https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

Dark clouds could be forming for the IoT industry

IoT Security: The Darkest Cloud Yet is Coming

Smart dust could multiply IoT’s security problem.
  • Written by Thomas Pore
  • 7th December 2016

Here are two eye-opening facts: There are millions of compromised devices on the internet and, bots generate a significant amount of web traffic. Malicious bots can take our personal information, host web sites selling contraband, and participate in massive DDoS attacks. Who knows what else they could do in the near future. As an Internet society, we have thus far failed curtail this growing problem. Vendors today are still shipping IoT devices that are easy to compromise. Some products are even infected with malware before they leave the manufacturing facility. As concerning as it may already be, this issue could be about to explode exponentially.

Explosion of IoT Devices

The explosion of infected devices is likely to come in the form of the Internet of Things (IoT).

Gartner Inc. forecasts that 6.4 billion connected things would be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day.

IoT devices can come in the form of tiny microscopic sensors, a few millimeters in size, known as smart dust. These ultra-low-power low-bandwidth devices are able to send sensory data such as temperature, vibration, GPS coordinates, and more back to an Internet host for further analysis. Smart dust could prove useful for tracking packages and for providing shippers and receivers with location information during transit. These sensors could be stuck on airline luggage to provide accountability to baggage handlers that would help alleviate a traveler’s concerns over lost luggage. It could even be used for tracking the location of a person… just toss some smart dust on them during a distracted moment and you’ll know their exact location at any time when they wear that jacket.

The IoT Security Concern

But smart dust could have a shadow side. Autonomous vehicles, the connected home, the smart building, are all projects designed to automate and ease daily tasks or provide optimized energy consumption. As more of these IoT devices come online, it is uncertain who will maintain the security of these devices. As infection technologies advance, who will maintain existing IoT platform deployments? Who will provide security patches? Will patches be provided automatically? If a smart home is tricked out with more than 200 sensors and sold to another party, will user accounts and “smart home training” be included as part of the closing? Don’t count on it.

Related: What’s in Store for IoT Security in 2017

The challenge associated with technologies such as smart dust is how to handle the disposability of these devices. They could run for years with the latest rechargeable battery technologies. Once their initial task is completed, they could end up in a landfill, still connected, and capable of communicating to the internet via 6LoWPAN. Although the traffic generated by an individual smart particle is extremely small, if smart dust use explodes and these discarded specs of IoT dust get compromised, large-scale disruptions could have long-lasting impacts against targeted victims. Even if available bandwidth is limited, there is power in numbers! Our Internet community needs to consider who owns the responsibilities of an IoT device once it’s been discarded. How do we clean up a mess like this?

Where We Are Today

We know that devices currently sitting on store shelves or deployed in homes are vulnerable. We know for example that a Wi-Fi refrigerator has been compromised and has been used to spam tens of thousands of email accounts. We know that internet-facing DVRs are one type of IoT device that poses an immediate risk of compromised to become an army of weapons used in DDoS attacks. Currently, millions of devices have shipped with default credentials, putting the security responsibility on the unknowing end user. 

We have learned that consumers buy products that improve their way of life. Unfortunately, manufacturers are known to compromise on details such as security in order to be first-to-market. Today, it seems the general public isn’t concerned about the lack of security so long that they are not directly affected and Netflix/YouTube streams flawlessly. 

What We Can Do

We need to make sure that Smart Dust has a hard-coded end of life where it simply stops working through a self-destruction mechanism triggered when the initial intended use has ended. BCP 38 can be implemented to prevent source address spoofing and legislation could be considered to enforce IoT guidelines. The FCC has already established a certification process on all devices that emit or receive radio-frequency spectrum as a means to verify that they don’t interfere with radio communication. A letter from FCC Chairman Tom Wheeler outlined that a plan was underway to address the cyber risks associated to IoT devices. Unfortunately, the timing of this letter is not ideal as future actions on this matter have been suspended with the change in administrations. It is yet to be seen if the Trump administration will pick up the ball and addresses the IoT cybersecurity issue. If not, the issue of DDoS will continue to grow.

Thomas Pore is an expert in network behavior and cyber threat intelligence analysis. He is a regularly quoted as a cyber security resource for global media outlets and is an adjunct professor teaching ethical hacking. Pore is currently director of IT and field engineering at Plixer. His responsibilities include establishing, planning, and implementing the company’s IT and security policies and procedures, leading the company’s professional services team and driving product features and roadmap. He established, and is responsible for, the Malware Incident Response and Advanced NetFlow Training programs offered throughout the United States. Pore regularly travels the world meeting with customers, helping them optimize threat detection strategies and incident response solutions.

Tags: Article Security Technologies IdeaXchange

Related


  • IoT Security Firm to Acquire Medical Security Startup
    Claroty is set to acquire Medigate to grow its foothold in securing the Internet of Medical Things
  • Ransomware Attack Could Impact Paychecks
    The Kronos ransomware attack affected the company’s private cloud service over the weekend, knocking it offline just before the holidays
  • Image shows an abstract digital big data concept.
    BotenaGo Malware Targets Millions of IoT Devices
    AT&T Alien Labs identified the malware that has left millions of IoT devices exposed.
  • IoT Startup Raises $10M
    Platform aims to bolster network security with automated device configurations and visibility.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • IoT Device Security at the Edge Poses Unique Challenges
  • Zero-Trust Security for IoT: Establishing Rigorous Device Defenses
  • AI Ups the Ante for IoT Cybersecurity
  • Protecting Your Network Against Ripple20 Vulnerabilities

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Explore Emerging Tech For Enterprises at @TechXLR8 2022 this June ➡️ Join us from 1-3 June in harnessing the pow… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Clearview AI has been fined $9.4 million for collecting images of people from social media platforms to add to its… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X