A recent survey of over 400 global IT security pros revealed that fears over the security of connected devices has risen sharply since last year, writes Peter Reid, executive head of Intervate.
In all, 86% of respondents to security analysts Pwnie Express’ survey said they were worried about device threats – with 50% either ‘very’ or ‘extremely’ concerned. Many had even witnessed attacks first-hand.
Connected, smart devices are rapidly advancing into almost every area of our lives: our homes, our cars, our offices, and even our bodies. Most market commentators forecast tens of billions of connected devices by the end of the decade.
However, while we remain in a state of enchantment over the possibilities of The Internet of Things (IoT), too few consumers and businesses are stopping to think about the critical security concerns the IoT revolution brings.
A fundamental adage of security is that the more devices you have connected to a network; the more vectors of attack are exposed.
Although one of the biggest drivers of IoT adoption is sharply falling costs, the repercussion of this is that many connected sensors and devices are stripped down to the bare minimum – with insufficient consideration for encrypting and protecting those devices.
Not just a ‘dumb sensor’
As consumers we forget that even the most basic sensor is actually a small computer, a fully-fledged ‘Von Neumann device’ with its own processing and integration capabilities. By recognising this reality, we see that any connected object can potentially be hijacked and used for malicious purposes.
Vulnerabilities abound wherever these devices are connected to wireless networks: whether that’s Bluetooth, NFC, WiFi, 3G, or any other form of wireless protocol.
Many ask what the real risk would be, if somebody – for example – was able to hack into my home thermostat or my connected toaster?
While it’s obviously unlikely that anyone would want to hack into your connected home infrastructure to change the temperature of your living room or burn your toast; that wouldn’t necessarily be the attacker’s end-goal.
Attacks often work in a progressive manner, where one small breach can open up opportunities to penetrate other areas of the network, and cause more damage. Attackers might compromise a printer on a corporate network, to sniff for passwords that would then enable them to configure their own admin-access.
So, the printer, or the thermostat, might just be the first step in a long chain of progressive breaches.