IoT Security Issues
eBook - ePub

IoT Security Issues

  1. 273 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

IoT Security Issues

Book details
Book preview
Table of contents
Citations

About This Book

IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things.

This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained.

The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.

Frequently asked questions

Simply head over to the account section in settings and click on ā€œCancel Subscriptionā€ - itā€™s as simple as that. After you cancel, your membership will stay active for the remainder of the time youā€™ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoā€™s features. The only differences are the price and subscription period: With the annual plan youā€™ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access IoT Security Issues by Alasdair Gilchrist in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
De|G Press
Year
2017
ISBN
9781501505621
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Part I:Making Sense of the Hype

The hype surrounding the IoT that consumers have been subjected to over the last decade is truly astonishing. We have been told that 50 billion devices will be connected to the Internet and communicating with one another, and that they will deliver untold of pleasures. An Internet of 50 billion devices all sharing data and collaborating will produce a lifestyle experience that was impossible to consider even a decade ago. We will have autonomous vehicles, drones delivering parcels, even drones as air taxis, bots answering contact centres and even the possibility of cyber-sex with virtual reality robots.
The problem is that we cannot just accept the hype as consultants, security practitioners and regurgitate this to our clients ā€“ we must keep an open mind and try to balance evangelism versus skepticism.
So, where has the promise of the Internet of Things gone astray? After all, we were promised a new world not so long ago, a world that heralded the connectivity of devices that would make our lives so easy and fulfilling.
Did the proponents of the IoT overstate their case? Did they perhaps believe that the IoT would escalate to a disruptive level, such as the smartphone and the tablet? Perhaps they did, but we are still not seeing that through future projections, which still look optimistic.
In this section, we will consider why the IoT has not grown exponentially as predicted, and why consumers are so reticent to embrace the technologies. After all, when we think in terms of securing the IoT, we need to understand why the public has not embraced a truly innovative array of solutions and products as they have other technologies.
Therefore, in this opening chapter, the consideration in regard to how consumers can analyze the hype and come to realistic terms with the IoT.
What the reader will learn is:
  1. Hype is often misconstrued through evangelists vs. skeptics
  2. ā€˜Thingsā€™ are very ambiguous and dependent on the definition of IoT
  3. The public doesnā€™t always know what they want or understand IoT
  4. Companies and media are often technologically biased in surveys
  5. Public surveys and results are contradictory
  6. Poor enthusing examples of the IoT are holding IoT adoption back

Chapter 1ā€“The Consumer Internet of Things

The Internet of Things, is a real enigma, not only is it such a vague term, covering all sorts of network capable connected things, which can be anything from a light bulb to a car to a home security system. It also appears to have almost unlimited scope bringing just about any modern consumer gadget or technical appliance, under its umbrella by virtue of its very loose definition.
Here are some common definitions:
The ā€œInternet of Thingsā€ (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are pro- vided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
From WhatIs.com:
ā€œThe Internet of Things (IoT) describes the revolution already under way that is seeing a growing number of Internet-enabled devices that can network and communicate with each other and with other web-enabled gadgets. IoT refers to a state where Things (e.g. objects, environments, vehicles and clothing) will have more and more information associated with them and have the ability to sense, communicate, network and produce new in- formation, becoming an integral part of the Internet.ā€
By Technology Strategy Board ā€“ IoT Special Interest Group
There are many more definitions of the IoT that can leave us bemused, but if we cannot agree on a definition then how can we secure it?

A Wave of Technology, or a Wave of Hype

The IoT rides on a wave of promise that its supporters claim will revolutionize our lives and the way we interact with the world, and what is more, this will happen within only the next decade or so. Indeed, depending on whom you listen too, some of the ardent IoT supporters such as Cisco, believe the IoT will be responsible for 50 billion (things) devices being online and connected to the Internet by 2020. Cisco does have a more expansive conceptual view where they include sources of data such as people, machines or even cows, in an agricultural scenario, within an Internet of Everything. There is no doubt we are seeing and will continue to see a significant industrial and agricultural increase in the role sensors and other IoT devices will play. But the consumer market continues to trail expectations.
Gartner and General Electric have major interests in the field; however, they are a bit more reticent and have a restricted scope of the IoT to sensors and devices. As a result, they are making a more conservative forecast of the IoTā€™s short-term growth and financial potential. Hence they are speaking 20-25 Billion devices and 1.9 trillion new dollars spent by 2020.
These forecasts, regardless of the variance between the two sets of figures, are astonishing predictions. Yet, perhaps not; this may well be due to the ambiguous nature of these things. Initially, when we consider these new things it is typical to think of network-connected devices and gadgets such as wearableā€™s, like the smart watch and the fitness bands. Some other, commonly identified consumer IoT devices are the smart thermostat, light bulbs and the smart TV.
Cisco and their fellow supporters of IoT, with some justification, claim that this wave of new consumer buying will produce trillions in new dollar spending across the IoT in the consumer, industrial, enterprise and commercial landscapes. Furthermore, in 2015, Gartner said that 6.4 billion ā€˜thingsā€™, might be connected and in use in the consumer IoT ecosystem alone by 2016. Furthermore, they predicted an acceleration of 5.5m devices per day joining the consumer IoT from 2016 onward.

