« Digital Devices: Insurance Agents of Tomorrow | Main | Cell Phones Change the Way Money Moves »

April 2, 2015

With the Internet of Things Comes Hidden Risks

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 9:07 AM

CyberPatriot Prepares Students to Protect the Internet of Everything [Source: https://www.youtube.com/watch?v=u1tBJNdZQuc]

Of all the unsettling stories of our Internet age, perhaps none is creepier than computer miscreants hacking into home video cameras or security systems. Whenever I hear an expert or colleague sing about the merits of the Internet of Things (IoT), I remind him or her of their home security systems that could be hacked by creepy outsiders. The story, though unsettling, puts things in perspective. That is, as wonderful as the IoT will be for our personal lives overall, what with all the conveniences involved, we have made a deal that is a formidable one - one in which our privacy and security is forever compromised.

That's why we have to be more vigilant - like it or not. Convenience and the wonders of technology come with a price. Besides, the IoT is already just about everywhere. There are nearly five billion connected things and this number could climb to 25 billion by 2020, according to the folks at Gartner. Now it is true that the IoT promises a smoother life, such as the ability for consumers to keep track of their groceries and energy consumption on their cell phones. We will even receive alerts when milk is running low. Everything, including our homes and our heartbeats (did you see the recent Apple iWatch event?) will be monitored to make our lives more flexible and downright easier.

Then there is the not totally unrelated topic of privacy. Companies convert information to valuable knowledge about our every move. They open personalized advertisements on various smart gadgets similar to the online users on websites in the name of personalizing the shopping experience. Another school of thought goes something like this: Such uses of the IoT are invasions of privacy. Security is an offshoot of privacy. Or maybe more accurately I should be framing my argument as the universal right to privacy and security. Right now, some intruder is getting ready to out-smart TVs, thermostats, home automation hubs, alarm systems and other common domestic devices including fridges, ovens, door and window sensors, motion detectors, video cameras and recording mechanisms. Why? Well, these gadgets are all connected via the cloud to a mobile device or the web. Any web technology is hackable. Cyber intruders can access home video cameras or security systems remotely, without the owner's knowledge.

Some people say that IoT is actually worse than an insecure space as it is typically based on the solutions that links network, application, mobile, and cloud technologies together into a single ecosystem. Hackers love to intrude because of weak passwords, insecure password recovery mechanisms, and poorly protected credentials. Valid user accounts can be identified through feedback received from reset password mechanisms, credential input and sign-up pages. Transport encryption is essential for all communications that travel across the Internet to protect sensitive data. Otherwise it is a cakewalk for the hacker. To help manufacturers, developers, and consumers better understand the security issues associated with the IoT, the Open Web Application Security Project (OWASP) is a project designed to enable users to make better security decisions when building, deploying, or assessing IoT technologies.

As we all prepare for an interconnected future, businesses and governments must come up with new laws and policies. And they must keep up with developments. The European Union, for example, outlined such measures in its report on 'IoT Privacy, Data Protection, Information Security.' One recommendation is to develop privacy-friendly default settings on IoT products and services that would give users more control over what information is shared with others. Furthermore, it suggests that IoT networks give individuals the rights to their own data.

Now if we could only track down the miscreants who hack home video systems!

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Search InfyTalk

+1 and Like InfyTalk

Subscribe to InfyTalk feed

InfyTalk VBlogs: Watch Now

Infosys on Twitter