The Internet of Things (IoT) is expected to experience significant growth in the near future, with Gartner Inc., a research firm, projecting a 31% increase in connected things worldwide from 2016 to 2017. It is estimated that by 2020, there will be a total of 25 billion connected devices. This growth is driven by the potential benefits of improved insight, customer satisfaction, and efficiency. However, ensuring strong security measures throughout the IoT ecosystem remains a major concern due to the heightened security risks associated with connected devices. This paper examines IoT security, explores possible future technologies, and discusses the challenges of implementing IoT from a security perspective.
Introduction: The current state of Internet of Things (IoT) devices is reminiscent of the initial stages of the internet, when users encountered challenges such as viruses, worms, and email spa
...m. Many companies have hurriedly created products without adequately addressing internet security concerns. It is crucial to acknowledge the impending surge in IoT device connectivity and the substantial volume of data they will generate. Projections indicate that by 2025, there will be a staggering 75.44 billion connected devices within the IoT.
By the year 2020, approximately 25% of the world's estimated 163 zettabytes of data will be created in real-time. The majority of this data, accounting for 95%, will originate from devices that are connected to the Internet of Things (IoT). Experts predict that the IoT will have a significant economic impact and could potentially be valued at $8.9 trillion by 2020. While there is great enthusiasm for the advantages it brings, experts also express concerns about the ever-changing cyber-threat landscape associated with the IoT. Figure 1 illustrates how any objec
can connect to the internet at any time and from anywhere, offering a wide range of services through various networks to individuals. This concept creates opportunities for applications such as smart vehicles and homes that provide services like notifications, security, energy conservation, automation, communication, computers, and entertainment. Below are several unique characteristics attributed to the Internet of Things (IoT).
- IoT enables connections between people and devices, as well as device-to-device connectivity.
- Sensing technology allows for accurate awareness of the physical world, including people and objects.
- IoT devices can possess intelligence, such as Nest Learning Thermostats with Wi-Fi capabilities, sensors, and self-learning abilities.
- IoT helps prevent power wastage, promotes energy harvesting, enhances power utilization efficiency, and eliminates human error.
- It facilitates improved communication between humans and machines.
- IoT ensures individual safety by allowing moving car tires to relay their current state to the car owner via smart car dashboards. This mitigates accidents caused by overheating or tire bursting.
The main concern for IoT device manufacturers is the speed of market entry and potential revenue. However,startin g from 2018and beyond these devices could pose significant risks to organizations,cities,and even human life if they end up in the wrong hands.
The significance of prioritizing device security for companies before launching products into the market cannot be overstated. However, a recent survey conducted by research firm 451 Research reveals that IT professionals still hold significant concerns regarding security when implementing IoT projects within their organizations. These concerns encompass data theft, network security, and device protection. In order to address these concerns, it is imperative in 2018 to establish standardized IoT devices that are designed with security in mind right from the start.
Utilizing IoT devices offers numerous advantages
such as enhanced analytics capabilities, improved security measures, increased productivity levels, efficient inventory management processes, safer travel experiences, and real-time visibility into demand patterns. Nevertheless, the vulnerability of current IoT devices can be attributed to various factors including insufficient security measures due to high costs or the prioritization of device performance over security considerations. Additionally, exposing these devices directly to the web without proper network segmentation further contributes to their susceptibility.
Moreover, incorporating unnecessary functionality or releasing versions with poorly tested code amplifies the associated risks. Furthermore, these devices' hardcoded default credentials render them susceptible to hacking attempts. One of the primary challenges faced by IoT devices revolves around ensuring their security during data transmission both over the internet and through secure private networks and VPN tunnels.In order to safeguard confidential and private application data stored on various devices, it is essential to protect against theft, tampering, or destruction. Suitable safeguards at the application level must be included to ensure IoT security. These measures should address potential threats like Distributed Denial of Service (DDoS) attacks. Additionally, implementing security protocols for authenticating entities requesting data access, which may include multi-factor authentication, is crucial.
The significance of IoT security is underscored by various factors, such as data privacy, data security, insurance worries, lack of common standards, and technical challenges. The gathering of personal information during daily activities and preferences can give rise to privacy issues. Furthermore, transmitting this data over the internet without sufficient security measures can lead to theft. Sharing driving and personal navigation details with insurance companies can also raise concerns about differing premium rates. Additionally, the absence of a unified standard for IoT presents a major
obstacle in achieving widespread acceptance within the industry. Each IoT device has the potential to generate an immense amount of data, making storage, protection, and analysis challenging. Social and legal concerns also come into play when considering IoT security since there are no mechanisms in place to address these matters. This raises questions regarding ownership rights pertaining to video streaming from Google Glass or healthcare-related data from other wearable devices. Moreover, there is uncertainty surrounding the potential consequences when autonomous devices lose control. Instances of hacking incidents and vulnerabilities serve as examples that highlight the necessity for robust IoT security measures. Notable instances include the Mirai Botnet (also known as Dyn Attack) and hackable cardiac devices from St.