IoT Skeptics and the Role of Security Issues

Not everyone in the industry however shares the common belief of the massive potential of the IoT. There are some in the industry that are becoming more skeptical as the years roll on and are even challenging how realistic even the conservative figures are. Remember, the IoT has been around since 2000 ā€“ actually a bit earlier ā€“ but has been hyped aggressively since 2010 and that is being generous. Gartner has had IoT on the peak of hype for several years now. Others agree the hype is at its peak, but that issues over lax security, concerns over privacy and loss of consumer trust will inhibit growth. There is also the mess of incompatible technologies and incomprehensible protocols that will also ensure consumers stay away. Many of the skepticsā€™ claim the market will tumble down Gartnerā€™s trough of disenchantment, and will never reach anything like the implementation and financial forecasts, while others are slightly more optimistic believing in a much longer timeframe for adoption.
The skeptics do have a point; for even if we accept the lower forecasts of 20 billion IoT devices, installed and networked by 2020, this would require a tremendous amount of spending and installation effort over the coming years. Further- more, what areas will see the greatest adoption and deployment? Recent surveys indicate that it will not be in the consumer IoT environment, which is contrary to much of the marketā€™s belief. Will it be in the enterprise, commercial or the industrial ecosystems?
The industrial IoT is the obvious area of adoption as it has had M2M for decades and the IoT conceptually at least is merely a slight evolution. Indeed, many engineers in operational technology mock the term IoT as being nothing more than the M2M (with hype) as they have worked with this technology under a different name for decades. From a security perspective, this is actually good news, because it means that at least one major sector of the IoT domain has the potential risk well-in-hand.

The Internet of No-thing

Some doubters will claim that most of the industry generated forecasts are based on mere speculation, are unrealistic, or are inclusive of the already vast number of existing sensors and devices installed in enterprise, commerce and industry. The term ā€˜Internet of No-thingsā€™ arises from the more challenging observations of recent survey results. After all, where is the demand for this popular disruptive technology in the consumer market?
Take a look around; in 2016 Gartner predicted ā€“ at the lower end of the scale ā€“ there would be 6.4 billion consumer devices installed and how many people do you know have smart devices in their home? Those that challenge the IoT forecasts and the popular surveys which paint a healthy IoT future believe that the vast majority of devices are indeed installed and active but they are in the industrial IoT and not the consumer environment, and hence the term, the ā€˜Internet of No-thingā€™ when addressing consumer IoT. Your new car, your new refrigerator, and a wide range of consumer devices have devices embedded that you likely do not even know about that add significantly to the existing and projected numbers. In these cases, the consumer may or may not be unaware of a price differential as a result of these technologies.
Supporting this assumption is a Deloitte poll that revealed a significant issue. It appears the public considers the IoT to be a catchall term used to describe any number of household appliances and personal devices, from cars to fridges, which connect to the Internet and can talk to each other. However, despite consumers saying they like the idea, the survey of more than 4,000 found high prices and skepticism prevailed over their initial desire for life- changing products. As far as the majority was concerned, they were not ready to buy as they doubted whether the technology had advanced enough, and that is preventing the IoT from really taking off.
Seven in ten shoppers told Deloitte they would not be buying any connected devices over the next twelve months and the only kinds of connected products owned by more than one in thirty households were smart TVs, entertainment systems and games consoles, although they discounted smartphones.
Just three percent of people had a connected security system, the same number as owned a smart thermostat. Only two percent had any form of home appliance, such as a fridge, cooker or kettle that connected to the Internet. However, in a more upbeat sign of the IoT potential, 40 percent of consumers responded that they would consider buying a smart device when they come to upgrading their current appliances.
The IoT would not be itself without another example of its inherent contradiction and paradox. Gartnerā€™s surveys in 2016 supports a contradiction to the theory of the Internet of Nothing, in recent polls among others, the results did suggest that the IoT had reached a tipping point in public acceptance. For just over 35% of the respondents claimed to have bought an IoT device in the last year (2015), which equates to just over 1/3rd of the population, and 70% ā€“ which is over 2/3rds ā€“ intended to buy an IoT device within the next 12 months (2016- 2017) so at least the future looks bright.

