IoT is seen as a trillion-dollar business. From a current estimate of 15.4 billion devices, IHS Markit forecasts that the market will grow to 30.7 billion devices in 2020 and 75.4 billion devices in 2025. Annual revenues are expected to exceed $470 billion by 2020, according to Bain.
IoT devices are used in industry, logistics, and daily life. Many manufacturing plants use Ethernet and IP addressing to reduce cost and simplify construction of the plats. Such a communication architecture is even used in the Airbus A380. As long as the environment of such systems is controlled, manufacturers can reduce cost and improve the performance of inter-device communication.
In uncontrolled environments, especially where the devices are exposed to the internet, security of IoT devices becomes a priority.
The features provided by those devices can be considered useful to many people. By choosing Internet technology to have devices communicate among each other and with providers of external processing, the devices are accessible from the Internet and thus may be susceptible to attacks from the Internet. Anyone that knows the IP address and the service provided by the devices connected to the internet can connect to the device and use its service.
Before I describe the security implications, I give examples of things: Philips Hue Smart Bulbs can change colour and be switched on and off. They can be connected to home hubs and controlled from smart phone applications. Sport activity trackers communicate with smart phones, which in turn provide a bridge to the internet. Smart power plugs monitor the power use at the plug and allow connected devices to be switched on and off. The promise is that by monitoring the energy use, home owners can make their homes more energy efficient. Smart thermostats allow to monitor the power use of heating systems and to adapt the ambient temperature to the persons present. Smart locks promise to dispose of keys and fobs, controlling all locks through a smart phone.
Smart security systems can monitor houses through (night-vision) cameras, microphones, motion detectors. If the system detects something worthwhile, it will communicate with its owner and stream video or audio to one of his devices.
Smart TVs use microphones and cameras to interact with its users, enabling them to communicate with other people, e.g., through Skype, or to control the device with voice commands or gestures.
The Shodan project (http://shodan.io/) provides a search engine for internet connected devices.
What interest do assailants have in IoT devices?
While those devices may just look like normal devices, they usually contain a low-powered computer and they have an Internet connection. Often the computational capabilities are sufficient for parasitic computing tasks. They can be used as part of distributed denial of service attacks, to distribute SPAM, or to mine crypto currencies.
While each individual device may not be powerful, they are mass produced devices and in their number, they are a formidable platform. The Mirai bot net was used on October 21 to disrupt internet activity in the US by attacking the Domain Name Service. The bot-net consisted of about 100.000 nodes.
Such attacks are possible, because capturing and controlling such devices can be mechanized easily. The devices are mass-manufactured and delivered with identical software and configuration. Buyers often feel challenged and ill-informed in changing the configuration.
Other attacks involve invasions of privacy. Smart TVs, for instance, are constantly listening for their command word. An attacker controlling that device can eavesdrop on any conversation inside the room the TV is in. Attackers can also capture web cameras and capture video and audio recordings from such rooms.
Unsecured web cameras are known to be used to capture bedroom activities. Such recordings can be monetized or sold or displayed on web pages for advertisement impressions.
Devices can also be taken ransom. Shutting down a thermostat in winter and demanding ransom can put people in life-and-death situations.
Also, failures of the infrastructure can cause harm to people. Many IoT devices rely on services provided by other machines on the internet. Voice and image processing can be difficult, and it is considered cheaper to record a command, send it to a more powerful server for processing, and sending a command back to the device. This way, the cost for each individual device can be kept down and the processing power can be utilized better.
But what happens if the server fails? If a TV does not react to a command, it is inconvenient. A door that cannot be opened by its smart phone application may be a much bigger problem. Some car doors can only be operated this way in the presence of mobile phone networks. Driving into areas without one, like Iceland's high lands, may lock you out or in your car.
In other cases, thermostats shut down because their cloud service was not available and in some instances, houses were taken of the electric grid for the same reason.
## Design implications
The nature of the attacks on IoT devices and the failure modes require stringent engineering methods that most companies are not used to yet.
Governments and consumer associations demand improved security mechanisms and processes. They wish that security issues that show up after manufacturing get corrected by firmware updates for an extended time. Some even demand certified code, development processes, and security management processes, on the server side and also on devices.
Those mechanisms concern passive security. The system is hardened against attackers. A second, complementary approach is to help users secure their devices by forcing them to change access codes and to correctly configure their firewalls. Some suggest that the internet providers should help users with tracking and securing the internet
The third mechanism is to make fail-safe designs. The software on the thing must deal gracefully if part of the infrastructure it relies on is not available. A thermostat should not shut down heating if the cloud service is not available. Instead, it should choose a safe default temperature, say 25 degree centigrade. A lock may default to an unlocked state in the same situation.
Höfundur: Marcel Kyas, lector Háskólanum í Reykjavík