https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Wikipedia

Planet of the Apes

Could IoT Hacks Lead to a Planet of the Apes Scenario?

What’s the worst thing that could happen with IoT security? The U.S. Cyber Defense Advisor to NATO fears an IoT-induced Armageddon.
  • Written by Brian Buntz
  • 30th March 2017

Not long ago, if you went around saying that your TV was spying on you, most people might question your grip on reality. But what sounded like a conspiracy theory yesterday has become a reality for many. Sci-fi programming you might see on TV might be a harbinger of what’s to come with technology. In February, Vizio was fined $2.2 million for gathering consumer data without their consent. And earlier this month, WikiLeaks released secret documents indicating that CIA had hacked Samsung smart TVs to transform them into covert microphones.

At the IWCE conference in Las Vegas, Curtis Levinson, United States cyber defense advisor to NATO, explained that the vast majority of Internet of Things devices sitting on the public internet are vulnerable to an array of cyber-exploits. And many of those “things” can be weaponized. Smartphones can transform into full-color, full-motion bugging devices. Self-driving cars could be programmed to crash. The electrical grid could be knocked offline. There’s seemingly no limit to the possibilities. “My general rule is: If I can think of it, somebody else is already doing it,” Levinson said.

Unless we protect our ‘things,’ we are going to get to the Planet of the Apes.

What was most eye-opening about Levinson’s talk, however, was his conclusion: “Unless we protect our ‘things,’ we are going to get to the Planet of the Apes,” he surmised. Technological vendors are deploying IoT technology exponentially faster than they are protecting it.  

Cybersecurity experts are trained to think in terms of worst-case scenarios and, in his talk, Levinson easily rattled off an array of examples of IoT security vulnerabilities.

Take self-driving cars, for instance. “You wouldn’t get me into a self-driving car on a bet,” Levinson said. “I know how easy it is to hack those things, so it starts veering off course. It is connected to the internet, and the current realm of self-driving cars are not firewalled.”

Connected cars that lack autonomous functionality have long been at risk as well. Levinson stated that Mischel Kwon, the former director of the United States Computer Emergency Readiness Team (US-CERT), investigated automotive cybersecurity over a decade ago and gained remote access to cars at a nearby dealership. “She did this with the dealer’s full permission—because he didn’t believe it was possible—she started the motor of eight cars, unlocked them, rolled down the windows and even changed the radio stations. She got her master’s, but it was pretty shocking,” Levinson recalled.

Ultimately, any type of connected vehicle is at risk. The Las Vegas monorail is driverless and is, therefore, hackable. “It’s kind of frightening if you bump one train into another or all of the sudden reverse [them]. Very difficult to protect,” he said.  

Municipal infrastructure is one of the gravest threats. “Water treatment plants are highly automated. Their industrial control systems sit on IP addresses on the public internet and they are not firewalled and very often not protected,” Levinson said. A hacker looking to do harm to a city would only need to, say, turn off the water, change the water distribution pattern, or modify the water pressure. “Heaven forbid, they could do something like allow bacteria into the water and then distribute it,” Levinson stated.  

“I agree that a lot of bad things can happen to our infrastructure,” says Chris Kocher, co-founder and managing director of Grey Heron, who also spoke at IWCE. But Kocher prefers to envision specific risk scenarios. “I think there are some major things that could be pretty detrimental like controlling a dam to reduce massive amounts of water and creating floods, destroying an energy plant (gas, coal, or other) that creates huge explosions and the loss of power or water to thousands of people for months or years while rebuilding.”

[The topic of IoT security is a key item on the agenda at Internet of Things World in Santa Clara this May. Check out the agenda for the world’s biggest IoT event.]

Ultimately, the notion of rampant cyberwarfare resurrects concepts from nuclear policies developed during the Cold War. “Concepts of commensurate response come into effect (a tit for tat approach where you take one of mine, I’ll take one of yours),” Kocher explains. “But if you just destroy a power plant, I don’t destroy an entire city as that would not be commensurate.”

