Internet of Things

Connecting the Unconnected. Securing the Internet of Things (IoT)

Thanks to some of the ideas and research from a presentation by Filip Chytry, a Developer & Hacker from Avast.

"By the end of the decade, everyone on Earth will be connected," says Google chairman, Eric Schmidt.

We’re connected by our Things

What are those things? Those which you already know are laptops, mobile phones, tablets, cameras, televisions, and even the new-generation watches or cars. Those you might know but don’t often see (unless you are an IT geek) are servers, routers, gadgets, and sensors.

The Internet of Things (IoT) has unleashed new trends, and things are now labelled “Smart X.” Replace X with Home, City, Life, Toys, Things, or anything you can think of, and you have an indication of the frontier of Smart Everything. When things are connected and communicate with one another, knowing everything about you, with little intervention, they are “smart”. Your home is smart because your house alarms, sensors, and lights can exchange information, making well-informed, logical decisions about your habits, and then adjusting automatically to suit those variations.

Extend this functionality to your car, and you'll have a smart car; to a public space, and you'll have a smart city.

But wait, there’s more! We can now connect the unconnected. Modern technology will permit cows to be connected. Vital Herd, a Texas-based startup makes it happen via an “electronic pill”. This device sits in the cow’s stomach and transmits their vital signs to farmers who can head off costly livestock illnesses or death. Incredible!

The Barbie doll that your children are playing with can now be connected to communicate with your children. The doll’s internet connection can provide conversational feedback quickly enough to emulate a real chat.

There’s always a Catch

For every new kind of technology, there is bound to be a new kind of problem. Along with the arrival of desktops, laptops, and the World Wide Web (www), we now encounter cybercrime and cybersecurity happening outside in the real world. In the last few years with the advent of mobile technology, both enterprises and consumers were required to deal with a new issue: mobile security. With cloud computing, we then had to deal with cloud security. Now, of course, as we enter the age of IoT, we have to manage IoT security.

Everything that can be connected to the Internet is vulnerable to hacking attempts. Poorly designed or implemented systems can expose serious vulnerabilities that attackers can exploit, according to Symantec. Security is no longer a serious challenge to hackers and poses serious concerns for global corporations and SMEs.

farmers

“Even dairy farmers want to safeguard information about the health of their herds,” says Brian Walsh, Vital Herd’s CEO.

Security is a big issue because the data is valuable, including both enterprise and personal data. This information is used for direct marketing, social statistics, and much more. Once stolen, it can be leveraged for blackmailing a company to restore it, or it can simply be utilized to make purchases with someone else’s money for goods that can then be sold. There is a black market, operated by the Russian underground, providing hacking-as-a-service (HaaS); it provides tools, services, and resources for unscrupulous thieves to perform the hacking. And if data alone doesn't catch your attention, or raise enough concern, maybe the threat of death might be sufficient. Security experts now worry that the Internet of Things will be used to kill someone.

Murder by the Internet

Let’s consider just a few of the frightening possibilities:

  • A fleet of remote control quad-copters or drones equipped with explosives and controlled by terrorists.
  • Someone hacks into a connected insulin pump or a coronary pacemaker and changes the settings in a lethal way.
  • A hacker who accesses a building's furnace and thermostat controls and runs the furnace full bore until a fire is started.

We are no longer dealing with young amateurs who do it for the sake of simply testing or perhaps demonstrating their technical skills. It is not a case of skilled hackers that want to raise awareness, prove a point, or simply amuse themselves. We're now dealing with nations, states, and state-sponsored groups.

It is definitely not some ephemeral, ghostly, pseudo-threat devised by security agencies to get more funding. Just browse the news in recent weeks and you will see how terrorists have resorted to truly despicable means to inflict physical harm. It means nothing for them to cause incredible damage using technology to advance a political or religious doctrine at the expense of innocent lives.

The duality of good and evil has always existed, from the simple fairy tales to canonical religious literature. There is no good without evil. The tremendous benefit of the Internet Of Things is real. And our lives will almost certainly become better because of it. But the key point to understand here is that Technology itself is neither good nor evil. Remember: Alfred Nobel (of the Nobel Prize), invented dynamite to save the lives of miners that were using very dangerous Nitroglycerine. He didn’t conceive of the destructive uses it would be put to in wartime. The invention itself wasn’t good or evil. It was only the purposes that humans used it for that had a morality attached.

We should connect the Internet of Things, but we should not do it blithely and merely hope for the best. We know there are evil people in the world that will attempt to pervert anything, whether it is good or bad. Let’s make sure we build-in the security the first time, and not wait for something to go wrong before we take steps to protect people. It is our obligation as responsible human beings to design well, look out for each other, and keep the evil at bay.

If you're an IoT enthusiast or thinking about introducing IoT into your business, we'd like to connect with you. Send us an email at info@teskalabs.com or tweet to us @TeskaLabs.

About the Author

Cindy Dam

TeskaLabs’ Marketing & Community Manager, Cindy Dam, has a penchant for hacking and storytelling. When she's not reading and writing about cyber hacking, she reads, writes, and comes up with mind and travel hacks.


TurboCat.io

Data anonymization tool for GDPR

More information


You Might Be Interested in Reading These Articles

SeaCat and OpenSSL Heartbleed Bug

After almost two and a half year we hope that the Heartbleed remains in the past. It is not true, unfortunately. Now we have proof that a security vulnerability remains with us for a long time, maybe almost forever even when there exist patches and fixes. The Internet is a battlefield among the good, the bad, and the ugly. Who has better attacking or defending technology wins.

Continue reading ...

security

Published on December 20, 2016

Security Is Driving the Adoption of Connected Cars

What seems to be a Sci-Fi movie with “talking” vehicles and “flying” machines has now become a reality. Automotive companies, seeing huge opportunity and wanting to entice their customers, are rushing to produce more car features so drivers can avoid traffic congestion, plan the next route, check the status of the car, find an available parking space, request for road assistance, or notify friends/family members/business contacts of news.

Continue reading ...

mobile IoT security

Published on May 10, 2016

How TeskaLabs Helped O2 Improve Customer Satisfaction of eKasa Point-of-Sale (POS), the Most Successful POS Product / Mobile Cash Register on the Czech Market

In 2016 the Czech government introduced a new law that required businesses to report their sales and provide Electronic Evidence of Sales (EET). This law calls for the adoption of a more modern point-of-sale system that enables businesses to meet regulatory requirements set forth under this law. During the next two years, the law will gradually impact more than three hundred thousand companies in the Czech Republic. O2, the largest integrated telecommunications provider in the Czech market, observed that many would need help complying with this law, maintaining data security and demanding excellent customer support.

Continue reading ...

security case-study pos

Published on August 08, 2017