Billions of devices connected to the Internet are out there. As you read this paragraph, they are talking interacting, exchanging information at lighting speeds. This also means that the Internet of things is creating a huge tide of data along with the growing number of connected devices. The catch here is that the vulnerabilities are also arising, at times larger than this data tide itself. With that being said, we must set our focus to this widespread explosion of connected devices in the public domain that generate data and those who eat on it by leveraging its vulnerabilities. Thus the word “Hacked” comes into picture.
Is a hack good, bad or ugly?
Let’s take a quick dip into the consequences of a hack.
Not so good: The word hacking or hack needs no introduction. Most of the times, they are always associated with extraction of valuable information or changing the programmed behaviour of a device. They (hackers) are here to prove that such attacks are possible. Hackers sure know that forced intrusions do damage on the security and the ecosystem built on software at an unprecedented level and most of them usually go undetected.
The bad: Your computers, phones laptops, tablets, wearables etc. are vulnerable data rich sources. Devices that carry important information information could be manipulated and used in the most benign way or the most diabolic way if the perpetrator wants to.
The Ugly: In case of a breach in an unsecured environment, two things can happen. One is the loss of personal data and the other one would factors that can lead to may be a life-threatening situation. Smartphones, wearables, open networks and anything out there in the open will get attacked and used.
Hand picked devices that can get hacked
Let us have a look at certain simple devices and appliances apart from the usual computers and smartphones that can fall prey to security holes.
- Connected toys
- Kitchen alliances
- Connected Cars
- Health monitoring
- Smart Lighting systems
Yes, Toys. There are many stories across the world that connected toys claimed to have been extraction points of data of their owners. Insidious it may seem, but is it really possible to steal a child’s name, birth date and gender, along with other data? There are apps associated with the toy for generally improving its interactive capabilities with the person or the child in this case whose personal information may fall into the vulnerable zone. Now the hacker can chart out whole profile through this once he has hacked through. These hacked toys continue to monitor without the owner knowing.
Kitchen appliances can become slaves to hackers who can control them like zombies. Hackers turn these appliances into bots, controlling them at the tip of their fingers while extracting information through them once the home network is compromised. Hackers have been known to use simple malicious Microsoft Word document that can install viruses and be used to break through the firewall. Most of the time even the authentication factors fail and unsuspecting users end up with infected home appliances (smart refrigerators etc.).
Probably the only option to gain immunity is to program appliances that talk to each other and dismiss data packets coming from an external network or even the Internet and save them from being hacked.
Apart from driving habits being monitored, connected cars also face the threat on disablement by remote hacking. There have been reports that experts have even succeeded in hacking the tyre pressure and disabling brakes too. Now we can imagine the harm and havoc on a highway or a tunnel, handling high-speed transit, that can lead to huge collateral damages even if one single car gets attacked.
There are some remedial measures that could be followed while buying a car though. One is to cross check with the car vendor that they have installed the most reliable and reputed wireless systems in the car. Aftermarket connected devices and wireless systems are something that must be dealt with caution as they could be hacked quite easily. Cars could also be equipped with automatic shut down. Such wireless control factors must be made secure with adequate authentication and security in place to shield them from being hacked.
Internet of Things is playing a vital role in the health sector. Convenient data procurement, wireless data transfer, ergonomics of devices coupled with real time connectivity and growing medical data has opened up a universe of unlimited. Using analytics and trend comparison, users today receive information and suggestion for a good living which otherwise would have made us all wait in a queue until we get an appointment from our physician.
Ironically, it may seem that the bad guys have eyes all over the health sector too. It could be a matter of time until we know that they could be working on directly controlling the connected devices that are attached to the body. A concept called Body-Adapted Wearable Electronics is becoming the future of such health monitoring devices. With capabilities to monitor health stats and probably administer drugs all by itself, they would fast replace heart rate monitors, wearable and wristbands etc. Virtually implanted into our body and tactically invisible, If a hacker was to take over such systems, they could easily threaten large group or individuals who are connected to these devices. Let us keep our fingers crossed, as we are assured there have been no documented occurrences of such attacks till now.
Smart Lighting systems
It is possible to cut power into a power line into any building or a house via a wireless mode. Smart lighting systems are mostly designed around mesh networks. They come with power cables and fixtures and communication nodes that are all intertwined with each other. To overpower the controls and take charge of the entire electrical system, could lead to worst conditions such as a complete lock down of the house or a building.
We need to get things right!
We need to be knowledgeable in order to avoid risks that revolve around security. One need not be a cyber security expert but knowing certain ways of keeping ourselves and the devices safe against remote physical attacks and hacking attempts always helps. One could start by fortifying the passwords associated with the authentication on applications or associated smart appliances. The other one would be making sure that these devices are bought from reliable sources.
One of such ways is to implement a management protocol called OTrP that is designed to protect mobile computing devices from malicious attack. This protocol is interoprable in nature and is currently used in eCommerce platforms. The Security arcitecture is well suited for public domain too where large volume of smart phone users exist.
The protocol paves the way for an open interoperable standard to enable the management of trusted software without the need for a centralized database by reusing the established security architecture of e-commerce. OTrP also capable of RSA cryptography.
With all this being said, there always exists a catch to the story. Experts round the world still claim that ninety nine per cent of the devices are vulnerable.
The author is a Technology Journalist at EFY group