Thales eSecurity Blog

Developing a New World Order for the IoT Connected Universe

Tina Stewart
Tina Stewart | Marketing More About This Author >

16VR383_IoT_SocialPosts_r2-linkedin-2Imagine a world where your coffee maker produces a fresh brew at the break of dawn simply from activating it with your smartphone. Your driverless car directs you to work while you catch up on the morning news. On the way home, your refrigerator notifies you that you’re running low on ingredients for dinner.

Click to Tweet:   Blog: 61% worried about IoT hacks for Cars, Security Cams @socialtis bit.ly/2afdzIr pic.twitter.com/TAL68LSVAa

I know this seems incredibly futuristic but we aren’t far off. Technology companies globally are generating sensors in everything from oil pipelines to toasters. However, while we are in fact connecting just about everything to the internet, being connected to the internet is not all fun games. It comes with very real vulnerabilities. What if one of these internet connected devices breaks down, goes haywire, or gets hacked? As we’ve seen far too often, hackers can hack into smart/internet connected products in a mere minutes – and there are headlines to prove it:

  • VTech: Parents around the world were shaken after hackers accessed the VTech database containing information on more than 6 million children who use the company’s toys.
  • Hello Barbie: Hello Barbie allowed children to converse with the doll over a cloud server connection. Researchers uncovered several vulnerabilities in the toy, the worst of which could allow an attacker to intercept a child’s communications.
  • Jeep: Two researchers hacked Jeep’s multimedia system through a Wi-Fi connection. They were able to take control of the steering wheel, engine, transmission, braking system, not to mention the windshield wiper, air conditioner and door locks. Moreover, they were able to control everything remotely over the Sprint cellular network.

Each year the number of connected “things” increases. In 2020, Gartner forecasts that number will reach 20.8 billion. As IoT grows, so does the need for cybersecurity solutions. Articles like this one from New York Magazine show the very real damage that a hack can cause in a metro area. Imagine connected cars creating horrendous traffic or worse, crashing in a massive accident; medical devices providing medical history to hackers or not providing proper meds to patients; power grids shutting down, causing wide-range power outages. The list of events goes on and on, stressing the disaster waiting to happen in this inevitable IoT world.

For additional insight into the IoT ecosystem, we released our survey today (in conjunction with Wakefield) that found:

  • Participants most fear the hacking of their cars (61%): Tesla showed us the power of a truly connected car with API’s that could remotely access a vehicle’s data and fix issues with over-the-air updates. Self-driving cars also became a tangible reality, with Google and Delphi demonstrating prototypes across America. While connected cars do pose the highest concern for being hacked, who can blame them? People want to feel safe in their cars, whether that is in heavy traffic or on the open road.
  • 61 percent of respondents are worried about having their home security cameras hacked: The fully-furnished smart home is still years away, but home devices are making strides to IoT and the concerns from consumers are growing. Individual devices are connected to your smartphone, making it easier to monitor the status of an individual’s home, pets or children.
  • While medical IoT security has received much attention, medical monitors register with less than a quarter of respondents (20%):  What most do not realize in the whole IoT story when it comes to healthcare is that X rays, MRIs, CAT/PET scans, labs and a host of other healthcare data is completely digitized. Printed doctors’ orders and results have also become digitized and are internet based. Your most private information which was once the unspoken bond between you and your doctor, sits on some server somewhere and in most cases, is vulnerable to the same security concerns that any data is exposed to. What’s worse is that your healthcare data is a highly coveted commodity to steal, which puts it at high risk for theft.
  • Additional findings when asked if internet-connected devices were the most vulnerable to hacking were as follows:
    • A virtual personal assistant device that is not a smartphone, such as the Amazon Echo: 52%
    • A smartwatch, such as an Apple Watch: 45%
    • A kitchen appliance, such as the Samsung Family Hub refrigerator: 20%
    • A wearable fitness tracker, such as a Fitbit: 18%
    • A thermostat, such as Nest: 14%
    • A lightbulb, such as Philips Hue: 9%

While a hack on the network of connected devices can be catastrophic, Americans are eagerly adopting IoT technologies. Almost half of the respondents polled are using internet-connected devices, with boomers (46%) lagging behind millennials (56%). The most popular devices already in use are:

  • Autos (24%)
  • Wearable fitness trackers (18%)
  • Home security cameras or similar devices (9%)
  • Thermostats (8%)
  • Lightbulbs (7%)
  • Smartwatches (7%)

In a recent blog post on businesses rethinking IoT security, Kessler discussed how IoT should not be viewed as a promised land of free profits, open to all who care to play there. Instead he borrowed from Voltaire and Spiderman highlighting that, “with great power comes great responsibility.”

Like the Internet, the Internet of Things is going to be a part of our everyday life, with an increasing number of devices getting connected to the Internet. It is also evident that several software, service, and product companies are showing interest in connecting devices to make products and services more attainable. However these clear benefits leads to clear vulnerabilities. The IoT’s ability to generate highly valuable and sensitive information is sought after by organizations but is also a treasured target for hackers and cyber criminals. Whether they leverage it for their own purposes or sell it to the highest bidder, the information and insight derived from just one successful breach is enough to sink a company and put individuals in very real physical harm.


Interested in learning more about how organizations are dealing with the risks of IoT today?  Download the 2016 Vormetric Data Threat Report – Cloud, Big Data and IoT Edition written by 451 Research analyst Garrett Bekker (Find the Cloud, Big Data and IoT edition halfway down the page).


 

As we move forward, we expect security to play an enormous role in allowing the IoT ecosystem to reach its full potential. That is why it’s prudent for businesses to think ahead, forecast and asses vulnerabilities.

The most effective way to ensure the security of an organization is to render data unusable. Leveraging data encryption ensures that sensitive data whether it is customer information, company information or insights gleaned from the IoT is totally useless to the outsider. With transparent encryption, this same information can quickly be secured without taking a performance hit or altering the user experience.

Thales recently announced that the SAMSUNG ARTIK™ platform is supported by Thales’s cryptographic solutions to provide cryptographic key generation, verification, signing and key management. Interested in learning more? Click here: Thales eSecurity’s support for the Samsung ARTIK platform.