The dangers posed by the Internet of Things (IoT)
The introduction of the Internet of Things (IoT) has revolutionised both personal and business lives. Consumers can change their home heating and lighting from a phone app thousands of miles away and give commands to their televisions and speakers, while businesses can use any number of devices to collect data that will report on KPIs or inform critical business decisions.
Consumer IoT devices are considered a luxury; frivolous items that might make someone’s life minutely easier but offering little real value. But there’s not much thought given to the more sinister side of devices that are permanently online with the ability to watch, listen to and sense your every movement.
Many smart TVs were infected with Ransomware at the turn of the year, highlighting the increased surface area for cyber criminals to attack. One unfortunate soul had his TV infected on Christmas day – no Queen’s Speech for him! Smart TVs are susceptible to Ransomware, and notoriously difficult to restore. This has resulted in huge swathes of Ransomware attacks aimed at smart TVs. The key issue is downloading infected apps and running them on the Android software that comes with many smart TVs.
At this point you might be rolling your eyes. So he can’t watch TV for a day, big deal. And while it’s less than ideal, it’s not the worst risk internet-connected devices pose.
Tens, and possible hundreds, of thousands of baby monitors were hacked early last year, with the revelation that the devices were insecure and easy to hack. The hacking of video monitors meant crooks could watch children and even speak to them. Some of these live video feeds had been broadcast on Russian websites, along with feeds from other unsecured live cameras. Experts recommended password-protecting the monitors, which are particularly vulnerable without that layer of defence. It goes without saying that these passwords should be stronger than ‘password123’…
Believe it or not, it gets worse: hacking IoT devices could kill. Researchers at the University of South Alabama successfully hacked a pacemaker and killed…a mannequin. But the results of this testing highlight how dangerous IoT devices can really be. The researchers were able to speed up and slow down the mannequin’s heart rate, which could easily kill a person with heart problems who relies on a pacemaker; the mannequin was the most realistic patient simulator around - iStan. Following the research, they said a number of critical health appliances, such as electronic insulin pumps, could be hacked just as easily.
Internet-connected and self-driving cars have also raised concerns. A controlled experiment resulted in two hackers successfully hijacking a Jeep by moving the steering wheel and controlling the brakes remotely; the vehicle was travelling at 70mph. Smart cars could also be held to ransom, which is less of a concern than the loss of life, but represents what a wide-reaching threat connected appliances pose.
It’s also possible that targeted, calculated attacks on household IoT items could have far bigger consequences than a malfunctioning fridge or erratic heating. If hackers had access to an entire network of internet-connected electrical household items, and turned them all up or on at the same time they could theoretically bring down the National Grid by overwhelming the system. A hack like this is unlikely right now because millions of homes don’t have a proliferation of connected devices beyond their phones, TVs, laptops and PCs. But by 2020 there are expected to be over 50 billion devices connected to the internet (CompTIA), which again highlights the scale of the potential security threat.
What are your thoughts on the Internet of Things? Have you started incorporating connected devices in your household and beyond? Do you think we need to be worried?