By: Meriem OUADAH
June 30, 2020
IoT & Cybersecurity: Should You Really Use IoT Systems?
By: Meriem OUADAH
June 30, 2020
Could you go back years ago to a time where you could not send emails and text messages, or post online? It feels strange to imagine one's life without all these things, most importantly, without the internet that makes it possible.
So, what is the Internet?
The Internet is a worldwide system of connected computer networks, "a network of networks, "in which users can get all the information they need if they have permission from any computer in the world. It is a means of communication that connects people worldwide and provides different types of data to everyone.
This internet that everyone knows is also called the internet of people because it was created and used by them. A question has been asked throughout the years: "Why can't objects use the internet, too?" This has led to the emergence of a new internet, the Internet of Things, or what's called "IoT."
What is the Internet of Things?
Unlike the internet of people, the Internet of Things is an internet that connects objects, allowing them to talk to each other and exchange messages. It could also allow objects to talk to humans.
A simple and famous example would be the smart fridge. Yes, your fridge will talk to you. For example, if someone has expired food inside, it will notify that person by a text or voice message, saying that it should be removed. If there is something missing, it would also know and send a message as an alert.
Objects will not only talk to you but also talk to each other. This is called machine to machine interaction, which simplifies a lot of things in life. A popular example is the smart traffic camera that monitors the road for traffic congestion, accidents, and weather conditions. The camera will send a notification to a gateway in the cloud. That gateway will collect data from all other smart cameras. The gateway is also connected to a smart city system that is connected to other city systems that collect data from their intelligent devices. The combined smart city systems constitute a system of interconnected smart systems that analyze data and find solutions to relay them to appropriate systems and devices to take action.
For example, if an accident occurs, the smart camera sends data through the gateway to the city's smart system, which analyzes the accident and its impact on other systems. It would then find alternative roads and send a notification to be displayed in smart city panels. These alert drivers to use alternative roads to avoid traffic congestion. All the smart city systems will be notified. Other systems will be notified, such as hospitals and police to resolve accidents, and nearby schools and organizations will be notified to change their schedules, according to what is happening on the road.
These are simple examples. More and more systems are connected with the Internet of Things to improve and facilitate several activities and advantages in one's day-to-day life, and for business as well.
How does it work?
The Internet of Things is based on the principle of adding sensors to objects. Imagine objects able to sense just like humans use the five senses. It's amazing, isn't it?
In practice, this is done by adding sophisticated sensors and chips to physical devices, allowing them to transmit large quantities of data. Internet of Things devices are connected to what's called the internet of things platform. This platform integrates data from many devices, applying analytics to share the most valuable data with applications that address industry-specific needs.
Another example of internet of things: A smart bracelet that monitors a person's sleep. When it's time for someone to wake up, it will send a message to the person's bed light to turn on and to his or her alarm clock to ring and wake that person up. These devices will also notify the person's coffee maker to prepare coffee for him or her.
Introduction to our problem
The Internet of Things has many advantages, such as monitoring, machine-to-machine communication, saving time, and improving the quality of life. However, IoT can be very complex. It has compatibility issues (there no standard for IoT equipment), and also it would affect many people because of the greatly increased automation.
In addition to aloof these factors, it is important to focus on a major issue that seems hard to address. That issue is security.
How can we secure IoT?
Because of the revolution of technology and the valuable life and work improvements that IoT has brought, it has caught more and more attention from hackers and cybercriminals. According to Cisco, There are 127 new IoT devices connected to the internet every second, and these devices are going to be attacked.
So how are IoT devices secured? And what are the major IoT security challenges?
Unfortunately, the digital nature of IoT devices means there's no one-size-fits-all cybersecurity solution to protect all the devices. The deployment should be protected from the beginning to the end of its life cycle. As a first step, all IoT devices and network systems, as well as the user's and customer's systems, must be checked by organizations for vulnerabilities in order to mitigate cybersecurity risks.
Many IoT manufactures and designers may care only about getting their products on the market and increasing sales, instead of focusing on creating strong security measures while developing the product.
