Privacy & security concerns threaten to derail the Internet of Things
Privacy & security concerns threaten to derail the Internet of Things

The Consumer Electronics Show (CES) in Las Vegas this week has already served up several inter-connected devices with their own embedded sensors to connect to the Internet and other devices.

Show floor visitors have got their hands on Skype-connected baby monitors; Bluetooth-enabled meat thermometers and ‘smart' ovens, refrigerators, fitness trackers and home automation systems. Google has got in on the act too – unveiling an alliance with car-makers Audi, GM, Hyundai and Honda with the aim of getting Android-connected cars on the road. Elsewhere, chip behemoth Intel showed off the tiny Edison microcomputer which could well feature on future wearable devices.

It's perhaps unsurprising then that Cisco expects this trend to grow in the next few years. The firm has previously predicted that the number of internet-connected devices will grow to 25 billion in 2015 and 50 billion by 2020. The market could grow in value up to £11.5 trillion (US$ 19 trillion) in the next few years, according to CEO John Chambers.

"The internet of things is having its breakout year and this year it will become a mainstream ecosystem and set of technologies," said independent consultant Larry Downes, when speaking at the conference.

However, this latest buzzword in the technology world isn't immune from privacy and security fears, and questions are now being asked if these latest and greatest gadgets will be susceptible to leaking data, or being hacked from cyber criminals.

Concerns rise

Infosec experts have already been quick to dampen expectations around the new trend.

“You can expect dumb things will get smarter in 2014,” said Symantec researcher Kevin Haley recently. “With millions of devices connected to the Internet – and in many cases running an embedded operating system – in 2014, they will become a magnet for hackers.

“Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we've seen baby monitors attacked.” Haley also raised concerns that some of these manufacturers haven't sussed out when they have a security problem.

Meanwhile, John Thielens, Chief Security Officer at global software and services provider Axway, believes that IoT could offer up new opportunities to hackers, one of which was able to infiltrate a baby monitor just last year.

“What's interesting is how the bad guys make a business out of this,” he told SCMagazineUK.com.

“Maybe they derive intelligence [from the devices] so that they can see when the heating's off, or when a door's been opened, to know when you're away from home. Or maybe they could correlate your phone with your house. It's the new way of casing the neighbourhood -- cyber criminals are breaking into the physical world.

Thielsen, who added that cyber criminals could even hack connected cars to turn them into moving weapons, added that IoT hardware makers need to change their philosophy towards security, and said that privacy expectations could too shift as a result of new government legislation.

“This is one of the biggest challenges,” he said of hardware makers. “If hardware makers get into the connected devices realm they need to think of themselves as software makers for security and maintenance.  There's no culture there [with hardware makers] for diligence and security,” he added, suggesting that many of these manufacturers would need to adopt the approach Microsoft takes with Patch Tuesday.

On the subject of privacy, the Axway CSO went onto say that consumer attitudes will change, most likely as a result in new legislation.

“The expectations on what privacy is will change,” he said, adding that people will be fine with seeing personalised ads based on their viewing habits, but less so on continued government surveillance. “I think government policy will evolve along with this.”

New attacks will be hard to defend against

James Lyne, global head of security research at Sophos, told SCMagazineUK.com that the biggest security concern circling the Internet of Things is that forthcoming attacks will be unknown and, as such, harder to defend against.

“Many have been quick to cast the Internet of Things as the next big security issue, though with little specificity as to what problems may actually exist,” he said.

“In reality, the biggest problem is the fact that today these security issues are generally unknown. Many of these new devices are exposing new sensors and integrating technology in creative ways which could allow digital attacks to have greater power and impact in the physical world. For example, being able to connect into and manipulate fridges, ovens, your domestic electricity, TV (or to add colour, any number of camera-enabled devices) opens up the possibility not only of new types of privacy invasion but also impact on life.

“Future devices could expose more serious privacy or security-compromising functionality. Many of the new devices I've seen so far often feature significant security regressions.”