For years, even before the existence of WiFi, technology experts have spoken about a future where everything is connected to the internet.
From kitchen appliances to machines in factories and everything in between – in the future world, they said, everything will benefit from being connected.
Our ‘smart’ living room thermostat would set the temperature just right before we got home from work. Factory managers would receive real-time updates on the status of the production line. Our washing machine would even let us know when its current program ended.
If these scenarios don’t seem much like a future world, it’s because we’ve reached the point where that future is today’s reality.
We hear more and more about connected devices – from washing machines you can control remotely with a smartphone app to internet-connected toothbrushes, and there are numerous startups trying to tackle how to improve and broaden device connectivity.
This network of connected devices is the Internet of Things, or IoT. It’s an evolution of the internet in which everyday devices have network connectivity and can communicate with one another and (hopefully) serve us better than their offline predecessors.
This is the future of the Internet, and its security should be a major concern.
In 2010, a hacker remotely remotely disabled over 100 cars in Austin Texas by hacking into an online vehicle immobilization service.
Earlier this year, a hacker hijacked a connected baby monitor and spoke through it, thoroughly freaking out the puzzled nanny.
And hackers finding their way into connected devices can go far beyond cars and cameras.
For example, SCADA systems — computer systems used to control many types of industrial processes including food processing and even uranium enrichment — have been targeted not only by intelligence agencies but by cybercriminals as well.
All of these are great examples of the dangers stemming from an unsecure Internet of Things.
Sure, connecting devices to the internet can offer innumerable benefits and conveniences. But connecting a device onto the web immediately opens it up to potential attacks, and the more devices we connect (which is what the IoT is all about), the more vulnerable we become to attack.
The security dangers of the Internet of Things
The dangers of adopting connected devices that are improperly secured is massive.
On the personal level, as the car immobilization incident and webcam hacks have shown us, disruption of daily lives is a real thing.
This can go far beyond pranking an innocent nanny; a hacker who has hacked into a car’s systems could quickly put the driver’s life in danger by, say, stopping the vehicle in the middle of a busy highway.
There are also a number of ways connecting our homes to the internet can aid real-life crimes.
After it was revealed in 2007 that high-street retailer TJMaxx was breached, investigators discovered that the hack took place via the store’s insecure WiFi network, with the hackers sitting in the parking lot.
This goes to show that hackers aren’t always thousands of miles away sitting in some dark room; rather, they might be a very short distance from their target. Can you imagine what could happen if a hacker obtained access to your home’s connected security system or your car while you were at work?
The Internet of Things doesn’t affect us only in our personal space.
I’ve already mentioned hacked SCADA systems. More and more devices in the industrial sector are becoming connected, which opens manufacturing processes up to internet attacks, which could lead to the complete shutdown of goods.
We see the threat of the Internet of Things in the financial sector, too. Indeed, attacks against point-of-sale devices — which have been connected for some time now – continue to get hammered by malware, allowing hackers to steal the credit card information of thousands of victims.
And what about hacked hospital devices?
More devices in hospitals are already becoming connected, and gaining access to hospital networks is not an impossible feat for hackers.
Last year, Wired published a fascinating article exploring how hospital systems can easily be hacked.
If the idea of a hacked monitor or scanner doesn’t seem scary enough, how about the idea of a hacked medication dispense system or defibrillator?
At the personal level, we can see how hackers accessing connected devices doesn’t always mean the disruption or tampering of our lives.
When someone has access to the devices we use in our everyday life, they can easily find out where we are at any given moment. The hacker who hijacked the baby monitor could have used it not only to spook the nanny, but also to eavesdrop and potentially discover when no one was home. Access to a car’s systems might reveal where the driver is located at almost any given moment.
It can’t be denied; the Internet of Things has an immense potential to make systems and processes run more smoothly and be more convenient.
Connecting devices to a network can increase the value we receive from them tenfold.
But it’s crucial that we remember the reality that too many are eager to forget as they race toward a more convenient life, the reality that as we connect devices to the network, we open them and ourselves to attack.
The more devices we connect, the greater our concern over the state of their security should be.
Are you concerned about more and more devices becoming connected to the internet? Leave a comment below.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
3 comments on “What is the Internet of Things, and why should we care about its security?”
With a greater presence of IoT in the future, I think we will see a corresponding rise in the penalties for those caught hacking. Hand amputations and lobotomies come to mind ;-)
"Sure, connecting devices to the internet can offer innumerable benefits and conveniences. But connecting a device onto the web immediately opens it up to potential attacks, and the more devices we connect (which is what the IoT is all about), the more vulnerable we become to attack."
I don't find it all that convenient and even if I did, I don't find the risks worth it. But I have something more important to say:
It isn't just the web that matters. The web is only a small part of the Internet as we know it. Some might call it semantics but it isn't; the web is a higher layer and without the lower layers it wouldn't exist as such (in addition, many other layers and indeed other applications, all have risks [and some IoT capable devices have other services than http/https, and have serious flaws – even flaws of amateurs decades ago – too]). Also, by using the web and the Internet interchangeably, you further add to this confusion. I don't think that is a good thing because there are more implications with the Internet outright (and after all, without an address, how does it communicate with other nodes?).
In other words, you might want to consider fixing the article to not refer to the web as if it is the Internet.
Just a thought ..
I'm old, I have security. I've been carrying the same 44 magnum under my arm for 35 years. I walk to the mailbox 1/4 mile down the mountain creek. I know when my clothes are done, my washing machine stops. What's next, are you high tech wonders gonna have a little voice chip that announces in your ear, "Your're finished now, wipe your butt and get up."
Sonny Smith, a voice of Sanity in the wilderness