Examples of security vulnerabilities in IoT devices include Jude, the Owlet WiFi Baby Heart Monitor Vulnerabilities, the TRENDnet Webcam Hack, and the Jeep Hack. In Lappeenranta, Finland, residents of two apartment buildings experienced a shutdown of their heating system due to a distributed denial of service (DDoS) attack targeting Valtia, the company responsible for facility management services and controlling the heating system. The attack overwhelmed the system with traffic, forcing it to initiate a reboot.
This incident caused the computer to enter a cycle of rebooting, resulting in a cessation of heat supply to the buildings and confusing the maintenance staff. Luckily, the network administrators managed to restrict internet traffic to the specific system affected, and consequently, residents regained access to their heat supply. The inhabitants of these apartment buildings in Finland were fortunate that this event occurred before the coldest part of winter. In the late December period, Lappeenranta experiences barely over five hours of sunlight, with temperatures
reaching around 26 degrees Fahrenheit (approximately negative 3 degrees Celsius). While other DDoS attacks usually inconvenienced individuals, this instance from Finland highlights the potential danger posed by IoT devices on people's lives.
Owlet WiFi Baby Heart Monitor Vulnerabilities
Owlet is a sensor embedded in a sock that babies wear. It monitors their heartbeat and sends the data wirelessly to a nearby hub. The internet-connected home unit can then send an alert to the parents' smartphones if there are any concerns. The Owlet Smart Sock utilizes infrared light to monitor the child's heart rate and blood oxygen level, similar to the technology found in an Apple Watch (excluding the blood oxygen level monitoring).
By connecting a sock to a base station and attaching it to your child's foot, you can establish a connection between the sock, your phone, and the base unit. This connection allows you to receive real-time updates on your child's heart rate and blood oxygen levels. If either of these levels decreases significantly, notifications will be sent to both your phone and the base station. Baby monitors are essential in the Internet of Things (IoT) as they serve as safety tools for infants and young children. Placed near babies, these devices provide reassurance for new parents. With internet connectivity, they also bridge distances by enabling distant relatives to connect with their nieces, nephews, and grandchildren. Additionally, they allow parents to monitor their children remotely even when they are not at home.
The design and deployment challenges faced by video baby monitors, commercial security systems, home automation systems, and on-premise climate control systems are similar. These IoT devices are widely used and incorporate components found in many other
IoT devices. It is particularly important to investigate the security of video baby monitors because they are marketed as safety devices and should have strong security measures. The methods used to identify security vulnerabilities in video baby monitors can be applied to other areas of interest for commercial users, industrial users, and security researchers. An example of a specific security weakness exists in the base station of the Owlet Wi-Fi baby monitor. While data transmitted between the manufacturer's servers and parents' phones is encrypted, these servers also allow communication with parents when necessary.
The ad-hoc Wi-Fi network connecting the base station and sensor device lacks encryption and does not require authentication. Within range, one can eavesdrop on and manipulate the base station's wireless network. This means that the base station establishes an open Wi-Fi network that the sensor (and others) can join. By sending an unauthenticated command over HTTP, one can prompt the Owlet base station to disconnect from your home Wi-Fi network and connect to a network of your choosing. Additionally, you can take control of the system, monitor a stranger's baby, and prevent alerts from being sent. Consequently, these default insecure devices pose a threat not only to their own data but also to the network they are connected to. The TNC standards provide a means to inspect devices for malicious software or firmware each time they attempt to access networks or other devices.
It is important to use security software and protocols to isolate and resolve infected devices. If a device has malware or other harmful programs, it should be separated and contained. By implementing layered security measures, the potential damage from a compromised
device can be minimized. Using a Mandatory Access Control system restricts user access to certain functions or files on a device. Data encryption is necessary, and ensuring end-to-end encryption is crucial.
To ensure the full utilization of IoT devices and systems, it is crucial to incorporate them with legacy machines or appliances that were not originally intended for connectivity or protection against hacking. This integration aims to safeguard legacy systems through industrial control systems.
Conclusion
Although IoT devices have immense potential in simplifying our lives, disregarding security concerns and failing to address them may lead to these devices causing more harm than benefit.
Although we have encountered numerous problems and acknowledge that there are still more to be discovered, it is crucial for IoT device manufacturers and companies to prioritize security. It is worth noting that no Internet-connected computer can ever be entirely secure. Despite this, abstaining from using the Internet is not a prudent decision for most businesses when considering their corporate perspective. Therefore, incorporating internet security into an enterprise's strategic plan and allocating adequate resources to enhance system security becomes imperative.
References
- Zeinab Kamal Aldein Mohammed, Elmustafa Sayed Ali Ahmed, Internet of Things Internet of Things Applications, Challenges and Related Future Technologies
- https://www.iotforall.com/5-worst-iot-hacking-vulnerabilities/
- http://nymag.com/intelligencer/2018/05/why-using-smart-wearable-baby-monitors-was-a-mistake.html
- https://computer.howstuffworks.com/internet-things-leaves-finland-cold.htm
- https://www.quora.com/Are-security-measures-used-in-IoT-effective