The Internet of Things (IoT) is a world where all devices are connected through the Internet. The idea brings to mind sci-fi movies where sleek devices make life efficient and convenient, but the IoT will have a downside if security issues are not properly addressed. As devices connected to the Internet become more prevalent, the concerns over securing connected devices increases.
A hacker could hijack the lights in your home and remotely turn them on and off. Although annoying, this scenario—at first glance—does not seem to carry any ominous implications. However, things become scary when you consider what other devices are unsecurely connected to the Internet. Hackers targeting connected devices won't be attacking personal information as they have in the past; they would be attacking devices that can affect the physical world.
As the IoT becomes a reality, threats that previously lived solely in the digital world are now evolving to "involve safety, water, shelter and warmth," said Trey Ford, Global Security Strategist at Rapid7.
As an example, two researchers at Defcon 2014 showed how they were able to hack into the computers of a Toyota Prius and a Ford Escape and overrode the steering and braking systems. They had so much control over the car's computer systems that they were able to—against the drivers' efforts—steer the cars, engage the breaks, and disable the brakes.
Cars are just one example of a device a hacker could control if it has Internet connectivity. In the IoT, every device in your home could be a potential window for hackers to gain access to your life.
Many people see these types of hacks as mere annoyances—like if a hacker were to turn up your thermostat to 90 degrees in the middle of summer. However, imagine if you had a new baby at home. One of the leading causes of SIDS (Sudden Infant Death Syndrome) is an elevated or reduced room temperature; and what would be uncomfortable for you as an adult could be fatal to an infant.
In 2011, Barnaby Jack demonstrated another potentially fatal scenario of the IoT by hacking into a wireless insulin pump. Barnaby did this with the intention of pointing out vulnerabilities. But any vengeful hacker with the right software could hijack a wireless pump and administer a fatal dose to a victim.
As all these scenarios show, securing connected devices should be a major component of the IoT. But security is not at the top of the to-do list for some companies manufacturing connected devices. Many of the engineers who develop the devices have no experience in securing connected devices, resulting in security being altogether overlooked.
Aside from the know-how of engineers, another reason for the lack of security in connected devices is cost. To make these devices secure, manufacturers would need to take extra steps such as developing a security model, creating patches to maintain secure devices, and penetration testing for vulnerabilities. Because of these extra steps, some companies opt out of security altogether.
All this becomes more complicated when we consider that many of these devices use embedded software and can’t easily be patched.
As most computer users know, upgrading software doesn’t always go as smoothly as planned. A glitch or hang-up when upgrading your microwave’s software would be bothersome, but what about an upgrade for a car or medical device? Security expert Andrew Rose outlined such a scenario in a recent Forrester article.
When your endpoint is traveling at 70 mph on a crowded highway, that’s not the time to find out that the software upgrade has a flaw, or that it corrupted an essential feature. - Andrew Rose, security expert
Driving can already be pretty risky, but adding a glitch in a security upgrade or a hijacked car adds even more risk to the road.
Even though there have not been major attacks in the IoT, hackers will not stay complacent with the digital playing field. Manufacturers need to begin making their connected devices with security in mind. Failure to do so will cause the IoT to not be safe and enjoyable for users.
The good news is that there is no need to develop new security solutions from scratch. For over two decades, PKI has been used to secure data over the Internet. PKI has also been used to secure cell phones, tablets, printers, and WiFi hotspots.
DigiCert—a leader in the SSL Certificate and PKI markets—is well equipped to solve the security problems posed by the IoT.