With IoT on the rise, it is more important than ever to ensure the security of connections and transactions, especially if lives are at stake.
The Internet of Things is ushering a new era in connectivity. While IoT used to highlight connected appliances, homes, and logistics, the stakes are growing higher, with an added dimension of safety of life and limb. With healthcare devices, automobiles, and safety systems becoming connected to the grid, any vulnerability might end up hurting people, especially if access to the technology falls into the wrong hands.
For businesses, platform owners, and even users, this means there is a need for heightened vigilance against potential threats. Connected systems should also ensure top-grade security for consumers to keep trusting their brands and platforms.
Security provider Incapsula regularly unearths several attacks targeting IoT devices, which can include both enterprise- and consumer-grade technologies such as CCTVs, routers, DMRs, and even other home and network appliances. In a blog post, Eldad Chai, VP for Product, discusses the need to secure devices, applications and APIs to ensure that data, infrastructure, and — more importantly — people will be secure from potential hazards that come from traffic-based attacks and other vulnerabilities.
In terms of authentication and encryption, the company also recommends an added level of trust through high-grade SSL certificates, which will reduce the likelihood of network traffic and access falling into the wrong hands.
Road safety means connected cars should not be vulnerable to attacks
Anyone familiar with connected vehicle systems will consider these a convenient feature for any car owner. Connected systems can include navigation, roadside assistance, and real-time diagnosis of potential maintenance issues. For consumers, the benefits are more feature-oriented. For example, Jeep’s Connect, which provides functionalities like sensor-assisted GPS navigation, digital radio, voice commands, parking assist, and more.
The downside of this is that malicious hackers can enter the system and do all sorts of mischief. In 2015, for example, automotive cyber security researchers Charlie Miller and Chris Valasek demonstrated how to remotely hijack a 2014 Jeep Cherokee through the internet. With the vulnerability, the white-hat hackers were able to remotely control the vehicle’s air conditioning system and successfully forced it to stop from highway speed — all from a laptop hundreds of miles away.
Scarier is the fact that the team could remotely control acceleration, steering, and other safety systems, which can prove to be fatal, particularly with the case of unintended acceleration or loss of control.
While Chrysler has since announced a recall for the affected Jeep models, the duo, who now work at Uber’s Advanced Technology Center, was able to find and demonstrate further vulnerabilities on the very same 2014 year Jeep. This time, though, the hacks required a physical patch or connection to the vehicle’s electronic systems. Still, this could be cause of concern if malicious hackers were somehow able to patch in.
It’s not only Chrysler who had faced headaches with vulnerabilities in their cars’ connected systems. The same team of security researchers also found security loopholes in Toyota and Ford cars. With more and more vehicles featuring internet connectivity, this exposes more users to potential risks. Thus, while internet connectivity makes it easy, for instance, for a manufacturer to push out patches and updates remotely, it can also be a source of potential dangers.
Medical devices will be cause of concern, too
If automobiles are a cause for concern, then so are connected medical devices, which a WIRED recently called the “next security nightmare” because of its potential to endanger lives directly.
For example, research has found that certain implantable defibrillators, pacemakers, and other medical electronics are prone to vulnerabilities, which can be life-threatening if left unchecked. The same goes for connected insulin pumps, which can kill a patient if administered at fatal doses.
Connected medical devices are not that all bad, as these make it easier and more convenient for medical practitioners to administer medication more accurately and without much manual involvement nor invasive procedures. Unfortunately, this very same automation is now a cause for headaches, especially for those concerned about the potential repercussions of attacks.
In some cases, the concern is not solely about the patient’s life and safety. Patient and medical data could also be stolen or compromised. For example, such IoT devices are quite easily compromised, especially if left to their default access credentials. Attackers can then inject malware into these devices or hijack them for some nefarious purposes. For devices that can be accessed, data that might be stolen could be used for identity theft; Attackers might also use such data to gain prescriptions they can sell online on the deep and dark web.
Another potential attack vector would involve ransomware, wherein attackers would encrypt the data owned by an organization — say a hospital or healthcare facility — and only unlock the contents upon payment of a hefty ransom. While such is the case in a recent attack in Texas, a more serious case would involve attackers preventing access to life-saving medical systems in exchange for a ransom, as with recent scenarios in California and Germany, which disabled the hospitals’ online systems and forced medical professionals to revert to slow and painstaking paper-based processes.
The takeaway
These vulnerabilities underscore the need to establish adequate security when it comes to authentication and encryption, and in terms of establishing best practices. Any system is only as strong as its weakest link. When connected devices become more pervasive in our daily lives, the potential risks and stakes can also be higher — especially if a bad move can cost users their lives.
Edited by
Ken Briodagh
