Have you heard the story about the hackers who used a fish tank to steal data from a casino?
It sounds too incredible to be true. But it happened.
Bad actors used the tank - which was connected to the internet - as a way into the wider network of the casino in North America. And from there they were able to access data from other, more valuable devices.
This story is a perfect illustration of the dangers facing businesses and end users embracing IoT. It shows that it’s easy to forget to protect devices that don’t appear to have much value to bad actors. Especially if your focus is on getting it up and running quickly.
But those who threaten your data rarely target one single device. Instead they’re looking for a weak link. A way in. As this video explains (watch from 13:15), it’s possible for a bad actor to break into a security camera at an office or facility. And once they’re root with that camera, they can more often than not access the wider internal network. They can use the camera as a base for other attacks.
That’s why it’s so important to secure all the connected devices and sensors that form part of the network. That could be your smart home or office. It could be a power plant, or a hospital.
Or it could be a whole city.
When you find a balance between speed and security, you can enjoy the positive benefits that come from an interconnected network of devices, without worrying about attacks.
Adding gates to the city walls
For a long time the buzz around IoT lacked substance. Devices sometimes seemed a little gimmicky. After all, just how useful is an internet-connected fish tank?
But things have changed.
Take a look around the office or living room that you’re sat in right now. Chances are you’ll be able to spot a variety of helpful devices that are linked to the internet - and to one another. For example, as I write this my phone is sat alongside my laptop. The smart watch on my wrist has just reminded me about the call I have scheduled an hour from now. And across the room, Alexa is ready to take my requests to shift to a different Spotify playlist.
The list of connected devices is growing all the time.
Some objects that you wouldn’t expect are now logging and sharing valuable data. The vending machine in your office, for example. Or the lampposts on your street.
Gartner predicts that the IoT market will grow to 5.8 billion endpoints in 2020. A rise of 21% from 2019. And this growth is only going to speed up once 5G is in place. The new mobile technology means that single-use devices will be able to carry out digitally automated services.
This combination of 5G and IoT has the potential to enable smarter cities. Thousands of otherwise ignorable objects will send updates and measurements about what’s happening around them. Much like ants sending messages along the line and back to the nest.
In theory, this data will make our commute easier. We’ll know ahead of time when infrastructure needs to be repaired and replaced. It will make living in busy cities less stressful.
But there’s a problem. The more objects we connect to the internet, the more gates we’re adding to the city walls. And all it takes is one unprotected fish tank or security camera for one of those gates to be prized open.
The danger of delaying security
There are parallels between IoT and the connected car. We’re so keen to make as many connections as possible that the need for protection is ignored. Or at least put off for a while.
In a recent Verizon report on mobile security in the US, two fifths of respondents admitted they’d sacrificed IoT security to “get the job done”. Getting products to market quickly and making sure you protect them don’t always go hand in hand.
But here’s the thing. The group in the Verizon report who had sacrificed security were almost twice as likely to have suffered an attack against an IoT device. That’s why striking a balance between speed and security is so important to IoT success.
After all, bad actors can be creative in their attempts to glean valuable data. Hacking a casino’s fish tank isn’t the only outlandish story that has circulated in the press. There have been others about hacked dolls and teddy bears gathering personal information from unsuspecting children.
More typically, IoT devices exist to record data on our daily habits, or to collect information on the things that surround us. Switches, lamps, motors and power outlets have become data-sharing sensors.
But this novel habit of recording everything can invite risks, too. Bad actors can get a pretty good picture of our movements if they manage to hack one of these devices.
After all, many of them store valuable information in plain text. So, if hackers can access the cryptographic keys within your IoT device, then your passwords or even your credit card details are also within their grasp.
Cryptography keeps the key secure
It’s understandable for people to overlook - or even be ignorant about - security measures in their own home. But companies have less leeway for being lax because they’re often responsible for their customer’s data - and even their welfare - too.
Right now, though, a lot of businesses aren’t protecting the code within their IoT devices. In the same Verizon report I mentioned earlier, the vast majority of respondents thought their data was valuable. But less than half said they encrypted all IoT data sent across public networks.
This will likely change in the coming months and years. Attacks other companies have suffered - and the struggle to rebuild their reputation - have shone a light.
Businesses are beginning to realise that a device they see as unimportant could be attractive to a hacker.
And more importantly, they now see that their network of connected devices is only as strong as the weakest link within it.
If you’re concerned that there might be a door ajar in your network, then robust cryptography is the best way to seal it shut. Protection measures hide the sensitive code within your devices and wider network. They prevent bad actors from gaining a foothold.
It’s the best way to make sure that our network of useful devices continues to work for us rather than for bad actors.
Code protection, cryptography, integrity control and communication hardening are key tools to achieve this. They help us to restore some of the balance in IoT between speed and security.
At Licel we provide protection for Java, Android and iOS platforms. This helps you to secure components of your IoT network so that bad actors aren’t able to benefit.
Head over to our IoT industry page to find out more about our expertize.