While most people understand the importance of security when using personal computers and smartphones, far fewer recognize the perils posed by seemingly innocuous WiFi-enabled coffee makers, networked thermostats, and other smart products from the rapidly expanding Internet of Things (IoT).
The Internet of Things is the emerging environment of everyday objects that use embedded sensors to collect and transmit data through the Internet. IoT technology can be used to solve problems, optimize existing technology, and allow more seamless and personalized user experiences. Examples of useful IoT applications include wearable fitness devices (e.g., Fitbit), home-automation products (e.g., Nest) and smart parking systems. Unfortunately, the development of IoT technology tends to focus on innovative design rather than privacy or security. IoT devices commonly connect to networks using inadequate security and can be impractical to update when vulnerabilities are found.
This is a concern because as the number of potentially vulnerable smart products increases so do the opportunities for fraudsters seeking alternate ways into otherwise secure networks. Furthermore, IoT devices often record huge volumes of sensitive data and personal information that must be protected from misuse and cyber criminals.
Internet of Everything
At this month’s Consumer Electronics Show (CES) in Las Vegas, many of the world’s leading technology companies debuted their latest IoT gadgets, ranging from a $5,000 smart refrigerator to a Bluetooth-enabled pregnancy test. According to a forecast by Gartner, the IoT will include more than 25 billion devices by the year 2020 — potentially five times more than the estimated 5 billion currently in use. Correspondingly, the CEO of electronics giant Samsung has claimed that every single one of their products will connect to the Internet by 2020, " whether it is an air purifier or an oven." The outlook is for a world where almost anything has the potential to be connected.
The IoT even has its own search engine, Shodan, which allows users to search for Internet-connected devices. The service can be used as a marketing research tool to determine how and where IoT products are being used, and to identify any associated network vulnerabilities. However, many have accused Shodan of being a tool for hackers by simplifying the process of locating susceptible entry points to networks that host such things as security cameras, routers and traffic lights.
Lack of IoT Standards
The explosive growth in the volume and variety of IoT devices has thus far exceeded the industry’s development of cohesive security standards, or a government’s ability to effectively regulate the application of IoT technology that is increasingly used in critical infrastructure such as airports, hospitals and power plants.
The European Union Agency for Network and Information Security (ENISA) has also joined the effort to improve IoT security standards by launching a 2016 policy development program that will focus on smart cars, smart airports, smart hospitals, mobile healthcare and IoT security.
Securing the IoT
Because IoT technologies increase the number of potential attack vectors on their associated networks, consumers and businesses must be careful when installing new smart devices. The following suggestions can help to mitigate IoT security and privacy concerns:
Install updates for IoT devices and related apps when available.
Disable cameras and microphones when not in use.
Disable location sharing when not needed.
Change generic factory user names (e.g., Admin, User1).
Always use strong passwords (mix numbers, upper- and lower-case letters, and special characters).
Segregate networks hosting IoT devices from those holding sensitive data.
Use a wired connection instead of WiFi when possible.
On January 4, 2016, the nonprofit WiFi Alliance announced a new WiFi standard dubbed HaLow that was designed specifically for connecting the devices of the IoT. The virtues of WiFi HaLow are said to include an extended range, lower power consumption and greater interoperability that will allow the more efficient deployment of IoT technology. Perhaps with the introduction of a new wireless standard and the continuing development of security and privacy standards, users will soon be able to enjoy the convenience of IoT technology without sacrificing security.
Contact the ACFE For more information, contact Mandy Moody, Media Manager, at (512) 478-9000 ext. 167 orAMoody@ACFE.com.