March 24, 2021
The Future of Connected Devices: Is the Internet of Things Really Secure?
Connected devices have permeated our world in ways that are sometimes subtle and other times utterly transformational. Devices that used to be “dumb” are now “smart.” Vacuums, thermostats, doorbells, pet feeders, heart monitors, and countless other devices are becoming smart and connected. For most of us, connected smartphones have become indispensable tools for navigating our daily lives.
This explosion of connected devices—also known as the Internet of Things (IoT)—is being propelled by the rapid evolution and convergence of multiple technologies.
Innovations in communications technologies such as broadband, wireless, satellite internet, 5G, and Internet Protocol version 6 (IPv6) are making it easier, faster, and cheaper for an increasing number of devices to communicate with each other.
Advancements in sensor, camera, semiconductor, and artificial intelligence technologies are enabling more and more computing power, intelligence, and monitoring functionality to be packed into smaller and smaller devices.
These emerging technologies are making it cost-effective to monitor and measure aspects of our personal and business lives that our grandparents would never have dreamed of. Harvesting and analyzing the massive amounts of data collected by IoT devices is enabling companies to create entirely new product and service offerings.
While connected devices offer many benefits, they have also introduced a myriad of new security issues. Keeping personal information, health information, and confidential business information secure in this emerging IoT world requires new and creative security solutions.
In this blog post, we’ll explore ways that IoT technologies are evolving, how these trends are impacting our business and personal lives, and the associated security concerns that need to be addressed.
Internet Protocol Version 6 (IPv6)
IPv6 is the latest version of the protocol used by devices to communicate with each other over the internet. It is intended to replace IPv4, which was introduced in 1983 and is still the primary internet protocol in use today.
Unfortunately, the designers of IPv4 did not anticipate the explosive growth of connected devices. Consequently, we are rapidly running out of IPv4 internet addresses.
The good news is that IPv6 has been designed to support a number of IP address that is difficult to even conceptualize—somewhere in the neighborhood of 340 trillion trillion trillion, which dwarfs IPv4’s piddling 4 billion IP addresses. If it helps you to get your head around it, IPv6 can support enough IP addresses to have one for every light bulb, car, and internet-connected device currently on the planet. That should do us for a while!
In addition to supporting a larger number of IP addresses, IPv6 offers improvements to connectivity, performance, and security.
Driven by the dwindling pool of IPv4 addresses and the benefits of IPv6, many companies are implementing plans to move to the new protocol. While this should ultimately result in an improved internet for everyone, we anticipate many bumps in the road to IPv6, including:
- More bandwidth-related problems. As IPv6 enables even more connected devices to be deployed, internet bandwidth could be pushed to the breaking point. We may have gotten a glimpse of what this will look like as the pandemic has caused a significant uptick in the number of remote workers and online students, leaving internet service providers struggling to keep up with demand.
- Increased vulnerability to cyberattack. While IPv6 should ultimately improve security, we expect organizations to be more vulnerable to attack for an interim period until IPv6 reaches full implementation maturity. With IPv4, early implementations had security flaws that were discovered and patched over time based on real-world experiences. We expect the same with IPv6. Other aspects of full implementation maturity include upgrades to existing security tools, solutions, and best practices to address the unique characteristics of IPv6, full staff training, and real-world experience and learning based on cyberattacks in the IPv6 environment.
Internet of Things
Internet of Things (IoT) refers to the network of physical devices (“things”) that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
In the next four to five years, we expect to have over 25 billion additional devices on the internet. Here are a few of the ways we believe these connected devices will be harnessed to create or significantly enhance products and services:
- Home automation. People will increasingly be able to instruct IoT devices in their homes to automatically perform duties that had previously been done manually. This might involve control of lights, TVs, music, door locks, vacuums, home security systems, heating and air conditioning systems, refrigerators, sprinkler systems, garage doors, or spas, to name a few. In some scenarios, users will control devices via voice or typed commands given to their smartphones, tablets, laptops, or other personal devices. In other situations, the devices will be capable of acting independently based on what’s going on in their environment. For example, they might open the garage door and turn on the heat when your car is within two miles of home at the end of a work day.
