5 Ridiculous (But Real) Reasons IoT Security is Critical

Security

“Why do I need a digital certificate for my toaster?” you might wonder. Let us explain.

The Internet of Things (IoT) is expanding at a breakneck rate. Every day, more devices connect to the internet, providing new attack vectors for enterprising hackers and cybercriminals. On the surface, securing your thermostat or a FitBit could seem ridiculous. You’d be mistaken.

Consider the FitBit example: thanks to the routes soldiers took when jogging around the perimeters of the camps, foreign intelligence services were able to locate many US black sites using geolocational metadata.

Granted, most IoT exploits don’t have the same life-or-death implications as compromising a black site’s position, but that doesn’t mean the danger shouldn’t be taken seriously.

Your IoT devices can tell people a lot about you and your property

Most IoT devices must communicate with an application server at regular intervals, in addition to potentially hitting other endpoints, and this essentially comes down to privacy. And the other way around. Those connections must be encrypted, or else the system would transmit everything in plaintext, making eavesdropping on those connections trivially easy.

“Yeah, but what is anyone going to learn from my thermostat and smart lights?” you may wonder.

How about if you’re at home? An intruder has more data points the more unsecured devices you have. Consider how much data might be gathered by listening in on your vehicle, your smart home, or something else connected to the internet.

Quantum physics, man

Quantum computing is still 8-10 years away from being a reality. However, it will come before many of these devices have completed their lifecycles. But you’ll need a digital certificate for your IoT devices right now, as well as one that will be quantum-proof when the technology matures in around a decade.

Typically, this takes the form of digital certificates, which are backed by two algorithms: a modern one like RSA and a quantum-proof one for the future. This is significant because quantum computers would be able to easily decrypt RSA encryption, rendering most existing IoT certificates obsolete. But getting a digital certificate on your IoT devices – preferably one with a long validity period – isn’t enough. You’ll need the appropriate one. One that can endure the challenge of quantum computing, which is unavoidable.

Because eventually, the IoT is going to rise up and kill someone

Although an uprising on the scale of Skynet is impossible, the stakes are that as more and more vital systems come online. Not even ten years ago, the United States and Israel “allegedly” worked on the Stuxnet virus, which physically overheated Iranian nuclear centrifuges as part of a plan to thwart the country’s nuclear ambitions. There have been recent assaults on power grids and other interconnected physical infrastructure.

It’ll only be a matter of time before a wired computer is hacked, potentially resulting in death. Good protection for our IoT devices—at least off the production line—is the best way to delay this fact for a little longer. While there’s no way of knowing what risks and attacks will emerge in the future, there’s no reason for not designing them to be as stable as possible now. Unfortunately, not all manufacturers share this viewpoint, so an aftermarket solution might be needed. We can’t afford to leave these machines unattended in any case.

These devices will have long lifespans

Although we replace our phones on a regular basis, other IoT devices could be in use for years. Refrigerators and thermostats aren’t replaced as often as they should be. That means these machines must be completely protected for the time being, with an eye toward the future as much as possible.

Part of that, as we discussed earlier, is preparing for the impending quantum challenge. There are, however, other considerations to be made. Strong configurations that only support the most recent algorithms and protocols are needed, as is the ability to upgrade these devices in the future. The latter isn’t always possible since some vendors are hesitant to include certain features in their products, but if it’s available, take advantage of it.

Because your devices could be working for someone else

Why would you want that to happen to your appliances and devices? You wouldn’t let anyone into your house and misuse your family’s labour for their own benefit, so why would you want that to happen to your appliances and devices? People always wonder what a hacker would want from their IoT devices, and the answer is their computing power. Cyber criminals are more interested in the computing capacity that can be harnessed as part of a botnet than in the ability to create ice.

Cybercriminals hack tens of thousands of computers to build a botnet that they can monitor with only a few mouse clicks. As a result, they have the authority to:

  • Launch distributed denial-of-service (DDoS) attacks on websites and computer systems.
  • Hack into other machines while making it seem as if the hacker is at your residence.
  • To make money, mine cryptocurrency.
  • By routing messages and internet traffic via the botnet, they may hide their true identity.

If you build a large enough botnet, you might be able to earn some money in cryptocurrency. This isn’t why you bought these gadgets in the first place. Although this operation, known as cryptojacking, does not cause noticeable latency, it is still an infringement of privacy and unauthorised use of your computer. You won’t have to think, “Are you mining bitcoin again, refrigerator?” when you walk into your kitchen.

“Yes,” says the speaker.

“Did I say something to you about that?”

IoT defence isn’t a joke, despite its absurdity.

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.