ADVERTISEMENT
IoT: Oh, here come cybersecurity vulnerabilities
S S Iyengar and Jerry Miller
Last Updated IST

Wow! A toaster is connected to the Internet and a robotic arm actually inserts the bread! Is this a new headline? This event actually occurred in 1991, when John Romkey and Simon Hackett connected a ‘Sunbeam Deluxe Automatic Radiant Control Toaster’ and demonstrated the device at the 1991 InterOp. They had demonstrated the toaster control the year prior but added the robotic crane (arm) to further automate the device the following year.

Today, the Internet-of-Things (IoT), which connects cyber-physical systems through the internet, is becoming a household word as more and more devices are connected each day. Smart meters are used to regulate heating and energy use, electrical billing; we are developing smart cities, smart vehicles, smart refrigerators, smart washers and dryers, smart doorbells and a plethora of other smart devices that can connect through the internet to allow us to automatically view and regulate the world around us.

Many of these devices have been touted as providing better personal and home security, while automating those mundane tasks, such as keeping track of whether you need milk, or whether it has passed its expiration date. But are you really more secure than you were 30 years ago before we connected the toaster to the internet?

ADVERTISEMENT

The answer depends upon how you view security. From a physical security standpoint, the new automated doorbells and household security systems which allow you to view your home from anywhere through the internet and notify you when someone is at the door or inside the home, may be providing you with an important security feature. But each new system connected to the internet may be opening a Pandora’s box of new security risks.

Cisco Connection Counter estimates that more than 50 billion devices will be connected to the IoT by 2020, accounting for only 2.7% of the world’s total objects. That’s just the beginning. What are these ‘things’ being connected? In addition to those ‘smart’ devices already mentioned, the major fields of transportation, agriculture and healthcare are leading the way in connecting new devices, as are consumer products. We are connecting vehicles, traffic lights and traffic signs.

Commercial fleets are connecting their vehicles to monitor traffic miles, maintenance services, and to provide real-time monitoring of oil pressures, engine hours, battery status, and vibration on critical components, as well as monitoring a wide variety of road and operating conditions. Connected parking spots are now allowing motorists to see when parking is available and reduce carbon emissions through reduced idle and operation times.

In healthcare, internet connectivity has enabled monitoring of drug supplies, hospital inventory, patient status and vital signs monitoring, patient tracking, workflow integration and a host of other uses. All of this monitoring and tracking also adds a cornucopia of data that must be analysed and, more importantly, protected. Unfortunately, as data accumulates, more people have access to it and each of the connected devices generating the data must have secure connections to transmit and store the information. Often, they do not.

In 2016, the European Union parliament instituted the General Data Protection Regulation (GDPR) and provided a two-year transition for implementation. May 2018 marked the beginning of non-compliance and implementation of strict penalties and fines. The UK followed with its own version, the Data Protection Bill, in 2018.

Yet, a 2018 comprehensive research study by Cybersecurity Insiders indicated that only 7% of the surveyed organisations were in full compliance. Nearly 60% were in violation of the standards as of the survey date and further indicated they lacked expert staff or the budget to implement the required changes.

While most connected IoT devices are not in your home, but in industries such as manufacturing, transportation and healthcare, your personal data is likely still at risk. Anything connected to the internet is a potential security threat.

Software updates

Most devices will connect by bluetooth, such as Fitbits, and a variety of other medical, health, and home monitors and often receive software updates the same way. Before you install new software on your devices, or update existing software, make sure it is a valid update by the manufacturer/supplier and not an infected version supplied by hackers. Known software can be accessed by criminals, changed to meet their monitoring or access plans, then pushed to you for installation on your device. Make sure your version of the software is indeed provided by the manufacturer.

If you routinely download apps on your smartphone, be aware that nearly 95% of all apps available for download have not been security-tested and could be vulnerable to hackers. Be aware of the personal data you are providing and do not automatically allow an application to have access to your phone and its stored information.

Cybersecurity is a huge problem for all of us. Yet, many of us take it lightly. In 2017, the most popular password was still, “123456.” Is it any wonder then that Facebook, Yahoo, Google and other accounts are routinely hacked? Use a strong and secure password, always! Secure your accounts, devices and systems.

If you own a business, make sure to install the best internet protections you can afford, and most importantly educate your employees on cybersecurity issues and actions to protect themselves, your clients and the company’s vital information. Reinforce this training every six months.

If your company uses IoT-connected devices, such as smartphones, tablets, PoS terminals, security cameras or drones, use anti-malware software and limit access to these devices. As a business owner, also make sure your supply chain is secure. Talk to your vendors and suppliers and make sure they are taking the same cybersecurity precautions as you to protect your data.

(Iyengar is Distinguished Ryder Professor and Director, School of Computing and Information Sciences, Florida International University; Miller is Associate Director, Robotics and Wireless Systems at Discovery Lab, FIU)

ADVERTISEMENT
(Published 16 November 2018, 00:29 IST)