printer friendly version

No security required

The start of the year always brings out a host of predictions about everything. Sometimes the predictions are worth reading, but many predictions are quite predictable and repeated ad nauseam.

One of the predictions for this year is the growth of the Internet of Things (IoT), the connection of everything you can think of to the Internet. And while the growth of IoT is nothing new or mind blowing, the extent of the growth and the things that are touted to be connected is interesting. Analyst group Gartner, for example, says “6.4 billion connected things will be in use worldwide in 2016, up 30% from 2015, and will reach 20.8 billion by 2020. Meaning 5.5 million new things will be connected every day this year.”

This connectivity will have a dramatic impact everywhere, including areas Hi-Tech Security Solutions covers, such as building management and smart cities. Homes in First-World countries are also being connected and are becoming ‘smart homes’. Of the many benefits IoT delivers, will be the ability to analyse data from these devices and proactively act on that data, whether it be security data or information designed to convince you to buy something you don’t need.

The unfortunate reality of the IoT is that security has not been built into the concept, with the result that we will see almost endless back doors onto personal and corporate networks. Of course we can expect many people to jump on the security bandwagon to scare people and sell their own products or services, but the threat is real.

To understand the scope of IoT, simply browse over to www.shodan.io. Shodan is a search engine that promotes itself as the world’s first search engine for Internet-connected devices. On the front page it informs one that you can search for power plants, refrigerators, IoT, webcams and more.

And while the site has many totally legitimate uses, including the ability to search for the products you manufacture, discover who is using them and where, the site is notorious for exposing things one doesn’t want exposed, personal web cameras being one of them.

The site’s introduction provides a few search examples, such as ‘webcam’ or ‘default password’ and so on. If you don’t want to go onto the site and search for stuff yourself, simply read this article in ars technica: http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/ (short URL: http://goo.gl/wuF4CZ). You can see an image of a baby sleeping in a crib in Canada, a schoolroom in China, and more on shodan.io itself.

The reason for most of these intrusions is not that the systems can’t be secured, it is simply that installers, whether home users or professionals, just couldn’t be bothered to set or change the default passwords, inviting the world in. Of course security goes further than that in the IoT world, but you have to start somewhere and the point has to be educating people to take responsibility for their own security as far as is possible.

If you’re involved in the IoT, and who won’t be, it may be worth looking at a report from the Federal Trade Commission in the USA, titled: ‘Internet of Things: Privacy & Security in a Connected World’( https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf, short URL: https://goo.gl/xaDRoy).

Otherwise, enjoy the February issue and let us know what you think of the new cyber security feature – e-mail us at [email protected]

Andrew Seldon

Editor

Share this article:

Further reading: