IoT: The (w)hole story
Whether a filing cabinet, a PC or a mobile, security risks are always there. Just that millions of connected devices on immature platforms means more loopholes for breaking into your privacy, data and gosh wealth too! Here are some of the new security risks posed by the IoT era:
1. Many connected devices use chips with outdated operating systems (OS) and software, and hardly provide updates, mostly because the hardware might not support newer OS. End-users have no idea what OS their device is running and is therefore unable to judge how secure their device is.
2. While cameras are usually installed for security, sadly sometimes their own security is compromised, as in the case of TRENDnet, which sold cameras with faulty software that enabled private camera feeds to be viewed on the Internet by anybody who had the camera’s IP address! The case was resolved in the US early this year. There is even a search engine to find connected devices and cameras! Shodan enables you to search for devices, and thereafter one can watch the video captured or other data related to the device if it is insecure.
3. According to an article by a security specialist on Symantec’s official blog, several of LG’s new connected television models track user’s TV watching patterns and send the data back to the company, to customise advertising for customers. However, an error in the system caused the TVs to continue collecting data even when the feature was switched off, causing the company to work on a firmware update to correct this problem. Fortunately, in this case the company has been transparent in admitting the problem and developing a solution for it. In many cases, smaller manufacturers hardly bother about upgrades and patches to existing products!
4. The home router, which is the gateway between your connected devices and the outside world, is another key point of vulnerability. It is on almost 24×7, and it is important to secure it properly and to check for updates on the manufacturer’s site.
5. Many smart devices, including smart meters, do not usually send data directly to the service provider or utility. Often, it is collected at a local data collation hub (say, another smart meter) before being sent. This device is a point of vulnerability and needs to be properly secured by the service provider.
6. Data being collected constantly from thousands or even just hundreds of devices means Big Data, and is usually stored and processed on the Cloud by service providers, which makes the Cloud another potential candidate for cracking! This too needs to be secured.
Users need to be aware that everything from a connected toothbrush to an automobile can be cracked into—and there is value in the data collected from each for concerned parties. Hence, as the number of connected devices in your life burgeons, take an hour out once in a while to do a security audit, and perhaps install any updates or patches provided by manufacturers.
The author is a technically-qualified freelance writer, editor and hands-on mom based in Chennai.