Another concept, Mutual Assured Destruction (MAD) is also at play here. “I think this prevents the Planet of the Apes scenario,” Kocher says. “If all sides have the ability through cyber or military means to wipe out or severely retaliate against an opponent, than no one wants to take the first step because they know the other side may completely destroy them in a mutual assured destruction scenario.” The challenge, of course, is that the Cold War strategies and understandings in effect between a limited number of superpowers in the past may no longer be relevant if rogue states or non-state actors become active, Kocher explains. This becomes even more complex as it is often difficult or impossible to definitively know where a cyber attack originated.

While any IoT has potential vulnerabilities, the risk levels vary widely. “Some IoT devices are pretty locked down with HW security, encryption, firewalls etc. Doesn’t mean it is impossible to hack them but could be very hard,” explains Kocher. “Unfortunately some are ridiculously simple as they come with default passwords and many people don’t reset them.”

The fact that many IP cameras, routers, and DVRs on the market use default passwords is part of what enabled last October’s crippling Mirai botnet. “Apparently on some of those cameras, there was not even any security,” Kocher explains. “As security experts always point out, the challenge with IoT, like any system, is that  they are only as strong as the weakest link.”

With cyberwarfare becoming fodder for prime-time news, science fiction plots can sometimes serve as a harbinger of things to come. After all, sci-fi authors have been warning of the post-apocalyptic possibilities of technology escaping the control of its owners for decades. The Internet of Things expands this potential reality.

In the near term, it is clear that IoT security is facing something of a perfect storm. As Kocher explains: “First, there are more devices available to be hacked; second, many are not locked up in a back office or data center but out there in people’s homes, cars, appliances and on their bodies in wearables; third, the data in some cases is extremely valuable and personal; fourth, everything is connected, as that is by definition what IoT assumes, which means if I can get in somewhere I can start accessing all kinds of remote systems; and finally, many of the devices have very low security barriers creating many weak links in the IoT security chain.”

Tags: Article Security Technologies

Related


  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Five Principles in a Zero-Trust Security Approach to IoT
    IoT devices have created vulnerability for IT networks, but a zero-trust security approach can lock down attack vectors. Here are five key principles.
  • Tactics for Successfully Selling IoT Technologies
    While this year has proven the value of digitization, many enterprises need persuasion. Experts discuss strategies for successfully selling IoT.
  • LynxSecure Datasheet
    LynxSecure is a tiny separation kernel that can be programmed to partition a modern processor into secure virtual environments. It is not RTOS. It is not a traditional hypervisor. It is smaller than a microkernel (as small as 15Kb). LynxSecure requires and leverages the hardware virtualization capabilities of certain modern CPUs to (1) establish secure […]

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Cybersecurity Crisis Management During the Coronavirus Pandemic
  • In Industrial Realm, Trustworthy Software Means Safety
  • Integrating Analog Controls into IIoT Systems
  • Dell Sells RSA Security for More Than $2 Billion

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart and Flexible Automotive and Tire Production

20th December 2020

Unlock the Potential of Digital Transformation in Oil & Gas

15th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

Protecting Your Network Against Ripple20 Vulnerabilities dlvr.it/RrJhpD https://t.co/Q2xe5hoy4U

25th January 2021
IoTWorldToday, IoTWorldSeries

The DOD turned to #kubernetes #containers for #IoTdevelopment to brace for rapid change. dlvr.it/RqzsLz https://t.co/t8W7coEdZN

20th January 2021
IoTWorldToday, IoTWorldSeries

Food for thought: Food and Beverage Industry eBook @ROKAutomation dlvr.it/Rqz00T https://t.co/Z3y18vuozF

20th January 2021
IoTWorldToday, IoTWorldSeries

Facility of the Future dlvr.it/Rqyzvm https://t.co/ytpsOUTtGP

20th January 2021
IoTWorldToday, IoTWorldSeries

A new day in automotive production #digitalmanufacturingsolutions @ROKAutomation dlvr.it/RqyrNS https://t.co/yxPFrBZGVg

20th January 2021
IoTWorldToday, IoTWorldSeries

Unlock the potential of digital transformation in Oil & Gas @ROKAutomation dlvr.it/RqyrBV https://t.co/kzHcGjf2OK

20th January 2021
IoTWorldToday, IoTWorldSeries

.@Airbus’s #datdriven #digitaltransformation focused on getting its existing data in order rather than just gatheri… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#EdgeNLP enables devices to do much more #NLP locally that better approximates human conversation.… twitter.com/i/web/status/1…

19th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X