Hacking The Internet Of Things

Could hackers soon be targeting your household items?
Starting out as a theoretical concept debated at technology conventions, the Internet of Things (IoT) has made a remarkably rapid transition into modern society. We are already living in a world where mundane devices and machines offer online connectivity, enabling them to upload information or be controlled remotely. It’s estimated that by 2020, 50 billion objects on the planet will be able to collect and exchange data, often without us having any control over their activities.
A headlong rush is underway to make as many devices internet-enabled as possible, from streetlamps to suspension bridges, from harps to heart monitors. Unfortunately, in many cases this is being done with undue haste and insufficient regard for the sensitivity of the data being generated.  A recent exposé into the lack of technological security on modern vehicles illustrates this point. Flaws in Bluetooth and sat nav systems are well known, but some new cars can have their cruise control and steering manipulated by third parties. The idea of a hacker being able to override the braking systems on a two-tonne SUV is absolutely terrifying, but it’s already been proven that everything from parking assistance to WiFi can be taken over through security oversights by car manufacturers.
This reflects a major problem with the Internet of Things – many web-enabled products haven’t been designed with security as a leading priority. Internet access is increasingly being rushed into production or retrofitted to existing machines with little regard for data protection or unique identification. And while the manufacturers are blasé about the consequences, it’s ordinary consumers who will ultimately suffer. You may not be bothered if your bathroom scales use an unsecured network to upload your weight to a personal web page, but your teenage daughter would certainly care if her weight records were hacked and then publicly distributed by a vengeful ex. By contrast, if Norton or Kaspersky made scales, you’d never have to worry about a foreign cybercriminal selling your weight charts to unscrupulous slimming pill retailers, or reprogramming your scales to call you “fatty” every morning.
It looks increasingly likely that the IoT will supplant the internet as the next battleground between criminals and security experts.
Today, hackers attempt to subvert your web browser so they can raid your bank account. In a decade’s time, they might be able to hack an IoT-enabled wallet or coat, or determine when you’re out and burgle your home. That also may be after they have managed to remotely disable the “smart” burglar alarm by overriding its transmission protocols, and unlock your biometrically-controlled front door using a screengrab of your thumbprint from a compromised cashpoint.
Two related risks posed by the IoT involve the incalculable amount of raw data that will be collated from billions of internet-enabled devices, and the lack of governance about what happens to this information. Could a healthcare company surreptitiously obtain data from a fitness device, then decide that the owner shouldn’t be offered life insurance because they have an irregular heartbeat or insufficient stamina? Even if rules are brought in to prevent this, would anyone know if healthcare executives tried to obtain the information through bribery or coercion?
The management of IoT data thus far has been described as a “one-way mirror”, whereby individuals have no idea who is surveying their activities or storing their data, all with a lack of accountability comes a heightened risk of malicious interference or unpublicised data theft, which could lead to anything from public embarrassment to identity fraud. Little wonder that the IoT’s undoubted potential is currently being outweighed by concerns about data security, in the eyes of many consumers and industry observers.
Keep up with the VPS.NET Blog for more technology discussion.