What is IoT?
On the bus back from work, you check that the central heating has been turned on at home with an app on your smartphone. As you arrive at your stop, your fitness tracker beeps to tell you that you’ve taken 10,000 steps today. When you approach your house, your smart lock unlocks your front door. Stepping into the kitchen, you tell your home speaker to turn on the radio, as your remote-controlled sprinkler system begins to water the plants on your patio.
The Internet of Things (or IoT) is a term used to describe how everyday items – from toasters to children’s toys, vacuum cleaners to boilers – are increasingly connected to the outside world through the Internet, enabling our homes and products to do much more than they used to.
These products can be smart and not-so-smart. “Connected” devices link to the Internet and can be controlled remotely, for example, when you use an app to set your thermostat before arrival. “Smart” devices go beyond sending and receiving information to predicting and even acting on the needs of their users. Thermostats that help homeowners save energy by making decisions on the right temperature and level of humidity. Front door locks that anticipate arrival and unlock as you approach. Often, IoT devices can also connect to each other, meaning they can communicate and work together, like using a smart home assistant to turn on connected lightbulbs.
Whether connected or smart, these devices are changing the way we go about our daily activities and make our lives simpler and our experiences more seamless.
The Internet of Things offers benefits that extend far beyond basic consumer goods. Originally developed for large-scale manufacturing, the Industrial Internet of Things (or IIoT) has transformed supply chains, changing the ways products are designed, made and delivered, improved workers’ safety and productivity, and reduced production costs. Powered by enormous quantities of data, the Industrial Internet of Things is leading the global economy into what many have defined as the Fourth Industrial Revolution. Through the analysis of large volumes of information too great to be analyzed by people, the smart factories of today can track performance, detect maintenance needs, and anticipate profitability at speeds that were unimaginable just a decade ago. IIoT enables companies to utilize new technologies like autonomous equipment, robotics, and industrial 3D printing on factory floors among humans in a safe and productive way.
What are IoT security risks?
While IoT devices and machines bring tangible benefits to both consumers and manufacturers, the security threats that surround them are less visible and are too often underestimated.
The threats range in scale and audience, and can include data thefts, physical device threats and threats to others.
Private and corporate data threats
Whether it is personal, corporate or industrial, data thefts are incredibly lucrative for cyber attackers and can wreak havoc on individuals and businesses. As 57% of IoT devices are vulnerable to medium or high severity attacks (Palo Alto Networks, 2020), IoT is considered the low hanging fruit for attackers interested in stealing data. The security vulnerabilities of our IoT devices can be used to steal credit card information, addresses, social security numbers, insurance policies, health information, which can then in turn be sold for high sums on the dark web and on illicit internet fora.
Hackers might also be looking to illicitly survey our homes and businesses by exploiting the security loopholes of our connected devices. A house theft or a heist, could for example be orchestrated by breaking into IoT security cameras and checking whether the owners of a business or residents of a home are present.
Cyber attackers could also hack into IoT devices to slow them down or shut down certain functionalities in exchange for a ransom. While these kinds of physical attacks on consumer IoT devices in our homes are less dangerous and rarer, these attacks have been carried out to shut down entire large scale IT systems, electrical power grids and industrial production lines, which have devastating financial effects on the victims. Attackers can also use the technique of “bricking,” which effectively shuts down and renders useless a device, which can only be turned back on in exchange for a ransom.
Threats to Others
Orchestrated attacks such as botnets attacks can allow attackers to have access to several thousand computers at a time and command them to carry out malicious activities. These can include large scale data leaks, credentials leaks, and unauthorized accesses. Hackers can use the vulnerability of our devices to orchestrate such attacks and wreak financial havoc on other systems.
While it can take some time before the owners of an IoT device, individuals or businesses, realize that they have fallen victim to a cyber attack, attackers can be quick and ruthless. It can take mere minutes for a skilled hacker to exploit devices with low security to carry out a large scale attack. In addition, cyber attacks on IoT devices can have tangible consequences on our physical safety or health if, for instance, the target is a smart car that is hijacked or if the attack is conducted to facilitate a robbery.
So, how can we continue to take advantage of the benefits that this technology brings us, while ensuring that our homes, factories, and infrastructure are protected from the risks that surround them?
The Cybersecurity Tech Accord and Consumers International have partnered up to provide a repository of information where consumers and manufacturers can find more information on how to secure their homes or businesses.