabled devices are a cause for concern for cyber security because internet accessibility by potential malicious actors renders the devices vulnerable. Pretty much all new electronic devices now have internet capability which means the potential for malicious hacks has increased exponentially.
Hewlett and Packard have revealed that 70% of IoT connected devices are vulnerable to malicious attack. When the internet is incorporated into a device, the threat of malicious misuse is a given. With 39% of consumers now believing that device security is a risk factor, there are a couple of questions that need to be further explored by manufacturers: is there potential for a negative impact on the sale of connected consumer white goods? Are consumers IoT savvy – i.e. truly aware of the risks?
There have been many IoT attacks over time with technology constantly advancing. One of the most notable IoT attacks in recent years was within automotive industry with the Chrysler Jeep hack. Chrysler recalled 1.4 million vehicles after hackers demonstrated that they could hijack the Jeep’s digital system via the internet. Hackers remotely paralysed the jeep on the highway whilst it was being driven in traffic and it was also possible to disable the vehicles brakes at low speeds.
Tesla was also the victim of an attack when Chinese researchers took remote control of a Tesla Model S, taking control of the brakes, door locks, on board computer screen and other electronic controlled features in the vehicle. The Chinese security researchers could target and remotely control the car from 12 miles away. The attack was carried out by the vehicle being connected to a malicious Wi-Fi hotspot which was set up by the on-board web browser.
Despite Tesla’s issued statement explaining that the hack was “low risk” to consumers as the web browser had to be in use and physically near the malicious Wi-Fi hot spot, this did not stop them responding immediately with a fix. This further instills consumer anxiety that high tech devices that are connected to the internet are at risk of cybercrime and these attacks should be a wakeup call for the industry.
Cyber security experts have warned about the risk of IoT devices for years but there is little research into consumer trust. Gartner estimates that 13.5bn of devices will be affected by cybercrime and malicious misuse by 2020, while Cisco estimate 50bn. Gartner has estimated that 20.8bn devices will be connected by 2020 – that’s virtually 3 devices per person for the world’s population. Gartner also predicted that by 2020, more than half of major new business processes and systems will incorporate some element of IoT. The impact IoT will have on consumers lives and business models will increase rapidly as the cost of connecting physical devices drops and the use of IoT becomes more practical and prevalent in what appears to be a race to connect every available device.
Gartner also predicts that £1.5tn will be spent on IoT devices but businesses will only spend 10% of cyber security budgets on defense of these types of attacks which is a worrying statistic.
Are all IoT connected devices vulnerable… well yes by their very nature, if they are connected to the internet there is potential for a hacker to gain control – although what a hacker would want to do with a connected kettle is perhaps debatable. However, consumers should be cautious and be prepared for potential consequences from any such connected devices.
There are currently no clear rules on how IoT devices should be protected and what exact protocol there should be if malicious misuse occurs – much more attention needs to focused in that area by the manufacturers of such consumer goods and governance of this is probably going to ultimately rest in the hands of Government legislation and regulation.
Security is not just a growing concern, it is THE concern within IoT and it is something that is currently being somewhat “pushed under the rug” as no-one quite has the answers.
One has to ask whether the consumer is truly aware of the potential consequences off this connective invasion and whether, given the choice, they would choose un-connected white goods – could be a new market, or an old one, they do say what goes around comes around after all.
By Natasha Euston |05/01/17 | Technical News