Identifying the biggest IoT vulnerabilities
The fact that billions upon billions of devices are becoming connected to the IoT every day makes user security a serious issue on many levels
The Internet of Things (IoT) is growing at a tremendous rate, but so too are criticisms of its security risks. As a commercially motivated technology, IoT does not always seem to be developed with user security in mind. The fact that billions upon billions of devices are becoming connected to the IoT every day makes this a serious issue on many levels.
What is IoT and how does it work?
Much like the Internet itself, IoT operates through the connectivity of a network of devices. These devices can be anything from mobile phones to smartwatches or kitchen appliances so long as they are internet-enabled.
These devices use sensors to monitor their surroundings in a specific way. For instance, a smartwatch designed to aid with fitness (such as a Fitbit product) can use its sensors to monitor the wearer’s heart rate; a smart fridge can be designed to monitor stock levels; and so on.
This data is then usually transmitted to a host of some description via an IoT gateway. From there, it can be transferred to a cloud server, a user interface, or a business app. At this point, the data is ready for analysis.
While certain IoT-enabled devices collect data on human activity (such as wearables), the system is mostly designed to operate independently of human interaction. As such, it is a system of collecting data with greater accuracy and with less manpower than in traditional data-collection systems.
The service and benefit to the customer
Similar to the use of web cookies in digital marketing, the IoT can be used to provide a more personalized customer experience. Sensors attached to a product can send information to businesses regarding customer usage preferences. The business may then follow up with personalized messages offering tips based on the users’ habits.
This then extends to the development of new products. If the data shows that one of your products contains a feature that nobody ever uses, you can simply remove it from the next model. This creates space for new features, or for the development of existing features that have proved popular.
IoT sensors also enable the collection and transmission of real-time data, which is often utilized in e-commerce. One example is the track-and-trace feature engaged during deliveries, which provide automated alerts to users whenever their delivery reaches a certain stage, such as boxing, dispatch, and out-for-delivery.
Business model and how does IoT impact the bottom line
The latter point on real-time data is integral to any business model that has been built on IoT. Amazon has led the way in demonstrating this by attaching sensors to packages and, controversially, employees in order to monitor productivity levels.
Debated though the company’s adoption of IoT in the workplace may be, there are certain models that are implied by these methods. Kitchens, for instance, can utilize smart fridges to trigger alerts when stock levels are low. Methods such as this could be of huge benefit to employee productivity.
The kitchen example also reveals another part of the business model: saving time, which saves money. Grocery stores, for another example, could employ a similar technology to cut down on the amount of time spent on stocktakes.
Ubiquitous data in IoT-based business models also allow for newer business models to be tested more effectively; it can demonstrate results much more quickly than with traditional systems. Indeed, each of these examples leads to a similar conclusion of time- and money-saving through the negation of human interaction.
IoT vulnerabilities: security
Many of the security vulnerabilities faced by the IoT are similar to that of ordinary devices such as laptops. It is worth comparing IoT directly to public wifi: every device that connects to a particular hotspot becomes mutually interlinked, which makes it easy for hackers to infiltrate nearby devices.
As mentioned, the IoT data is collected through a single gateway, so every IoT-enabled device in your house or work environment is connected via the same network. Hackers can thus proceed in the same way; they only need to gain access to one IoT-enabled device, and they’re free to infiltrate every other device on the same network.
What’s more, IoT devices often require account verification of their users. This means that personal and personally-identifiable information will likely be available on any number of IoT devices in your network.
Reusing email addresses is unavoidable, but chances are you’ve reused a number of passwords on many of your accounts. Should a hacker gain access to one of your passwords by hacking your IoT network, they can then use this, along with your email address, to hack other accounts not linked to the same IoT network.
IoT vulnerabilities: privacy
Once a hacker has infiltrated your IoT network, they are then able, if they wish, to leak your information publicly. Not only does IoT connectivity present the risk of DDoS and leaking attacks, then, it is also a major privacy concern.
Webcam-enabled IoT devices are particularly suspect: once hackers have penetrated the relevant network, they can install malware that allows them to remotely activate the IoT-enabled devices on that network. This includes activating webcams and monitoring them remotely—a risk that has become a major concern for webcam-enabled children’s toys.
Another privacy-related issue emerges from the fact that companies that own, develop, or remotely monitor IoT devices may have unsavoury intentions for the data their devices collect.
As has become increasingly apparent in recent years, companies are often very eager to sell user data and turn a profit, and because many IoT networks exist in people’s homes or other private spaces (such as anywhere you’ve worn a smartwatch), there is a definite risk of information being sold off that you would much rather keep private.
Alternative to IoT
Many of the vulnerabilities detailed above are caused by IoT data being transmitted to remote servers that the user often does not control or have access to. Developers of IoT alternatives have focused on this problem in particular.
One such alternative is machine-to-machine (M2M) connectivity. This was, in fact, the basis for IoT, which makes it seem too obsolete to be a true alternative. There are, however, benefits to keeping it old-school.
Unlike IoT, M2M does not need to connect to a larger network; quite often, data transfer is conducted through ethernet connections and does not need to use any internet protocols whatsoever.
As such, it essentially creates a hardware-based, closed-system network that can only (usually) be compromised through physical attacks. This is a great privacy move, as it largely negates the risk of eavesdropping from the company that produces the devices you’re using.
M2M networks can also store data in the cloud, which allows the collated data to be analysed remotely. This, of course, requires the use of the Internet Protocol (IP) which, once again, presents the risk of network hacking. In those instances, though, there are plenty of cloud-based applications, such as MEGA, that allow stored data to be fully encrypted.
M2M may be the safer option overall, but as mentioned, the moment you connect to the cloud is the moment you become vulnerable to hacking attempts. As such, even when you’re using M2M, it is essential to arm your network with a virtual private network (VPN).
This disguises your real IP address and encrypts your data traffic as it is transferred over the internet, keeping your identity untraceable and your information secure. Some of the best VPN providers include NordVPN and ExpressVPN, though it is worth reading a few reviews to see which provider is most likely to serve your needs.
Very few VPN providers have custom apps for, say, fridges, so if you’re still committed to using IoT, it may be worth protecting your entire network with a VPN router. This essentially works in the same as with single-device VPN connections, but it means that every data packet that comes from your network will be fully encrypted before it is transferred to the Internet.
Alex Mitchell – Cybersecurity expert, WordPress guru, data privacy and safety tools tester with over 10-years of experience. Freelance writer and marketing manager @ VPNpro.