The Internet of Things is here to stay. Soon, all of our home appliances will be virtually linked. Televisions, clocks, alarms, cars and even fridges will be connected to the Internet and will know almost everything about you to make life easier. Cisco believes that in 2020 there will be more than 50 billion connected devices and a report by the Pew Research Center says that by 2025 we will be used to them knowing our habits.
Despite the advantages that they will offer users, manufacturers and even carriers, there is another group that could benefit from the information we transmit: cyber-criminals. If the Internet is no longer restricted to your computer or phone, and even your fridge knows what you have to buy or your pacemaker informs your hospital of how your heart is beating, a new world of possibilities opens up to cyber-criminals.
The US Federal Trade Commission (FTC) has also raised concerns over the privacy problems related to all devices being connected, and has asked manufacturers to make a special effort not to forget the importance of security. “[The Internet of Things] has the potential to provide enormous benefits for consumers, but it also has significant privacy and security implications,” warned FTC Chairwoman Edith Ramírez during the Consumer Electronics Show.
Ramírez advised connected device manufacturers to adopt three measures to make devices less vulnerable:
- Implement security from the design of the device using privacy testing and secure encryption.
- Design the device to store only the information it requires.
- Be completely transparent to consumers so that they know exactly what data is going to be used and transmitted.
These attacks could have various targets: firstly, to steal specific user data and secondly to cause harm to device manufacturers. Similarly, an intelligence agency could be interested in spying on certain information. According to experts there are various attacks that could become common:
- Denial of Service. Paralyzing a service is more serious if all devices are connected.
- Malware-based attacks. Malicious code can be used to infect hundreds of computers to control a network of smart devices or to put their software in danger.
- Data breaches. Spying on communications and gathering data on these devices (which could also store data in the cloud) will become another more common attack, compromising our privacy. Both intelligence agencies and private companies with commercial purposes could be interested in gathering information on a specific user.
- Inadvertent breaches. Our confidential data might not only suffer targeted attacks but could also be lost or accidentally disclosed if the devices do not adequately protect privacy.
- Security attacks on our homes. The majority of manufacturers of these devices have not considered security necessary and many do not have the mechanisms to correctly protect the data. For example, an attacker could spy on the data of our smart meter.
To improve security, authentication methods must be adequate, adopting stronger passwords so that both the credentials and the data are correctly encrypted. In addition, security problems could arise in the network. Many devices, such as televisions, connect via Wi-Fi and so manufacturers should adopt strong encryption algorithms. Secondly, special care should be taken with the software and firmware on these devices; they should be able to update and each update must incorporate security mechanisms.
The Internet of Things has many benefits, now it just needs to be completely secure for users.