IoT keeps growing despite security concerns


At the beginning of 2014, we had covered Internet of Things (IoT) as one of the top technologies to watch out for in the next few years. 2014 is being called the Year of IoT; the year when internet connected devices will become mainstream.

The figures are well-known by now – Gartner predicts that there will be 26 billion IoT devices by 2020 while Cisco says that there will be 50 billion IoT devices by that time.

The speed at which companies are introducing products and services related to the technology has made us come up with a mid-year update.

The CIA is concerned about IoT

At the 2014 Aspen Security Forum, Dawn Meyerriecks, the deputy director of CIA’s directorate of science and technology, talked about the looming threat IoT devices pose to America. Meyerriecks mentioned how a smart fridge had taken part in a spam attack last year which used IoT devices and sent 750,000 spam emails. As many as 100,000 IoT devices such as smart TVs were part of a network used by hackers to send spam emails.

Security experts consider smart devices in their current form as one of the most insecure computing devices and are warning that hackers can easily take advantage of this fact. Former Vice President Dick Cheney recently revealed that when he had a pacemaker installed in his chest in 2007, the doctors gave him the option of enabling its BlueTooth broadcasting feature to allow his medical team to monitor his heart online. Cheney says he refused to activate the feature over concerns of it being hacked.

The Industry is Miles Away from Building Secure Devices

It’s one thing for a hacker to ride piggy back on a fitness device of an employee and steal some corporate data but imagine a terror group getting control of pacemakers and other vital medical devices implanted in Americans. The group could have millions of American lives at its mercy and could blackmail the American government over whatever it wanted. This is not as farfetched a scenario as it might seem. A lot of IoT devices are vulnerable to cyber attacks.

The solution, industry insiders say is to work on making the devices more secure and raising consumer awareness of its vulnerabilities.

A report released by HP says that 70% of the IoT devices that are being used right now contain security vulnerabilities. These can range from password security to not using encryption and a lack of granular user access permissions.

The company’s Fortify application security unit carried out a security analysis of the 10 most popular consumer related IoT devices in the market and found a total of 250 security vulnerabilities for all of them. The devices were smart TVs, webcams, smart thermostats, and controllers for various home installations such as garage door openers and home alarms.

One of the main reasons is that most of these devices run stripped-down Linux versions, which isn’t a problem in and of itself, but the fact that programmers have not taken steps for making the systems secure as they would for desktop bound applications.

HP’s Mike Armistead says that what seems to be happening is that companies are rushing their products to the market without making sure that the devices are secure against even basic attacks.

Eight of the devices tested did not even require passwords stronger than “1234” and seven devices did not encrypt data before communicating with the Internet or a local network. Lack of encryption for updates and data transfers along with weak default sign-in credentials were some of the issues observed in the test.

Insights

IoT 101: Introduction to the Internet of Things

The Internet of Things is well upon us, proven by the massive strides taken by leading technological companies across the world. Mobility, Internet, and the cloud

Download

Investors are pumping a lot of money in IoT

Intelligence firm StrategyEye is reporting that companies have already poured $1 billion into developing and marketing IoT products in the past 18 months alone.

Jawbone, creator of fitness band UP24, has received $350 million- the biggest amount so far from investors. The second biggest winner is Oculus VR, designer of the VR headset Oculus Rift. The company has received $75 million.

Out of the top 10 companies who have received major funding, most of them are focused on wearable devices and the healthcare sector, and only two companies are not American (both of them are French).

The bigger tech companies are also in acquisition mode. Google bought Boston Dynamics for $500 million in December 2013 and also bought NEST for $3.2 billion in January. NEST is the maker of smart thermostats and smoke detectors, and the industry talk is that it is going to be a vital part of Google’s smart home initiative.

Battle of the Standards

Betamax vs. VHS, blu-ray vs. HD-DVD…the concept of standards wars in the tech industry is not new and IoT devices are not exempt from this today. Currently, there are two major groups that are pushing their own vision and with it their own standard of what the future of connected devices should look like.

The main industry players are forming alliances and promoting their standards, with most of the major companies having committed to one of the sides by now. The leading alliance at the moment is the AllSeen Alliance which was launched in December 2013 by Qualcomm to promote its open source technology platform AllJoyn. The alliance has brought on board most of the major names in manufacturing and software such as Haier, LG, Microsoft, Panasonic, Sharp, Cisco, HTC, Symantec and D-Link.

Intel has been the driving force behind the creation of the Open Interconnect Consortium (OIC) which was launched in July 2014. This alliance has just six members so far with the other five being Atmel, Broadcom, Dell, Samsung and Wind River. But OIC’s main advantage for the moment seems to be that it will be developing an open source standard that can be used on all the operating systems.

There are at least six other alliances that have been formed so far. Google has launched its own Thread Group and even the IEEE has a working group called the P2413.

Within a span of just six months we have seen major developments in the field of net connected devices. The speed with which companies are launching products, buying out rivals and trying to define standards shows that IoT devices aren’t just some futuristic talk but are already with us.