Internet of Things: a powerful, but dangerous, technological trend
The term was rebranded several times until it got the name by which it is known today: Internet of Things or IoT. More than the technology itself, the term refers to the act of attributing connectivity and "smart" functions to items and products which, until then, were considered commonplace in our daily lives: door locks, light bulbs, air purifiers, and household appliances. The list is infinite.
Throw the first stone he who has never seen, in retail stores, lighting items that can be controlled remotely via an app or that use sensors to turn on and off at the right time - this is just one of the many examples of IoT. The concept is based on machine-to-machine or M2M interconnectivity which allows common electronic devices to be connected to the internet, making them even more useful and productive.
The market is so large that this technology has been applied to a wide variety of segments. Intelligent security cameras (equipped with a web connection for remote monitoring), autonomous pet feeders (which can be programmed to release a specific amount of food to your pet), and even cars that are able to drive themselves without the intervention of a driver are already on sale. This last technology is still being refined but it is making rapid progress.
In general terms, the IoT market is unfolding on two fronts: commercial and home automation. In the first, it promises to make any industrial or corporate environment more productive with automated gadgets that facilitate common daily tasks; in the second, it seduces the consumer with the idea of a home straight out of a sci-fi movie, where everything can be controlled from a smartphone screen or by voice commands from a virtual assistant.
Vulnerabilities are common
With all these promises, it's hard not to be interested in the IoT market - especially when you consider that many of these devices are reasonably cheap, easy to use, and to install. However, many people forget about the risks that this technology poses for information security; this is why it is important to think twice before implementing an automation project at your home or office.
First of all, we need to consider that this market, for some unknown reason, began with little or no concern about cybersecurity. In the retail market, there is a wide variety of gadgets that connect to the Internet and that are managed by apps but that have simple vulnerabilities that can expose them to unnecessary risks, such as unencrypted communication between the client and the server, or even no bilateral authentication.
These gaps are a concern not only because they affect the device itself (for example, for a baby monitor it means the possibility of a criminal spying on your baby), but also because they can be a gateway for malicious agents to enter your previously secure network since they usually connect to your router or corporate access points. It is no wonder that many IoT gadgets are now used as "slaves" in botnets.
What about privacy?
And, of course, there is also the data collection issue. IoT devices are usually filled with sensors that continuously collect information, whether it is crucial for their proper functioning or not. An example of a serious privacy issue are microphones that are always on and transmit recordings to a cloud server; imagine how much an autonomous car knows about you, including your driving behavior, favorite routes, the music you listen to, etc.
When it comes to the Internet of Things, the most important thing is to plan the purchase, the use, and the implementation of these solutions in your project, whether corporate or residential. Do some research on the manufacturer and check the security problem history; evaluate whether adding connectivity to a given item is really crucial; read the privacy terms carefully and, in the case of an office or industrial site, always use a management solution to ensure that all the IoT gadgets used in the environment are visible.
Article translated from: Internet das Coisas: uma tendência tecnológica poderosa, mas perigosa — Perallis Security