Security and the IoT: Should We Be Worried?
For many years now, the Internet of Things (IoT) has brought about the promise of ease and convenience to everyday life via wireless devices. Whether it’s at home, at the office, or inside our cars, smart gadgets have the ability to “talk” to one another—allowing us to accomplish feats that seemed like science fiction just a few years ago. The IoT also holds huge potential for organizations in both the public and private sector to become more efficient by automating processes, as well as generating new services and revenue streams. However, with increased automation and digitization comes a host of major security concerns that, if not correctly addressed, can cause much harm to both businesses and individuals alike. More connected devices lead to increased attack vectors that cyber criminals can potentially infiltrate. They can hit two birds – or several – with one stone, so to speak. Instead of compromising just one device, hackers now have several entry points to choose from and exploit a vulnerability to attack everything the device is connected to. Hackers can also access personal/confidential data and use it to their advantage.
Examples of IoT Security Breaches
In recent years, some of the major security breaches related to our increased reliance on the IoT include the following cases:
1. Hacking into a hospital network at the University of California
The Los Angeles-based hospital network’s patient records were recently broken into by cyber criminals, exposing sensitive information of up to 4.5 million people in the process. In response to these types of occurrences, the US FDA has instructed hospitals to stop using the Symbiq Infusion System by Hospice, an IT system that appears to be readily accessible to hackers, allowing them to control it remotely. What’s alarming about this is that hackers can take over medical devices and change the dosage of medicines delivered by the pump for patients under critical care. This could lead to potentially lethal over or under infusion for those who are hooked up to the system, typically for those undergoing critical patient therapy.
2. An alarming rate of cyber-attacks on US nuclear facilities.
During the period between 2010 and 2014, the US National Nuclear Security Administration admitted that their weapons stockpile experienced 19 successful security breaches, a number that does not include failed hacking attempts around the same time frame. One particularly worrisome virus that infiltrated their system was the Stuxnet, a computer worm that attacks industrial programmable logic controllers (PLCs), which was first discovered in June 2010. PLCs are used to automate electromechanical processes of centrifuges, in which the latter are used to separate nuclear material. This attack was said to have been launched with the intent to sabotage the uranium enrichment facility located in Iran, and it is believed that up to 10% of centrifuges at the time were destroyed before the attack was discovered.
3. Attacks on floating oil rigs
A 2014 Reuters report said that although the number of known hackers targeting oil rigs is relatively low, experts believe that they’re likely to become more attractive to cyber attackers, given the potentially huge impact they could have if tampered with. Consider that up to 90% of global trade is sea bound and a single compromised vessel could potentially mean a company loss that exceeds a billion dollars. In the same year, hackers successfully shut down a floating oil rig by tilting it beyond its safety threshold. In another case, an oil rig was unable to move for a total of 19 days due to computer malware that rendered it immobile until it was successfully amended.
4. Digital car hacking
As if carjacking wasn’t bad enough, hackers now have the ability to take control of any new car, even those driven by remote control. This is possible due to the automaker’s increased dependence on software when manufacturing cars. Features such as braking and steering systems are increasingly becoming automated and can run via a wireless connection. As a result, several hacking incidents have been reported in recent years, one of which involved the Jeep Cherokee. The car fell into a ditch when two cybersecurity researchers hacked the vehicle’s uConnect radio remotely. Fortunately, the manufacturer was quick to respond by recalling up to 1.4 million units to install countermeasures to limit such incidents from occurring. Another case involved an encryption technology flaw in several BMW manufactured vehicles that would have made it easy for hackers to unlock the doors of their automobiles including high profile brands such as the Mini, Rolls-Royce, and BMW.
5. Exploiting vulnerabilities in building infrastructure
In 2012, cybercriminals infiltrated the thermostats of a state government facility, as well as a manufacturing plant located in New Jersey. The industrial heating system was connected to the Internet, allowing hackers to alter the temperature inside buildings. Luckily, the attack was caught in time before the criminals could do more harm, such as turning on water sprinkler systems in data centers to destroy important servers or documents.
6. Power grid attack
Between 2010 and 2014, cyber criminals successfully hacked the US Department of Energy computer systems at an alarming rate—more than 150 times. If this escalates further, then it’s not far-fetched to assume that a nationwide crisis could take place, especially if criminals infiltrated critical systems that could destroy the power grid or negatively affect it in any way.
Should We Be Worried?
Unless you decide to get off the grid or live in a cave, there’s no way to escape the IoT from encroaching on our daily lives, as it slowly but surely makes its way into the fabric of today’s modern society. Increased wireless automation can bring tremendous benefits to humanity. But, just like any new invention, it helps to embrace these new devices with a healthy dose of skepticism. Always weigh the risks and take note of all the necessary measures needed to preserve data security whenever you use your IoT devices. Just as there are many ways to infiltrate IoT devices, there are also plenty of ways to beef up your security measures. For example, deploying end-to-end security of the device connectivity can prevent hackers from gaining access. The IoT companies that will be successful are those that stay one step ahead of hackers by deploying the latest security measures and implementing cyber-security best practices. Should we be worried then? That’s up to you to decide. But generally speaking, the threat of cyber-attacks can be mitigated. By working with the right companies who understand the risks and are implementing end to end security solutions, users will be much less vulnerable to these attacks. With any technological advancement (e.g. the Internet) there are always risks, but we can’t let this stop us moving forward. We just need to make sure we take all the necessary precautions.