With the growing number of Internet-connected devices the security of IoT becomes a serious challenge and concern. Already in 2016 tens of thousands of hacked cameras and video recorders were used in a massive distributed denial of service (DDoS) attack on number of websites, including Twitter, Spotify, Amazon, Reddit, Yelp and Netflix.
Some Israeli researchers from Weizmann Institute demonstrated how to take control over an intelligent Philips lighting that uses ZigBee standard for local connectivity.
While an office building blinking S-O-S in Morse code may seem just funny, the hacked lightbulbs could e.g. be reprogrammed to jam WiFi signal or blink with a frequency which could cause epileptic seizures.
Even more dangerous example was with a poorly implemented medical devices from St. Jude Medical’s that could result in serious troubles for patients with heart problems. Some time earlier there was a story about Jeep SUV that could be hacked and remotely controlled.
Inevitably we will hear similar stories in the future as well. Sooner or later someone will hack into a house alarm system and demand a ransom to let people in into their own homes.
Security of IoT
IoT security presents a number of new challenges. Various local connectivity solutions (WiFi, Bluetooth, ZigBee, etc.) may be poorly implemented and create an opportunity to take control over devices.
Physical access to devices could result in an SIM card being removed from the device and used in a phone or modem to try to break into a network with which device communicates.
A phone number associated with a device presents a risk of some unauthorized communication when someone discovers the number: many devices communicate using SMS technology and a malicious SMS sent to a device could cause malfunction or unwanted actions.
Also shipping and deploying devices with “root” account password set to “root” is not unheard of.
Many organisations, like GSM Association (GSMA) or European Union Agency For Network And Information Security (enisa) published their recommendations for IoT device developers to ensure communication confidentiality, data privacy, identification and authentication, secure firmware upgrades, and so on.
When more and more application and device developers follow and comply with these recommendations, hopefully there will be reduced risk of a network of garbage bins reading your e-mails or an alliance of refrigerators and water meters preventing you from watching your favourite movie series.
Let us know your opinion about the securtiy of IoT in a comment below.
Interesting toppic? Learn more about 5G & IoT in our trainings all over the world!
Learn: 5G & IoT training
Until next time,
The Apis IP-Solutions Team
Are we connected yet?
Connect with us on: