Menu

M2M FEATURE NEWS

As the World Moves Toward Ubiquitous Connectivity, It Is Time to Ramp Up Trust

By Daan Pepijn June 20, 2017

With IoT on the rise, it is more important than ever to ensure the security of connections and transactions, especially if lives are at stake.

The Internet of Things is ushering a new era in connectivity. While IoT used to highlight connected appliances, homes, and logistics, the stakes are growing higher, with an added dimension of safety of life and limb. With healthcare devices, automobiles, and safety systems becoming connected to the grid, any vulnerability might end up hurting people, especially if access to the technology falls into the wrong hands.

For businesses, platform owners, and even users, this means there is a need for heightened vigilance against potential threats. Connected systems should also ensure top-grade security for consumers to keep trusting their brands and platforms.

Security provider Incapsula regularly unearths several attacks targeting IoT devices, which can include both enterprise- and consumer-grade technologies such as CCTVs, routers, DMRs, and even other home and network appliances. In a blog post, Eldad Chai, VP for Product, discusses the need to secure devices, applications and APIs to ensure that data, infrastructure, and — more importantly — people will be secure from potential hazards that come from traffic-based attacks and other vulnerabilities.

In terms of authentication and encryption, the company also recommends an added level of trust through high-grade SSL certificates, which will reduce the likelihood of network traffic and access falling into the wrong hands.

Road safety means connected cars should not be vulnerable to attacks
Anyone familiar with connected vehicle systems will consider these a convenient feature for any car owner. Connected systems can include navigation, roadside assistance, and real-time diagnosis of potential maintenance issues. For consumers, the benefits are more feature-oriented. For example, Jeep’s Connect, which provides functionalities like sensor-assisted GPS navigation, digital radio, voice commands, parking assist, and more.

The downside of this is that malicious hackers can enter the system and do all sorts of mischief. In 2015, for example, automotive cyber security researchers Charlie Miller and Chris Valasek demonstrated how to remotely hijack a 2014 Jeep Cherokee through the internet. With the vulnerability, the white-hat hackers were able to remotely control the vehicle’s air conditioning system and successfully forced it to stop from highway speed — all from a laptop hundreds of miles away.

Scarier is the fact that the team could remotely control acceleration, steering, and other safety systems, which can prove to be fatal, particularly with the case of unintended acceleration or loss of control.

While Chrysler has since announced a recall for the affected Jeep models, the duo, who now work at Uber’s Advanced Technology Center, was able to find and demonstrate further vulnerabilities on the very same 2014 year Jeep. This time, though, the hacks required a physical patch or connection to the vehicle’s electronic systems. Still, this could be cause of concern if malicious hackers were somehow able to patch in.

It’s not only Chrysler who had faced headaches with vulnerabilities in their cars’ connected systems. The same team of security researchers also found security loopholes in Toyota and Ford cars. With more and more vehicles featuring internet connectivity, this exposes more users to potential risks. Thus, while internet connectivity makes it easy, for instance, for a manufacturer to push out patches and updates remotely, it can also be a source of potential dangers.

Medical devices will be cause of concern, too
If automobiles are a cause for concern, then so are connected medical devices, which a WIRED recently called the “next security nightmare” because of its potential to endanger lives directly.

For example, research has found that certain implantable defibrillators, pacemakers, and other medical electronics are prone to vulnerabilities, which can be life-threatening if left unchecked. The same goes for connected insulin pumps, which can kill a patient if administered at fatal doses.

Connected medical devices are not that all bad, as these make it easier and more convenient for medical practitioners to administer medication more accurately and without much manual involvement nor invasive procedures. Unfortunately, this very same automation is now a cause for headaches, especially for those concerned about the potential repercussions of attacks.

In some cases, the concern is not solely about the patient’s life and safety. Patient and medical data could also be stolen or compromised. For example, such IoT devices are quite easily compromised, especially if left to their default access credentials. Attackers can then inject malware into these devices or hijack them for some nefarious purposes. For devices that can be accessed, data that might be stolen could be used for identity theft; Attackers might also use such data to gain prescriptions they can sell online on the deep and dark web.

Another potential attack vector would involve ransomware, wherein attackers would encrypt the data owned by an organization — say a hospital or healthcare facility — and only unlock the contents upon payment of a hefty ransom. While such is the case in a recent attack in Texas, a more serious case would involve attackers preventing access to life-saving medical systems in exchange for a ransom, as with recent scenarios in California and Germany, which disabled the hospitals’ online systems and forced medical professionals to revert to slow and painstaking paper-based processes.

The takeaway
These vulnerabilities underscore the need to establish adequate security when it comes to authentication and encryption, and in terms of establishing best practices. Any system is only as strong as its weakest link. When connected devices become more pervasive in our daily lives, the potential risks and stakes can also be higher — especially if a bad move can cost users their lives.




Edited by Ken Briodagh

Contributing Writer

SHARE THIS ARTICLE
Related Articles

Kudelski Group and Sequans Partner for NB-IoT Connectivity

By: Chrissie Cluney    7/16/2019

The Kudelski Group and Sequans Communications, a provider of LTE for IoT semiconductor solutions, reportedly has created a secure connectivity solutio…

Read More

Solar Energy and Cellular IoT in the Spotlight at AWS Summit

By: Ken Briodagh    7/16/2019

Eseye and SolarNow showcase power of connected technology to change lives

Read More

LoRa Devices Simplify Food Safety for Restaurant Operations

By: Ken Briodagh    7/15/2019

Laird Connectivity and Semtech LoRa-based smart temperature monitoring solution saves as much as $50,000 worth of inventory

Read More

Inseego's Rugged Skyus 500 Router Named IIoT Product of the Year

By: Ken Briodagh    7/12/2019

Industrial IoT router, purpose-built for harsh conditions, features gigabit LTE-A Pro connectivity and future-ready design

Read More

Crate.io Receives 2019 IoT Evolution Industrial IoT Product of the Year Award

By: Ken Briodagh    7/12/2019

CrateDB Cloud for IoT honored for exceptional innovation in managing and scaling industrial time-series data across a multitude of businesses and use …

Read More