Where are these IoT devices?

The mystery of this contradiction between public interest and lack of devices may actually be due to the way that different parties categorize IoT devices. After all, the figures could include the existing consumer products that they already own, such as smartphones, iPods, TVs, entertainment systems and game players such as X-Box and Play Station amongst others. However, these products were purchased several years ago before there was such a classification as the IoT, and well before the hype had people thinking of them as such. This is an important point. People buy products and generally not technologies; adding features to products has always been the edge that turns markets and the markets adapt quickly to change.
A possible reason for the lack of enthusiasm is that some IoT devices are hiding in plain view, take these Amazon tags for instance for ordering washing powder and other household consumables; these small consumer tags, for automated one touch re-ordering are easily overlooked, and as they insidiously invade our homes, could well go unnoticed. One product that would skew results significantly in any poll is the classification of the smartphone.

Why the ambiguity in IoT uptake?

If a smartphone is classified as a consumer IoT device, which in some surveys it clearly is, then of course this will skew results ā€“ similarly if we include people. However, many people if asked, ā€˜do you own an IoT device?ā€™ may not consider themselves or their smartphone to be IoT. Therefore, some analysts have a tighter definition of an IoT device that may not include smartphones, humans, dogs or cows ā€“ and that would certainly move the figures in the other direction. Hence the massive ambiguity with regards the poll results related to IoT uptake and popular adoption.
An interesting note on the smartphone IoT debate is that there are several projects dedicated to turning your smartphone into an IoT device ā€“ if it isnā€™t one already. These projects, such as Phonvert are taking advantage of the huge number of still capable smartphones, which are perhaps only two years old, that get discarded each year. These devices still have all their working sensors, like the camera, microphone, accelerometers, touch screens, Bluetooth radio and it seems such a waste to have them end up on a landfill site. Instead of throwing them away ā€“ Phonvert suggests 280 million smartphones were retired in 2015 alone without being recycled ā€“ why not turn them into IoT devices, such as a fridge cam, baby monitor, or a Bluetooth/Wi-Fi gateway and they supply the open-source software to enable this. Another bonus is that smartphones were designed with security in mind and that is not something that can be said of most consumer IoT products.

The Media and Marketing Hype

The media are extremely good at advertising and presenting new products to consumers through the TV and through other marketing channels such as Google and Facebook targeted advertising, it is how they make profit. The goal is to create a demand from customers who decide that they need these products, and to satisfy this projected appetite, vendors will pay to publicize their products. Therefore, adverts are awash over all media channels delivering the message of the potential capabilities of connected fridges, toasters or the smart kettle and how these will transform the purchaserā€™s life-style.
Before the consumer leaps in though, they might be wise to look under the bonnet to see what they are actually purchasing. A risk assessment and cost/ benefit examination of the consumer ecosystem would be advantageous. What is the IoT actually delivering as a benefit to the consumer that is worth them spending their hard-earned money?
Customerā€™s do cost/ benefit and risk assessments even though they might know it. Yes, they will not know the terms, but they do know the process. For example, when they purchase a Wi-Fi router they will almost certainly have been informed about the security issues. The threat is obvious, yet they will decide to implement or not bother with encryption or authentication. Why is that?
What tends to happen is that consumers do actually go through risk assessment and cost/ benefit analysis, in that they use their experience, and history to evaluate the risk. For example, did having an open Wi-Fi or unauthenticated network connection actually cause them visible harm? They may well have listened to their technical friends and secured the Wi-Fi only to have found it a pain when hosting guests to a barbecue to go around and configure everyoneā€™s phone. Instead, they just switched of authentication and everyone was happy. After all, how many people can claim to be hacked and that attack rendered actual harm? This is of course not saying that they were not hacked, they most likely were, but it just wasnā€™t harmful and the exploit invisible to them.
They may well be the most productive and virulent zombie within a botnet, but it is transparent to them. Furthermore, the fact they are a prized...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Acknowledgements
  5. Contents
  6. Introduction
  7. Part I: Making Sense of the Hype
  8. Part II: Security
  9. Part III: Architecting the Secure IoT
  10. Part IV: Defending the IoT
  11. Part V: Trust
  12. Part VI: Privacy
  13. Part VII: Surveillance, Subterfuge and Sabotage
  14. Index