With Internet of Things (IoT), it is anticipated that there would be ubiquitous connectivity between machines/devices and this would give us the opportunity to transfer certain tasks to these machines e.g. send your car to pick up groceries instead of parking it in a garage. Early adoption of IoT based applications include smart homes, smart meter, autonomous cars, medical devices, smart cities etc. Even though, I am not a security expert, in this piece, I identify some of the risks associated with IoT based applications and conclude with some recommendations.
IoT represents a market opportunity for equipment manufacturers to add services to their products. Whilst manufacturers are excited about the extra revenue to be generated from these added services, security is often viewed as an after-thought. This poses risks to consumers because the evolution of technologies always translate to an increase in threat level and any device connected to the internet can be hacked and used as a surveillance device.
For example, imagine a family travelling in an autonomous car, and a hacker gains control of the wheels and manipulates the car resulting in a fatal accident. The police rush to the scene of the accident and try to investigate the accident, how would the police ascertain that the accident is a cyber-crime? The hacking also leads the family vulnerable to serious injuries or even death.
For medical devices, the security and the integrity of the data are very crucial. The security of medical devices is challenging as security may need to be unique for different devices. But any breach in security/data could have life threatening consequences and put patients at risks. Imagine, a child suffering from diabetes, with an online glucose monitoring device as a wristband; the glucose monitor predicts the daily level of insulin dose for the child. If there is a security breach and the data is altered, this would mean that the wrong dose of insulin would be administered to the child and could result in death. Recently, Billy Rios and Jonathan Butts demonstrated vulnerabilities that compromised a Medtronic pacemaker.
On the other hand, corporate IoT could be used for eaves dropping and leave companies vulnerable to their competitors. In similar vein, intruders could eavesdrop on individuals with smart homes. And Governments adopting smart cities should be prepared for cyber war attack.
In order to manage these security risks and vulnerabilities, its’ important for device manufacturers considering IoT based applications to consider security at the development phase. Security Experts should also be consulted to identify security risks and proffer solutions. Consumers should also be made aware of the security of the devices they use; as in the case of the Billy hack above, manufacturers should be able to communicate security vulnerabilities to consumers and offer re-assurances that vulnerabilities would be fixed. Regulations also need to keep pace with the growth of these technologies to protect consumers and best practices within the industry should be shared.