Internet of Things (IoT), the all-embracing heterogeneous network of smart devices connected with each other via the Internet, is expanding at an exponential pace, and so are the risks associated with it. While IoT ensures that we are connected all the time, the developments in IoT, which do not take into consideration adequate security measures, continue to expose users to increased risks.
The world is racing towards networking everything, from wearable gadgets to computers used in automobiles. The technical mavens are pushing us in that direction; but they have no really good supporting arguments for this, except to boost profits. This is especially so for a country like India which is a late entrant in this ‘connect everything’ disruption. The government and private enterprises are gung-ho about getting hold of our data, including financial data and biometrics. The drive to connect everything may have its roots in a desire for more power and increased market share.
What exactly is the IoT and how does it work? IoT is the inter-networking of physical (smart) devices, vehicles, buildings, and other items, embedded with electronics, software, sensors, actuators, and network connectivity, that enable these objects to collect and exchange data. The ‘things’, in the IoT sense, refer to a wide variety of devices, such as heart monitoring implants, biochip transponders, electric clams, automobiles with built-in sensors, DNA analysis devices and field operation devices that assist fire-fighters in search & rescue operations, to name a few.
Roughly speaking, there are three inter-connected aspects that define the IoT. First are sensors, which collect data, followed by ‘smart’ (processors) that analyse, or figure out, what the data collected means and decide on what to do with it. Last are the actuators that affect our environment. In other words, sensors are the eyes and ears, smart processors are the brain and actuators are hands and feet of the IoT. This, however, is a classic definition of a robot. With ever-increasing IoT, we are turning ourselves into miniscule parts of the gigantic robot that is getting smarter, more powerful and gaining capabilities, through the inter-connections we are building, without any real control or regulation. And this is the dangerous part.
While for common people, IoT is a thing of convenience, for service- and device-providers, this creates an opportunity to measure, collect and analyse an ever-increasing variety of behavioural statistics. This cross-correlation of data could be very helpful for targeted marketing of products and services.
Another reason why IoT could be dangerous is that the devices, such as cheap webcams, mobile phones, medical devices, smart-watches, anti-theft devices, drones and routers, are not designed with security in mind. As per reports, earlier this year, Spiral Toys, which sells CloudPets, the Internet-connected teddy bears that allow parents and kids to exchange messages, was found exposing the credentials of over 800,000 of its customers and two million messages.
Add to this, the bots that have capabilities to disrupt almost everything on the IoT. In October 2016, a botnet, made up of about 100,000 compromised gadgets partially knocked off Dyn, an Internet infrastructure-provider. Taking down Dyn resulted in a cascade of effects that, ultimately, caused a long list of high-profile websites, including Twitter and Netflix, to temporarily disappear from the Internet. The botnet, in this case, was created with an easily available malware called Mirai.
“On the Internet, attack is easier than defence because most software is poorly written and insecure,” says Bruce Schneier, security expert and chief technology officer of IBM Resilient, adding, “Connecting everything to each other via the Internet will expose new vulnerabilities.”
“If we cannot secure complex systems to the level required by their real-world capabilities, then we must not build a world where everything is computerised and interconnected,” Mr Schneier says, in his blogpost.