Hidden security risks: Can IoT be truly secured from external threats?

Not so long ago, computers and smartphones were the main tech devices for connectivity amongst consumers. In just a few years, this has changed drastically. Connected devices are everywhere – from healthcare/fitness devices to connected home devices – there’s even more forms when you consider connected devices for businesses. The advent of disruptive technologies like the Internet of Things is changing the way products and services are conceptualised, created, processed and delivered. The IoT technology is growing at a rapid rate as more consumers and businesses are waking up to the benefits offered by smart devices.

Today, the IoT market comprises of everything from smart doorbells, connected kettles to children’s toys. This is not only limited to smart home tech for consumers, IoT sensors are being increasingly used by businesses of all sizes across industries including healthcare and manufacturing as well. However, despite its life-enhancing and cost-saving benefits, IoT opens a back door to a security minefield and leaves a lot of us asking the question – is it even possible to secure the IoT?

This was one of the themes discussed at this year’s Mobile World Congress (MWC). IoT technology featured heavily at the trade show, with connected items ranging from a passenger drone to the next generation of smart city technology, and IoT security taking centre stage. One session focused on how blockchain might help to secure IoT devices in the future. Best known as the backbone of cryptocurrency Bitcoin, blockchain is a shared ledger where data is automatically stored across multiple locations. The indisputable digital paper trail makes it ideal for financial applications, but it could also be applied to IoT.

IoT devices increase the amount of entry points into a home or business network, which in turn could give hackers access to devices such as computers that contain sensitive data. Using blockchain technology could reduce the risk of IoT devices being put at risk by a security breach at a single point. By getting rid of a central authority in IoT networks, blockchain would enable device networks to validate and protect themselves. For example, devices in a common group could potentially stop or alert the user if asked to carry out tasks that appear unusual, such as being commandeered by hackers to carry out Distributed Denial of Service (DDoS) attacks.

IoT security and drones

Also highlighted at MWC was the importance of securing IoT technology for use by drones. Drone technology is a rapidly emerging sector within IoT and the risk of hacking could not only cause a data breach, it could also pose a major risk to public safety. Thanks to their versatile application and access to real-time data, commercial drones are used across a wide variety of sectors including agriculture, military, and construction and have even been used to deliver packages, while consumer drones have also grown in popularity in recent years. However, as with many IoT devices, security is often an afterthought leaving many drones vulnerable to hackers.

If a drone’s own telemetry data is accessed, hackers could take control of it while in the air. This could place people in physical danger if the drone was purposely crashed or hijacked to carry harmful substances such as explosives or chemical agents. A hacked drone could also be used for spying through on-board cameras, or malware could be installed enabling hackers to strip out sensitive data collected by the drone, including pictures and video.

While there is an increasing amount of drone legislation being introduced, much of the focus is on air space and where drones are allowed to fly. However, the importance of securing the network that drones submit data on should not be underestimated.

Why is securing IoT technology such a big challenge?

Securing IoT devices is challenging for a number of reasons. A rapidly increasing number of gadgets are being turned into smart devices and as manufacturers roll out new products more quickly, little priority is given to security. Eventually we could see almost every home device connected to the
Internet, not necessarily with any consumer benefit but instead geared towards data collection, which is incredibly valuable for manufacturers. A lack of awareness among consumers and businesses is also a major obstacle to security, with the convenience and cost-saving benefits of IoT tech appearing to outweigh the potential risks.

Another challenge is securing not only the IoT devices but also the networks over which their data is transferred. In the past, businesses haven’t always focused on building end-to-end security into the network. This is set to change as attitudes evolve, with 46 per cent of organisations ranking ‘securing
IoT within the organisation’ as a high priority for 2018, according to the Hiscox Cyber Readiness Report.

What happens next?

So, is it really impossible to secure the Internet of Things? While it’s certainly a challenge, the industry is developing new ways to protect IoT devices from increasingly sophisticated hackers, and there will be significant opportunities for those working in the IoT security space. Blockchain may well be part of the solution, though a group effort will be needed to ensure that IoT technology evolves in a way that is both beneficial to consumers and businesses and secure from hackers.

Education is also key and makers of IoT devices, ISPs and the government must play a vital role in boosting awareness of IoT security among consumers and businesses. At a government level, it may also be necessary to provide education to boost the digital literacy of policymakers. More regulation
and standardisation is needed to ensure that IoT devices adhere to a certain level of security, while manufacturers must develop clear privacy policies for their IoT devices and ensure that consumers know how to adjust the security settings. Even simple steps such as not setting default passcodes as ‘0000’ or ‘1234’ could help keep devices more secure in the future.

While security has too often taken a back seat in the development of IoT technology, manufacturers must begin to build protection into their devices. Network providers can also help address the IoT security threat by creating end-to-end infrastructure that meets industry-wide standards. Providers that offer a secure network will have a competitive advantage in the long run.