- Smart cities. Cities will leverage connected devices to reduced costs and improve the daily experiences of residents. Smart traffic lights will monitor traffic flows and adjust light timing to reduce congestion. Sprinkler systems in city parks will detect rain and measure the moisture content of lawns to deliver just the right amount of water. Parking space sensors will inform drivers where to find an open spot.
- Business applications. Drones will monitor pipelines for leaks and forests for fires. Sensors on containers will enable shipments to be tracked in detail as they transition from ships to trucks to warehouses to retail stores. Connected robots will continue to improve quality and reduce costs in manufacturing processes. The applications are limitless.
But with these innovative new uses of IoT devices come increased security concerns.
Imagine if someone were to gain control of your smart refrigerator and use it to display inappropriate images to your children. Or spy on your family via your home security cameras.
The proliferation of IoT devices gives hackers more opportunities to take control of connected devices and instruct them to send so many messages to a website or system that it becomes overwhelmed and forced offline. These Distributed Denial of Service (DDoS) attacks can have devastating impacts on companies and organizations.
Breaches of IoT applications in smart cities could have broad-scale impacts. For example, by hacking connected traffic lights, malicious actors could cause accidents or bring traffic to a standstill. Hackers obtaining access to connected power grids could induce power outages.
The rapid growth in IoT devices has opened up a wide range of opportunities for malicious actors to exploit vulnerabilities. To counter these threats, our collective defenses will need to be fortified. Improvements in router and firewall technologies, cybersecurity software and tools, procedures, policies, and best practices will be required to ensure security in this new environment.
IoT Medical Devices
The rise of IoT, combined with advancements in artificial intelligence, is driving innovation in the medical device space. Here are some of the potential new applications we see on the horizon:
- Smart ambulances will instruct traffic light systems to clear the most direct route to and from emergency scenes. These ambulances will have onboard inventory management systems that track supply usage and initiate restocking to ensure appropriate supplies are always available.
- Smartwatches and other wearable devices will increasingly be used to monitor patient activity, heart rate, blood pressure, glucose levels, and other important health information. This will enable doctors to better understand patients’ health information, leading to better treatment.
- Systems that monitor patients’ use of medications and automatically initiate refills will become the norm.
The world of IoT medical devices has all the security risks associated with IoT devices in general, plus the potential for malicious actors to negatively impact a person’s medical condition or compromise sensitive patient medical information.
For example, a malicious hacker that gains access to a patient’s smart pacemaker has the potential to do serious harm to the victim.
As IoT devices collect more and more patient health information, there is a corresponding increase in the risk of large-scale health data compromises.
As with IoT devices in general, significant enhancements to cybersecurity tools and practices will be needed to ensure the security of IoT medical device environments.
Smartphones
While smartphones are just another form of IoT device, their significant processing power—basically a computer in your pocket—and broad range of supported applications make them worthy of special consideration.
As the world of connected devices evolves, we believe smartphones will continue to be the primary method we use to control our IoT devices and view the data they have gathered. Because they control so many applications and store significant amounts of personal, payment, and health information, they will become increasingly valuable targets for hackers. Consequently, developing new tools and techniques to defend smartphones against cyberattacks is critically important.
Augment Reality (AR) is a rapidly emerging technology that we believe will leverage smartphones to bring many new and innovative products and services to market. AR applications will superimpose computer-generated images on a view of the real world that the user sees when looking through their smartphone screen or smartphone-connected glasses. The market for AR products and services is expected to grow to as much as $75 billion within three years.
Car mechanics will use AR applications to identify different parts of an engine for repair. They will also instantly see instructions on their phone or glasses that help them install or remove a part.
Shoppers will be able to hover their phone over an item for sale in a store to see the best price, product reviews, or product specifications. They will also be able to “try on” clothes virtually to see how they look before buying.
Making security a top priority throughout the development life cycle for IoT products and services will more than pay for itself over time. This is especially important for smartphone products and services, which will be a high priority target for cybercriminals.
The National Institute of Standards and Technology (NIST) is working on revising its mobile security standards. We recommend that these revised standards be integrated into all new smartphone applications, software, and hardware.
We Can Help
Tevora’s team of security and IoT specialists have extensive experience helping some of the world’s leading companies secure their connected device environments. If you have questions about IoT trends or would like help securing your IoT environment, just give us a call at (833) 292-1609 or email us at sales@tevora.com.
About the Author
Matt Mosley is the Director of Incident Response at Tevora.