Although many companies and industry organizations use different frameworks for IoT, sometimes developing their specific framework for large companies, the absence of a unified agreed-upon framework for IoT systems makes it hard to ensure their security and interoperability.
Another challenge is that IoT devices have resource restraints. This means that they cannot perform complex security functions such as encryption because of the lack of computing resources. These restraints limit the implementation of high security, making them vulnerable.
IoT devices are often configured with default passwords, which, as it is widely known, is not secure at all. Anyone, even those with no hacking background, could easily guess these passwords and gain unauthorized access to the device. Even if the password is changed, it wouldn't be highly secured. Confidentiality will be easily compromised.
A feature of IoT devices is that they are those devices that are developed and put away and forgotten by the manufacturers. In most cases, this means that there are no patches or updates to these devices. Once they are sold, other devices are developed without considering the state of the previous ones.
IOT Security Approaches
As explained above, IoT security has become an important issue that must be quickly addressed before it becomes worse.
To secure IoT devices, companies should start by securing the device in the production phase. Security should be scrutinized from the three known pillars of CIA: confidentiality, integrity, and availability. This brings us the following good practices:
- Enabling, protecting, and verifying the device's identity to build trust and provide secure data exchange over the internet by using digital certificates and Public Key Infrastructure.
- Protecting the network using firewalls, intrusion detection/prevention systems,
antimalware, and port security.
- Limiting privileged access so that devices communicate and send data only to the other devices that it's controlling.
- Making sure IoT devices are not installed using default passwords.
- Providing periodic software updates and patches.
- Limiting the access to the network by using network access control to isolate the IoT network.
- Securing the hardware, whether by using strong cryptographic algorithms for the
exchanged data or even protecting the hardware from any unauthorized access.
- Identifying the IoT device before the start of any device.
- Providing periodic data backups in case the device is compromised.
- Last but not least. Firewalls and antivirus cannot protect IoT systems 100%,
especially because they go beyond the firewall's perimeter to communicate with other devices. Customer awareness is very important here since they are the ones using IoT devices. A list of steps to follow to stay secure could be distributed with the product when it's sold.
What is the impact of IoT on cybersecurity?
IoT devices exchange and process data using the cloud. A huge amount of data is sent through the cloud, exposing it more to hackers and cybercriminals. Any compromise of valuable data will have a critical impact on the company or the person.
Private and sensitive information, such as credit card numbers, banking records, and passwords, are highly likely targeted by cybercriminals. The loss of this data will not only cause huge monetary losses to companies but will also damage the company's reputation. The customers will no longer trust these companies, and they might end up bankrupt.
Stealing personal information is also harmful to individuals. Cybercriminals could use the stolen identities to steal money from those individuals and harm them in many other ways. If that data is not protected, the person in charge of managing the stolen customer's data could suffer legally for failing to secure and prevent it from being stolen or leaked.
Cybercriminals do not always need information only. With the automation of IoT systems and given the data they collect, criminals can also, for example, gain physical access to homes and commit crimes out of revenge, which is only one of many possible malicious intentions.
The nature of the intelligence provided through IoT devices is helpful to hackers to spread more viruses, ransomwares, and commit more crimes. This is due not only to its lack of security but also for facilitating the hacker's job in some ways. When devices communicate with each other, a virus introduced into one device will spread to the next one that it exchanges data with. Hackers can easily inject corrupted data and programs into the original devices once they find a vulnerability. If security isn't strengthened, the hackers cannot be stopped and will always find ways to infect IoT devices.
Smart devices could limit this if they follow strict policies to take action once they detect an infection. But as mentioned earlier. IoT devices are limited in resources. Implementing such methods will not always be possible; even if it is, it might not be very effective.
Despite the revolution, the easy way of life might seem interesting to many individuals and organizations. IoT systems remain a threat to cybersecurity. Unless this issue is solved, the existence of IoT systems will never be good for anyone.
Now that you know much more about IoT systems and their security, it's up to you now to decide whether IoT is good for you or not.
This article will end by giving you something to think about. Everyone knows that every existing program or machine was created by humans, but what if devices are so smart that they can take actions and control other devices and, eventually, our lives? Could they surpass human intelligence? The answer depends on your perspective.