Skip to main content

Internet of Things presents the next frontier of cyberattacks

(Image credit: Image Credit: Melpomene / Shutterstock)

Today’s rapidly growing global network of internet of things (IoT) devices brings with it new levels of convenience to the lives of everyday consumers. In late 2019, one survey conducted by Parks Associates found that the average person in the U.S. owns as many as eight connected devices, and the number is expected to climb to 13 by 2022. The smart speaker market alone – Amazon Alexa and Google Home – grew from 66.7 million devices in December 2017 to 118.5 million devices just one year later. It seems just about every type of home appliance or gadget has added network connectivity in the past few years. Everything from cars, house locks, climate control systems, and even hair straighteners are just a few examples of devices that are now connected to a network or mobile application to make life more convenient.

However, as the development of IoT devices accelerates, the risk of a cyberattack accelerates as well. Research and development teams must work diligently to place data security at the core of connected device designs. Recent headlines have brought unwanted attention to IoT devices being compromised or vulnerabilities being discovered. Automation has led to the rise of “smart homes” that can be unlocked and accessed through vulnerabilities in the connected mobile applications found on many smartphones. Cars can even be accessed through the infotainment system, as demonstrated at a recent hacking contest when a group of hackers gained access to a Tesla 3.

IoT in infrastructure

But the reach of IoT extends far beyond the household appliances that are spurring the home automation movement. The current state of urban planning is increasingly exploring ways of incorporating automation and connectivity. Power grids, water lines and natural gas lines are being updated with state-of-the-art monitors to immediately alert city services when deviations are identified, ensuring that services are not disrupted. London, for example, operates the largest number of CCTV cameras in the world – many of which are connected to the cloud. These cameras can be used to detect everything from traffic jams to ruptured sewer or water lines. In one example, the impact to public safety was recently measured in a 2017 study published in the Journal of Safety Research that found car crash rates were 21 per cent lower in cities with red light cameras installed and active at signalised intersections in over 100 large U.S. cities.

As government services look to maximise efficiency and public safety through automation, connected devices will continue to become more prevalent with bulk data analysis and collection a primary focus. However, these systems are not completely immune from the cybersecurity risks similar to those that continue to plague smart home devices. Real-world cybersecurity threats designed to target municipalities, for example, include identity theft, ransomware attacks such as those recently seen in Atlanta and Baltimore or a complete shutdown of government services to disrupt the lives of ordinary citizens.

Security by design

One of the biggest challenges faced by the IoT industry today is finding internal consensus on an appropriate level of security for the manufacturing and the development of smart devices. Ideally, security should be a fundamental building block during the design phase of development. Secure smart systems should include the ability to quickly detect any anomalies or threats before bad actors have the opportunity to cause irreplaceable damage – both to the user and the brand reputation of the manufacturer and/or developer.

Another key element in protecting connected devices is designing a product that, once an attack is detected, immediately isolates the infected device to contain the attack and minimise any resulting damage. Fortunately, the real-time data analytics currently available can identify these threats and prevent one bad apple from spoiling the bunch, while also ensuring that other products are protected from the attack as soon as recognised. It also is important for product designers and developers to understand that wireless carriers continue to roll out 5G networks that will only bring more and more efficiency and cost-effective connectivity. It will be critical that IoT network devices remain secure as the rapid exchange of data between devices and servers will only increase exponentially, putting even more pressure on security analytics scalability.

Security at the foundation

Manufacturers are setting out to create products that are designed to make life more efficient and safer, but notable risks are cause for concern despite convenience. To futureproof IoT networks, it is critical for connected device manufacturers and developers to focus on security from day one and as a foundational design element rather simply relegate it to a check-box item later down the road. By designing connected devices with security embedded at the foundation, all stakeholders -- manufacturers, customers, and retailers -- will be able to reap the benefits of IoT with peace of mind that personal data and privacy are not at risk of being exposed by hackers.

Asaf Ashkenazi, chief strategy officer, Verimatrix

Asaf Ashkenazi is the chief strategy officer of Verimatrix.