By Jim Carlsson
With each device that is connected to the internet comes a new opportunity for cyber-criminals to exploit and new ways for hackers to attack. With the Internet of Things struggling to come to terms with the security challenge, Jim Carlsson, CEO of Clavister, asks if it is really wise to connect ourselves to the internet without pause for thought.
If you haven’t encountered the phrase before, the Internet of Things is the expanding network of interconnected, internet-enabled devices. To give you an idea of scale, this means that controllers for central heating, lighting and a variety of household appliances – from the fridge to your home security system, your satellite TV box, desktop, laptop, mobile and tablet – all have the potential to be talking to each other, communicating to a variety of third parties, and to be controlled from a centralised device. In short, more facets of our lives are being connected to the internet.
Undoubtedly, this level of connectivity offers a plethora of opportunities to propel us towards a more sustainable and energy efficient society as greater control, analysis and insight is presented to consumers and businesses alike. However, it should come with a caveat: the more devices that become internet enabled and the higher the level of connectivity between those devices, the greater the opportunity is for hackers to cause damage and disruption.
Indeed, we have already seen attacks that exploited both ’smart’ household devices and conventional computers. Late last year more than 100,000 consumer devices, including an internet-connected refrigerator, smart TVs and multimedia hubs, were exploited to send more than 750,000 spam and phishing emails. And only this month it was reported that security experts had demonstrated that internet connected light-bulbs could be hacked, disrupted and leave an entire household or business’ network vulnerable.
[ms-protect-content id=”9932″]The possibility that our technology will become increasingly connected and entangled may seem farfetched, and the prospect of a criminal using nothing more than a computer to flood a home an idea from science fiction. As preposterous as the concept of ‘the Internet of Things’ may sound, it is inevitably going to come – as is the increased threat from hackers.
As a result of this inevitability we should perhaps have greater trepidation about the news that Google Glass can be connected to an ECG scanner, allowing for the device to be controlled with zero physical input and used simply by thought. There is no getting away from the fact that this is a great innovation and a huge technological advancement, with an array of potentially life changing implications for people suffering from a range of medical conditions. However, it would be unwise to be swept away in the euphoria without giving serious consideration to the potential implications of connecting our physical selves, our thoughts and our actions to the internet.
Any device that is connected to the internet is a potential target for a cyber-criminal, so who is to say that our actions could not be subject to a hack through wearable technology such as Google Glass? If a connection can be established from our thoughts to a web-enabled device then in essence we are potentially connecting ourselves to the internet and placing ourselves at risk of a hack.
This may seem preposterous but we have already seen that where an appliance is connected to the internet hackers find ways to exploit it. Hackers go to great lengths to attack a network and infiltrate even the most stringent of security defences. It is not unthinkable that a piece of wearable technology, connected to the internet, could be interfered with – causing disruption to both our lives and actions.
Whether this would be possible is of course speculation, but it surely has to be part of the conversation before we start freely connecting ourselves to the tangled web of the internet. The technology is of course in its infancy – as is the Internet of Things in general – but ensuring the security of both of these technological advancements must be placed at the heart of their development.
As things stand, securing the IoT remains challenging and requires advanced technology, in the form of embedded security, to tackle the issue. Embedded security is the concept of reducing the data footprint of more robust security technology, enabling it to be embedded into a range of appliances without any impact on processing speed and thus resulting in a range of devices operating on distributed but secure environments. While the technology does exist, it is still an issue that appliance manufacturers are coming to terms with.
Given the complexities of securing a household appliance it would be safe to assume that securing the connection between ourselves, a device, and the internet will be an even more difficult task. As the issues and implications of our increasingly connected lives are still being discovered, it would certainly seem unadvisable to throw caution to the wind and connect ourselves to the internet too.
We can say with a degree of certainty that if attacks against smart devices have begun, they will only escalate. Securing this explosion in device numbers – or indeed human beings – will be critical. Failure to do so might just be catastrophic.
About the Author
Jim Carlsson has more than 20 years of experience from the IT industry. Before Clavister he worked for Intel Security where he was Vice President for the Network and Security Business Unit in Europe, Middle East and Africa. Prior to this, he was CEO and Co-founder of identity and access management vendor Nordic Edge, which was acquired by Intel/McAfee in 2010.
[/ms-protect-content]