With 2014 being dubbed as the year of the ´Internet of Things´ (IoT), what are your major concerns regarding the security & privacy issues that consumers face now, and potential problems they could have in the future?
My major concern about the Internet of things (IoT) is that more and more companies will be adding devices to the network infrastructure with no regard or knowledge of security protocols. As more devices come to market, the lack of security protocols will mean people with bad intentions will be able to easily hack into devices that can talk to one another and take control over devices they choose.
An example is Internet Protocol (IP) cameras. The default security protocol is off. I have heard of several instances where hackers have been able to easily hack into these IP cameras and view victims without the victim’s knowledge. There is a search engine available that specifically seeks out unsecured IP cameras and allows unimpeded viewing of the areas that they cameras cover.
In the future, an IP camera will be a jumping off point for a hacker to enter a home or business environment and enter other devices that are not secured by any security algorithms (WPA, WPA-PSK2, etc.). Any networked device can become a target. And once a hacker has entry into a network, he or she has access to almost any attached device. This could mean the compromise of media servers, laptops, or desktop computers. This will make it easy for hackers to steal online banking credentials or any other important data that the soon-to-be victims may have on their devices. Access to an unsecure refrigerator, microwave, toaster, dishwasher and other types of devices can cause the same problems. And since these devices can also be used in a business environment, hackers can access important company data the same way.
One area that manufacturers are touting as a benefit of IoT is the ability to request repairs or maintenance from a device for another device. The flipside is that they will be able to monitor your usage. Consider this scenario: a manufacturer can monitor your usage, you can manage your usage, and possibly, an unscrupulous third party can also gain access and monitor your usage. Next, apps will be able to tell you how many times you opened the refrigerator, what you have taken from your refrigerator, and that you are eating too much. What happened with privacy?
One famous company is currently touting its “Total Home Security.” With this feature, you can control your home through a phone app which is connected to your home network. It can turn televisions on and off, turn lights on and off, turn faucets on and off, change temperature settings, and lock and unlock your doors. But here’s the problem, and it’s significant: If your phone is ever stolen or lost, or hackers gain access to your phone through vulnerabilities in the app’s software, your home – and everything inside it – could be compromised.
Another new device is a new Bluetooth door lock. Bluetooth can be hacked within 30 to 100 feet depending on the devices and the software that the hacker has available.
Car companies are now using apps to allow users to turn on engines, heating, air-conditioning and other functions. Without the proper security, those signals can be intercepted and hackers can get access to the car. There has already been one instance, captured on tape, where a car was unlocked remotely by someone other than the car’s owner where criminals were able to gain access and steal contents from the vehicle.
I believe there should be a governing body that manages and oversees the companies that are developing new wireless devices for IoT. Any device that comes to market must have this organization’s stamp of approval before it is approved for sale and widespread use. We cannot afford to have a “Wild West” mentality when so much personal, organizational, and business data could be compromised by devices that lack security functionality. The stakes are simply too high.
Allan Pratt, InfoSecurity & CyberSecurity Strategist, @Tips4Tech
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.